The Apollo VS Code plugin experienced a widespread industry-wide security vulnerability that impacted a dependency of the `event-stream` package, leading to the removal of the extension from the VS Code Marketplace. The Apollo team worked with the VS Code team to republish their package and lock down their extension to a safe version of the compromised dependency. After receiving reports of the extension being flagged as malicious, the Apollo team reached out to the VS Code team for clarification, which ultimately led to the publication of the updated extension back onto the marketplace. The incident highlights the importance of responsible disclosure and security awareness in the developer community.