Sonatype warns of OSS dependencies and vulnerable components