pin all patched #crisp dependencies out of git urls for performance and especially security since we now rely on integrity hashes, reducing supply chain attack probability since code altered on github by eg. a github vulnerability (happened) will not be able to leak onto our projects