Security vulnerability. jutil is actually unaffected; y18n was just used internally by the code coverage tool.