Adam Wood

We're seeing this across multiple projects and vulnerabilities, with the IDs (`source` property) changing every few hours, and came here to raise an issue to see if a different/stable ID...

Having looked into this further, we initially thought that this was related to the switch of NPM to GitHub Advisory Database, but dismissed this as it occurred months ago and...

I think we may be seeing something different due to NPM versions and the NPM 7 rewrite of audits. Example output from NPM 8.1.0: ```json { "auditReportVersion": 2, "vulnerabilities": {...

@naugtur That sounds like an interesting long-term solution. In the short-term, would you consider switching to using `github_advisory_id` as the identifier as mentioned earlier in this issue, which would presumably...

We've encountered the same problem with multiple updates of an entity within the same request. It can render this bundle unusable on applications with complex requests. This is the same...