Time to close up shop folks, we didn't personally perform a deep security audit of every single open source project we depend on!