Xueqin Cui
Xueqin Cui
Currently pom.xml support does not support merging data from other projects. However, there might be dependencies and properties defined in parent projects. Context: https://maven.apache.org/guides/introduction/introduction-to-the-pom.html#Project_Inheritance
https://github.com/google/osv.dev/issues/2352 The source repository no longer exists.
Investigate the work needed to support guided remediation for Gradle
Currently, Maven manifest updater only supports writing updates to base pom.xml, however, it is preferred to write updates to parent pom.xml to minimize the diffs. We should walk through local...
Now by default, [deps.dev API](https://docs.deps.dev/api/v3/index.html) is queried for package versions and requirements when resolving dependencies. We should also support fetching these data from private registries as well.
https://github.com/google/osv-scanner/issues/1127 and https://github.com/google/osv-scanner/issues/1045 We need `maven-metadata.xml` for the list of available versions as well as snapshot versions.
Currently `pkg/reporter` is not well-designed and `cmd/osv-reporter` depends on it. We may get rid of current `pkg/reporter` in v2 and redesign both `pkg/reporter` and `cmd/osv-scanner`.
Currently, [Query](https://github.com/google/osv-scanner/blob/main/pkg/osv/osv.go#L46) has fields required for constructing a query to OSV.dev but also has the not-that-relevant field `Source`. `Source` is in `Query` because we want to pass the information to...