Copilot commented on code in PR #191: URL: https://github.com/apache/solr-site/pull/191#discussion_r3428170838
########## plugins/vex/vex.py: ########## @@ -158,10 +158,8 @@ def pelican_init(pelicanobj): def generator_initialized(generator): - # The dependency-CVE table (security-dependency-cves.html) lists the entries - # that name vulnerable JARs; advisory-only entries (no 'jars') are excluded. - articles = read_vex_articles(generator.settings['PATH']) - generator.context["vex"] = [a for a in articles if a['jars']] + # The CVE table (security-dependency-cves.html) lists every VEX entry. + generator.context["vex"] = read_vex_articles(generator.settings['PATH']) Review Comment: generator_initialized() now passes *all* VEX entries into the dependency-CVE table context. That causes Solr vulnerability entries that have no dependency JARs (e.g. CVE-2025-24814, CVE-2024-7254) to appear on the “CVE Status for Dependencies” page with an empty “JARs” column, which seems inconsistent with the page’s purpose and the PR description (dependency CVEs). Consider keeping the table scoped to entries that declare `jars`, while still showing all states (including `exploitable`). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
