{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DEPCUR-GHA", "name": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)", "shortDescription": {"text": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)"}, "fullDescription": {"text": "`uses: softprops/action-gh-release@v2` is 1 major version(s) behind the latest published release v3.0.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get` has cognitive complexity 12 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 12."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._get` used but never assigned in __init__", "shortDescription": {"text": "`self._get` used but never assigned in __init__"}, "fullDescription": {"text": "Method `share_url_transfer_v1` of class `XiaohongshuResource` reads `self._get`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_non_json_response_raises_protocol_error", "shortDescription": {"text": "Phantom test coverage: test_non_json_response_raises_protocol_error"}, "fullDescription": {"text": "Test function `test_non_json_response_raises_protocol_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "facebook-secret", "name": "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data ex", "shortDescription": {"text": "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1119"}, "properties": {"repository": "justoneapi/justoneapi-python", "repoUrl": "https://github.com/justoneapi/justoneapi-python", "branch": "main"}, "results": [{"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)"}, "properties": {"repobilityId": 110788, "scanner": "repobility-dependency-currency", "fingerprint": "f00d3f0b0f20f5a462478b2a86acb1be7bc1c8926a894e444ff9f9fc7278697e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "softprops/action-gh-release", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.0.0", "correlation_key": "fp|f00d3f0b0f20f5a462478b2a86acb1be7bc1c8926a894e444ff9f9fc7278697e", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 94}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/download-artifact@v4` is 4 major version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 110787, "scanner": "repobility-dependency-currency", "fingerprint": "a7e61add49e3f7ce02dcde3685e563a4a877bce495ed4f47bad237601f0bd8e9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|a7e61add49e3f7ce02dcde3685e563a4a877bce495ed4f47bad237601f0bd8e9", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/upload-artifact@v4` is 3 major version(s) behind (latest v7.0.1)"}, "properties": {"repobilityId": 110786, "scanner": "repobility-dependency-currency", "fingerprint": "9bea3fb935d7b25b40753e4cee5822439793c6606c903428448870bb4b4c72e3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/upload-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.1", "correlation_key": "fp|9bea3fb935d7b25b40753e4cee5822439793c6606c903428448870bb4b4c72e3", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 110785, "scanner": "repobility-dependency-currency", "fingerprint": "38d581c69139d809b3ace3c6737bae5f37fdb0ded3dfcf44af0cc9350df5ac44", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|38d581c69139d809b3ace3c6737bae5f37fdb0ded3dfcf44af0cc9350df5ac44", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110784, "scanner": "repobility-dependency-currency", "fingerprint": "35c3de67d1e3e6ef547f030e075cd10a4b0c9930949b9af71b67e00486b8300e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|35c3de67d1e3e6ef547f030e075cd10a4b0c9930949b9af71b67e00486b8300e", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v3` is 3 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110783, "scanner": "repobility-dependency-currency", "fingerprint": "4100a690f8f777c6cc85fae17d00968608ba0d6f081feafbbc9becdec546ec50", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|4100a690f8f777c6cc85fae17d00968608ba0d6f081feafbbc9becdec546ec50", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-commit.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 110782, "scanner": "repobility-dependency-currency", "fingerprint": "6f2a618f189b6115cf4bd3148c8dabda806906cf9ee1e47711c432a9aae4d123", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|6f2a618f189b6115cf4bd3148c8dabda806906cf9ee1e47711c432a9aae4d123", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-readme-openapi.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110781, "scanner": "repobility-dependency-currency", "fingerprint": "7b6b5b6fea7245581957ef7ae9ef83044da9fe52b103c091443ed26ce1404449", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|7b6b5b6fea7245581957ef7ae9ef83044da9fe52b103c091443ed26ce1404449", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-readme-openapi.