FDA approved 
lychee@woof
I have always found calling open-source software "supply-chain" to be... trying to redirect blame.
If those are "provided as is", then it sounds like the vuln is introduced by whoever decided to update it.
Orb 2069Make sure to explain to the shareholders that the "supply chain" for office furniture consists of whatever curb pickings your employees happen to find on their way into the office - and why the fumigation bill is so high.