Hey Andrew,Quick question, if I look at this vulnerability in OSV: https://api.osv.dev/v1/vulns/GHSA-f3jh-qvm4-mg39. It expands the information that is available in the GitHub advisory as `>= 5.8.0, < 5.8.11` to a full list of all versions between 5.8.0 to 5.8.10 (including). Does OSV resolve these versions by querying Maven Central for all existing versions and then pairs it down to the ones that fall within that range? Or is there some other data source where this data is present already?Thanks!
--Martin Prpič / Red Hat Product Security