oliverchang
commented
1 month ago LGTM. Do you want to explicitly state anything about the other components?
I'm not sure we have much to add there. Are there any qualifiers in particular you'd want to see not be included in PURLs here?
PURLs should not include the
@versioncomponent when used in OSV.affected[].ranges[]should be used for this purpose.