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 110780, "scanner": "repobility-dependency-currency", "fingerprint": "e93f9cffd2ed8c63b047f6ff0ab080fb26bae2b1dccc1878f7f8aebcaee3b23a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|e93f9cffd2ed8c63b047f6ff0ab080fb26bae2b1dccc1878f7f8aebcaee3b23a", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110779, "scanner": "repobility-dependency-currency", "fingerprint": "2e5471bd25b413121d08d0526b4fb417397069a689b5a142ff82dd01ff1bddc9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|2e5471bd25b413121d08d0526b4fb417397069a689b5a142ff82dd01ff1bddc9", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `peter-evans/create-pull-request@v7` is 1 major version(s) behind (latest v8.1.1)"}, "properties": {"repobilityId": 110778, "scanner": "repobility-dependency-currency", "fingerprint": "24e31f240167a10ca90eb90b98546ed7bec3b5f5a14975146b58afd3046215a4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "peter-evans/create-pull-request", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.1.1", "correlation_key": "fp|24e31f240167a10ca90eb90b98546ed7bec3b5f5a14975146b58afd3046215a4", "current_version": "v7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-openapi.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 110777, "scanner": "repobility-dependency-currency", "fingerprint": "3c8ee6fdf7db8aacf41f3724ba429249359d8b9aee2c805e03631de0dbbddd7a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|3c8ee6fdf7db8aacf41f3724ba429249359d8b9aee2c805e03631de0dbbddd7a", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-openapi.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110776, "scanner": "repobility-dependency-currency", "fingerprint": "2d4247d8335c845e91b3c5ffb3b6a7eb3f6069e77df46805a4e00fff587df15e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|2d4247d8335c845e91b3c5ffb3b6a7eb3f6069e77df46805a4e00fff587df15e", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-openapi.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=2, if=3, or=1, recursion=6."}, "properties": {"repobilityId": 110789, "scanner": "repobility-threat-engine", "fingerprint": "68c85d28c0e714dfbae67c169e175584ba67e48861901ff217337a594b613998", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get", "breakdown": {"if": 3, "or": 1, "except": 2, "recursion": 6}, "complexity": 12, "correlation_key": "fp|68c85d28c0e714dfbae67c169e175584ba67e48861901ff217337a594b613998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/_transport.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 110775, "scanner": "repobility-supply-chain", "fingerprint": "7929dde30daa269155b7b0d6e53a8e8fd275a29866b138d11f5170a9f96fd9bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7929dde30daa269155b7b0d6e53a8e8fd275a29866b138d11f5170a9f96fd9bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 110774, "scanner": "repobility-supply-chain", "fingerprint": "95d1fe96553769cdab7369511c834e15880790e9cab3bb4c4443f84adfef38a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|95d1fe96553769cdab7369511c834e15880790e9cab3bb4c4443f84adfef38a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110773, "scanner": "repobility-supply-chain", "fingerprint": "6ae4179cb38e7a0adc3ecc8ff689bbe9688eb536e3b89056aa9fa6d0dfeaaf94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ae4179cb38e7a0adc3ecc8ff689bbe9688eb536e3b89056aa9fa6d0dfeaaf94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110772, "scanner": "repobility-supply-chain", "fingerprint": "a87c30737321604634ab56ffaa9dc1387ea26178f25b43752bc844873ac81069", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a87c30737321604634ab56ffaa9dc1387ea26178f25b43752bc844873ac81069"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 110771, "scanner": "repobility-supply-chain", "fingerprint": "c15f4beffdff6ee5b14342901a58ed5c80c48475c6fe712aa2339532b0f76a4b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c15f4beffdff6ee5b14342901a58ed5c80c48475c6fe712aa2339532b0f76a4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110770, "scanner": "repobility-supply-chain", "fingerprint": "fffb138dec9615e79eab6c6234fce3b2e7d883c104881f4bfdbc9a8d79ed2283", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fffb138dec9615e79eab6c6234fce3b2e7d883c104881f4bfdbc9a8d79ed2283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 110769, "scanner": "repobility-supply-chain", "fingerprint": "fd8356c5cd8d7f12568c72b7a54c561f104af5a5e14ad51a6de20d277b337ca2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd8356c5cd8d7f12568c72b7a54c561f104af5a5e14ad51a6de20d277b337ca2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-commit.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110768, "scanner": "repobility-supply-chain", "fingerprint": "727ecba3e93477f676dbb616b6d482621b3e933c503931e5f2b06ed6baaf2b29", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|727ecba3e93477f676dbb616b6d482621b3e933c503931e5f2b06ed6baaf2b29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-readme-openapi.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110767, "scanner": "repobility-supply-chain", "fingerprint": "71aab6638b0b26b9da282646936886f04d1bff9103903da39a98dbecf4c49337", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71aab6638b0b26b9da282646936886f04d1bff9103903da39a98dbecf4c49337"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-readme-openapi.