So V3 had some caveats that V1 didn't, like multiple advisories instead of single vulnerability
And also one advisory does not have a direct relation with package, instead it have impacts as an intermediary table
Which relates to actual implementation of an advisory.
Earlier one vuln had many packages affected
Now one advisory has impacts and every impact has many packages affected
Earlier the idea was to send every single advisory on the package and that implementation was quicker than V1. But then we had to start grouping and also making data more presentable like striping “/“s and giving last part of advisory ID as an identifier and removing that identifier from aliases. These things are additional ops done per advisory group on the serializer
So V3 had some caveats that V1 didn't, like multiple advisories instead of single vulnerability
And also one advisory does not have a direct relation with package, instead it have impacts as an intermediary table
Which relates to actual implementation of an advisory.
Earlier one vuln had many packages affected
Now one advisory has impacts and every impact has many packages affected
Earlier the idea was to send every single advisory on the package and that implementation was quicker than V1. But then we had to start grouping and also making data more presentable like striping “/“s and giving last part of advisory ID as an identifier and removing that identifier from aliases. These things are additional ops done per advisory group on the serializer