Currently we are not able to flag the file in source code that is to blame from introducing a VCPKG dependency, this impacts vulnerability resolution automation (e.g. Dependabot) and other downstream ...