[🐛] When using `target-id` and `project-id` the vulnerabilities tab still shows the org level vulnerabilities

[nia-potato]

• node -v: v18.19.0
• npm -v: 10.2.3
• OS: (e.g. OSX, Linux, Windows, ...)
• Command run: (e.g. snyk-api-import ..., ...)

Expected behaviour

Please share expected behaviour.

The vulnerability tab in backstage should've shown just the project related vulnerability since project-id is used in the catalog-info.yaml not the org level vulnerabilities.

Actual behaviour

Please share problematic behaviour you are seeing.

it is showing the org level vulnerability even if i defined

    snyk.io/target-id: test/backstage
    snyk.io/project-ids: {guid1}, {guid2}

[aarlaud]

Hi, this is aimed to pull all the projects under the target test/backstage as well as projects guid1 and guid2. Isn't it what you're observing?