It really has been a great Christmas π for many people, I think even more for the developer of the dependency itself, ejje yes, the one who introduced the vulnerability without realizing, hence, many people question, that despite being an open-source
project, it is not the same as always being audited.