iamsanjay commented on PR #3502: URL: https://github.com/apache/solr/pull/3502#issuecomment-3233819223
With the configuration you shared, the total dependency count is down to 138 (from 518 under the Maven ecosystem). Dependabot alerts have also dropped to 4 from 21. Does this reduction also cover Solr modules? That said, I’m only seeing 1 high and 1 moderate vulnerability, whereas you mentioned there should be at least half a dozen—so we might still be missing some then. I should also try to generate SBOM on tar.gz to see the difference against the one which we can export from the Github. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
