Looking for a security vulnerability means reading through changelogs, commit history, and library code, down eight levels of nested dependencies, across multiple major version bumps each, to find it’s all caused by something that could be replaced with three lines of application code and an environment variable.