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 110766, "scanner": "repobility-supply-chain", "fingerprint": "97ffabc1e56b4f1c7db1fb43226e1999d838d1b1e41412f9ec8bf9838f8f918f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97ffabc1e56b4f1c7db1fb43226e1999d838d1b1e41412f9ec8bf9838f8f918f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110765, "scanner": "repobility-supply-chain", "fingerprint": "634675b936a57eeb302bcae8c2381f0e781d480bfe5aa082e06e1d5bbd5da39b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|634675b936a57eeb302bcae8c2381f0e781d480bfe5aa082e06e1d5bbd5da39b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-pull-request` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 110764, "scanner": "repobility-supply-chain", "fingerprint": "965914ff97b660a0e88d43a055bc05663688c0bf66d056c9c1dcc4f59eb2fa7f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|965914ff97b660a0e88d43a055bc05663688c0bf66d056c9c1dcc4f59eb2fa7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-openapi.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 110763, "scanner": "repobility-supply-chain", "fingerprint": "81e1e7a72e3d150e9b178e26fb8bbfa075131de6a62b4166184088d3ef670e83", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|81e1e7a72e3d150e9b178e26fb8bbfa075131de6a62b4166184088d3ef670e83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-openapi.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110762, "scanner": "repobility-supply-chain", "fingerprint": "2aaacf4c70ef8b14a7b0a7e3acb8f3718b160f6ed02528f3b6240e851dece002", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2aaacf4c70ef8b14a7b0a7e3acb8f3718b160f6ed02528f3b6240e851dece002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-openapi.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110761, "scanner": "repobility-ast-engine", "fingerprint": "df38488fff2b2c71bc439e45a16399b66be7b77156839afc4b9889d6f391cd54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df38488fff2b2c71bc439e45a16399b66be7b77156839afc4b9889d6f391cd54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 529}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110760, "scanner": "repobility-ast-engine", "fingerprint": "98c2375a38910f581eefb626ac9a3826e6cfbda40afde9cedeb7434b70210d56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98c2375a38910f581eefb626ac9a3826e6cfbda40afde9cedeb7434b70210d56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 507}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110759, "scanner": "repobility-ast-engine", "fingerprint": "0ca63ea4c51b47be3dd1fb82ad39c644bc77609f31b11c5689bef3578cd72c07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ca63ea4c51b47be3dd1fb82ad39c644bc77609f31b11c5689bef3578cd72c07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110758, "scanner": "repobility-ast-engine", "fingerprint": "007c3e4027ed8d9343809bd3255f4b21fab036bae5ee3a0e5d56eba66355d8f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|007c3e4027ed8d9343809bd3255f4b21fab036bae5ee3a0e5d56eba66355d8f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 463}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110757, "scanner": "repobility-ast-engine", "fingerprint": "49acfefe85d958f63c3fd8e36c9295accf92fb36ed47e00ea58bdff0ff2b777a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49acfefe85d958f63c3fd8e36c9295accf92fb36ed47e00ea58bdff0ff2b777a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 443}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110756, "scanner": "repobility-ast-engine", "fingerprint": "db8cfee3740a36527592d293d35aeb37e5a0d9353b3ef4eb32e589829fd8f776", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db8cfee3740a36527592d293d35aeb37e5a0d9353b3ef4eb32e589829fd8f776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 421}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110755, "scanner": "repobility-ast-engine", "fingerprint": "93531c1d45f3d3593222e3c7fc37b726ada86c16958b2bbdd20634bd15c4b205", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93531c1d45f3d3593222e3c7fc37b726ada86c16958b2bbdd20634bd15c4b205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110754, "scanner": "repobility-ast-engine", "fingerprint": "737d415d3d0896d538552acaae01c87851c73ec3ce33ef5442a7c3a36609285e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|737d415d3d0896d538552acaae01c87851c73ec3ce33ef5442a7c3a36609285e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110753, "scanner": "repobility-ast-engine", "fingerprint": "620498c744dc8fa8135ca81fac7b59742e9dd57c3b3cbc48695f82fe2c5df71b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|620498c744dc8fa8135ca81fac7b59742e9dd57c3b3cbc48695f82fe2c5df71b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110752, "scanner": "repobility-ast-engine", "fingerprint": "98aef16d8a11d6f368b61c77127b66db6633e990c1cd70fe14342f825c4e6c94", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98aef16d8a11d6f368b61c77127b66db6633e990c1cd70fe14342f825c4e6c94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110751, "scanner": "repobility-ast-engine", "fingerprint": "52e009eb8587d0b11fd35dacf26bf416c5e5f61f0d9a47eb3fd6f9137f480d10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52e009eb8587d0b11fd35dacf26bf416c5e5f61f0d9a