I'm a little confused atm. The extension has been deployed to production, but the dependancies aren't in vendor...
This in most cases should've happened first, so how is the code actually working? Or is that Google code not used?
Maybe blocked on T227346: Security readiness review for the MachineVision extension and T237588: Security review for MachineVision libraries due to the mass of dependancies brought in