Fix open source CVEs, without upgrades

Patch open source CVEs in the versions you already run (no upgrades)

Fix vulnerabilities in direct + transitive dependencies

Clear critical/high findings fast (72-hour SLA available)

Stay compliant without breaking changes or roadmap disruption