47eb3fd6f9137f480d10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110750, "scanner": "repobility-ast-engine", "fingerprint": "ede0a9dbe293cb58db4fda6aa2b718ab19ebb7565e7c1ea17593bd099a7acf1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ede0a9dbe293cb58db4fda6aa2b718ab19ebb7565e7c1ea17593bd099a7acf1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110749, "scanner": "repobility-ast-engine", "fingerprint": "0240ecca06cb5a427dc6914f48fe4cf384adc3a8ef48c03a0d156126bb2bcd7e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0240ecca06cb5a427dc6914f48fe4cf384adc3a8ef48c03a0d156126bb2bcd7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110748, "scanner": "repobility-ast-engine", "fingerprint": "9777ffb7d8cf75bcb976d77cafc5fcc5b11b8a65812ceeaab3fd82ebd5a2479b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9777ffb7d8cf75bcb976d77cafc5fcc5b11b8a65812ceeaab3fd82ebd5a2479b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110747, "scanner": "repobility-ast-engine", "fingerprint": "5c268dccbac74f67c565c8e4bf2684686a3037f58a3a5a4a4ea4765f202147fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c268dccbac74f67c565c8e4bf2684686a3037f58a3a5a4a4ea4765f202147fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110746, "scanner": "repobility-ast-engine", "fingerprint": "0c52c67dd2e86b29a8f9856c3bfb3e98c075ae141f6fe0c7fa55c9ca3bebe0b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c52c67dd2e86b29a8f9856c3bfb3e98c075ae141f6fe0c7fa55c9ca3bebe0b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110745, "scanner": "repobility-ast-engine", "fingerprint": "40f15b1278b46f32a310c6ccba46c6ef62b7881fd3754b726460261127ff7689", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40f15b1278b46f32a310c6ccba46c6ef62b7881fd3754b726460261127ff7689"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110744, "scanner": "repobility-ast-engine", "fingerprint": "255e4eda4c88d558cdfd1da1788748fc28d71cef7a01d5ad213ef52ce3ef51d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|255e4eda4c88d558cdfd1da1788748fc28d71cef7a01d5ad213ef52ce3ef51d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110743, "scanner": "repobility-ast-engine", "fingerprint": "1d05cecea98cdb89a520e4cd3ea84d8f1b566a865d5c89af4ac487a55fa11f3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d05cecea98cdb89a520e4cd3ea84d8f1b566a865d5c89af4ac487a55fa11f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110742, "scanner": "repobility-ast-engine", "fingerprint": "a722c41ae2d0cd935a38f083fead2a85834bf5be33eab76243398e8c6213640b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a722c41ae2d0cd935a38f083fead2a85834bf5be33eab76243398e8c6213640b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110741, "scanner": "repobility-ast-engine", "fingerprint": "1ab37afb26e419f44a1529b3962e7e3ac65e1c79bec1c3edd943e3824088ffc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ab37afb26e419f44a1529b3962e7e3ac65e1c79bec1c3edd943e3824088ffc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get` used but never assigned in __init__"}, "properties": {"repobilityId": 110740, "scanner": "repobility-ast-engine", "fingerprint": "a03e549d64f7104d0635500fe69aaa9c6f98768faac6877137f0b44609200143", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a03e549d64f7104d0635500fe69aaa9c6f98768faac6877137f0b44609200143"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/generated/resources/xiaohongshu.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._is_success_code` used but never assigned in __init__"}, "properties": {"repobilityId": 110739, "scanner": "repobility-ast-engine", "fingerprint": "6853bcc6350bd8e839d2b94054659dc22e34e9cfbe3d4854c3a36db4d70c5c93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6853bcc6350bd8e839d2b94054659dc22e34e9cfbe3d4854c3a36db4d70c5c93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/_transport.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._clean_params` used but never assigned in __init__"}, "properties": {"repobilityId": 110738, "scanner": "repobility-ast-engine", "fingerprint": "be7cb2bce8274169c7de5ea77c60b569fba78ffe20b0ccd9a35ae16539ba5ce8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be7cb2bce8274169c7de5ea77c60b569fba78ffe20b0ccd9a35ae16539ba5ce8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/_transport.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.close` used but never assigned in __init__"}, "properties": {"repobilityId": 110737, "scanner": "repobility-ast-engine", "fingerprint": "51f2384241526d78f85ea59c2aa6cb2503c8ad8416f02231fae391a399b3048c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51f2384241526d78f85ea59c2aa6cb2503c8ad8416f02231fae391a399b3048c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "justoneapi/client.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_non_json_response_raises_protocol_error"}, "properties": {"repobilityId": 110736, "scanner": "repobility-ast-engine", "fingerprint": "c80249423e3f232ad9ad436a6170728c67aad96248a54f52628a50fce062c5e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c80249423e3f232ad9ad436a6170728c67aad96248a54f52628a50fce062c5e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_runtime.