Andrew Pollock

If the problematic code is indeed https://github.com/grame-cncm/faust/blob/3b3e13a873db6010ca33f4819b69dc573de209da/compiler/boxes/ppbox.cpp#L110 then that was introduced in 3b3e13a873db6010ca33f4819b69dc573de209da, which looks like it was released in [2.40.0-rc1](https://github.com/grame-cncm/faust/releases/tag/2.40.0-rc1) and the offending code is still present in https://github.com/grame-cncm/faust/blob/6826bfb5214b075b3af2ae90061f8de040ac4c76/compiler/boxes/ppbox.cpp#L117...

Hi @IgorTodorovskiIBM (both your examples cite the same commit hash, so I'm not sure which record you were referring to for your curl example, so I'll pick one at random)...

Hi @jimshowalter I'm not exactly sure I'm following what the request is here, but I'll try and paraphrase my understanding. Are you basically asking if we do a consistency check...

> For what it's worth, the progression was first we used the API for everything, then realized we could cut down on calls by using bulk query to get just...

> The parity check involves calling the API and comparing the vuln reports it returns to the vulns that were matched in the zip. > > Because the results match...

**Latest evolved thinking:** Do the moral equivalent of reimporting a daily rolling window of records, based on last modification time being greater than an age TBD. Some of the definitional...

Hey @prabhu Thanks for taking a look at our data, I'd love to more broadly explore any gaps you've identified using this CPE to Purl technique you mention. In the...

> Regarding the CPE, you can find `java` and `python` under `target_sw,` which is how the package ecosystem is represented. Ah, I see. Thanks for highlighting that. In the case...

> Perhaps retain the raw CPE information for NVD under `database_specific` and ensure both NVD and GHSA information are presented for all CVEs? That would not help in this situation,...

Please see https://github.com/google/osv.dev/issues/1803#issuecomment-1925973832