So only the first 100 alerts are fetched and searched for the current dependency. If a repo has 101 vulnerability alerts and the the one about the current dependency is the 101st then it is not found and no metadata is returned.
This could be addressed by paginating through all vulnerability alerts or by narrowing the query down, i.e. only look up vulnerability alerts for the current dependency (not sure if that is supported though).
Currently the workflow makes a GraphQL request that looks something like:
So only the first 100 alerts are fetched and searched for the current dependency. If a repo has 101 vulnerability alerts and the the one about the current dependency is the 101st then it is not found and no metadata is returned.
This could be addressed by paginating through all vulnerability alerts or by narrowing the query down, i.e. only look up vulnerability alerts for the current dependency (not sure if that is supported though).