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "facebook-secret", "level": "error", "message": {"text": "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."}, "properties": {"repobilityId": 110797, "scanner": "gitleaks", "fingerprint": "3180947a3987ec53e89dfb9dd398f1f1d072ce630e9d8868782327cc65713743", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "Facebook\",\n  \"REDACTED\"", "rule_id": "facebook-secret", "scanner": "gitleaks", "detector": "facebook-secret", "correlation_key": "secret|i18n-cache.json|111|facebook redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 1113}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 110796, "scanner": "gitleaks", "fingerprint": "60e499dad05466ab2cdfa31e3a90704a50e45daec3f5b1c11afe0b94eb6e8762", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API\",\n  \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|i18n-cache.json|81|api redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 817}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 110795, "scanner": "gitleaks", "fingerprint": "2b7658f6b67e0328cab533f94a0c86515307c90a4679da4cff28537d1c1290ab", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "TOKEN\",\n  \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|i18n-cache.json|5|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 53}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 110794, "scanner": "gitleaks", "fingerprint": "fd3ed9f2a1af325fde2fa7ba495f138a197856d28b16a85d44fd5171f5cfafca", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "API\",\n  \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|i18n-cache.json|4|api redacted", "duplicate_count": 4, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["6c1c0b6ab03daa8153eed91ded6d7f9332a9b1ff936db218762e1111d46a1521", "80be4c939ad928cfea02d23297adf2b0d4566b7929661267957adb7dcd5fde3f", "a2697250f348990c32525a2706846dfeead6590b63198280fb44e44840b04e49", "fccea05076be184b671220b99f55ecb76fe9a17c8c5d5acb5a5d19b995b55d57", "fd3ed9f2a1af325fde2fa7ba495f138a197856d28b16a85d44fd5171f5cfafca"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 41}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 110793, "scanner": "gitleaks", "fingerprint": "3d94daf3d8151067d5bfa78bdd02cf8f8c95670bd8b4b0638910932532102ca9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "API\",\n  \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|i18n-cache.json|3|api redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2316f25da409bcc84c175c4e6b377ba5d858001ae82578f937bc0543c4ed1a33", "3d94daf3d8151067d5bfa78bdd02cf8f8c95670bd8b4b0638910932532102ca9", "467945ab8a33ad79a443b2d252d35cfb5b04de35d6eee62e21682fe29ee71d94"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 31}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 110792, "scanner": "gitleaks", "fingerprint": "731f56f4c219a98a09f16a9fc14e7815d6837b8c219b3e342e66ed1cb3baa862", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "API\",\n  \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|i18n-cache.json|2|api redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["731f56f4c219a98a09f16a9fc14e7815d6837b8c219b3e342e66ed1cb3baa862", "82abaff353aea462dcd8fa64b61c3fcb5abbab47b21ec6b3707078e067f44eea", "945c3038d9013147a447e98cd3f83d7dc2bac8b56102e543990b7319333da6c4", "cbfeccd849c0d0d75a3285a060bd66f2393dea5a5a2f9021ca4a2cf330caf07e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 21}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 110791, "scanner": "gitleaks", "fingerprint": "3add45a256790f6b314ba20540438c231ae6c1bceb65eee1386f328648409802", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 6 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "API\",\n  \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|i18n-cache.json|1|api redacted", "duplicate_count": 6, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0e4027bbd93939e682f832878a5d5193127cf782a00d870da348abf240d7afe3", "3add45a256790f6b314ba20540438c231ae6c1bceb65eee1386f328648409802", "3aface7b16e37358dad0d2283a9fd3cbd8d38792c8eb5ff04e33bb39cd38950c", "a00e7d51449b3caa8bd485b05933a1dd7aad085ece7cdeee1db71791fb29c778", "bad0d9511a3bea17636750fea5b0a26b1b578511e02a33bd8a6dded82d3cf9ae", "bd42d803490d26660e872328370e954408a346727777d0372c2a955699200464", "e6f13228627be4a5273ea6635c9ef7df1f80275b6077b1d105e2da6f7d361fbe"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 3}}}]}, {"ruleId": "facebook-secret", "level": "error", "message": {"text": "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."}, "properties": {"repobilityId": 110790, "scanner": "gitleaks", "fingerprint": "276be31dc7bd276081f2d0a9b1b6b362613603557b0f1978ffc5e47d12147355", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "Facebook API\",\n  \"REDACTED\"", "rule_id": "facebook-secret", "scanner": "gitleaks", "detector": "facebook-secret", "correlation_key": "secret|i18n-cache.json|2|facebook api redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n-cache.json"}, "region": {"startLine": 27}}}]}]}]}