Three PyPI releases tied to Microsoft’s DurableTask Python client were marked malicious and quarantined, turning a routine dependency into a supply-chain warning for automation-heavy teams.