The Tidelift guide to securing your open source dependencies