Hey everyone — I’ve opened a PR to enable GitHub *dependency graph submission* for Solr. This will import our full dependency graph (including transitives) so you can view it under *Insights → Dependency graph* and analyze what we’re pulling in. Once it’s configured, *Dependabot* will use that data to send alerts for CVEs in our dependencies. PR: https://github.com/apache/solr/pull/3502
Note: coverage depends on our include/exclude filters and runtime/dev scoping; if we’ve missed a config you care about, please shout. OWASP vs Dependabot may differ slightly; I’ll watch for gaps. -- Sanjay
