{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-6w46-j5rx-g56g", "name": "pytest: GHSA-6w46-j5rx-g56g", "shortDescription": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "fullDescription": {"text": "pytest has vulnerable tmpdir handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h4gh-qq45-vh27", "name": "cryptography: GHSA-h4gh-qq45-vh27", "shortDescription": {"text": "cryptography: GHSA-h4gh-qq45-vh27"}, "fullDescription": {"text": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9v9h-cgj8-h64p", "name": "cryptography: GHSA-9v9h-cgj8-h64p", "shortDescription": {"text": "cryptography: GHSA-9v9h-cgj8-h64p"}, "fullDescription": {"text": "Null pointer dereference in PKCS12 parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "GHSA-v8gr-m533-ghj9", "name": "cryptography: GHSA-v8gr-m533-ghj9", "shortDescription": {"text": "cryptography: GHSA-v8gr-m533-ghj9"}, "fullDescription": {"text": "Vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jm77-qphf-c4w8", "name": "cryptography: GHSA-jm77-qphf-c4w8", "shortDescription": {"text": "cryptography: GHSA-jm77-qphf-c4w8"}, "fullDescription": {"text": "pyca/cryptography's wheels include vulnerable OpenSSL"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `async_get_device_diagnostics` has cognitive complexity 14 (SonarSource sc", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `async_get_device_diagnostics` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 14."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-r6ph-v2qm-q3c2", "name": "cryptography: GHSA-r6ph-v2qm-q3c2", "shortDescription": {"text": "cryptography: GHSA-r6ph-v2qm-q3c2"}, "fullDescription": {"text": "cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ww4-gg4f-jr7f", "name": "cryptography: GHSA-3ww4-gg4f-jr7f", "shortDescription": {"text": "cryptography: GHSA-3ww4-gg4f-jr7f"}, "fullDescription": {"text": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-35", "name": "cryptography: PYSEC-2026-35", "shortDescription": {"text": "cryptography: PYSEC-2026-35"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-225", "name": "cryptography: PYSEC-2024-225", "shortDescription": {"text": "cryptography: PYSEC-2024-225"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-254", "name": "cryptography: PYSEC-2023-254", "shortDescription": {"text": "cryptography: PYSEC-2023-254"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-112", "name": "cryptography: PYSEC-2023-112", "shortDescription": {"text": "cryptography: PYSEC-2023-112"}, "fullDescription": {"text": "The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `codecov/codecov-action` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: codecov/codecov-action@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.13.0`", "shortDescription": {"text": "pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.13.0`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-mypy` at `rev: v1.13.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_set_mode_rejects_unknown", "shortDescription": {"text": "Phantom test coverage: test_set_mode_rejects_unknown"}, "fullDescription": {"text": "Test function `test_set_mode_rejects_unknown` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._make_coordinator_with_devices` used but never assigned in __init__", "shortDescription": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_ble_advertisement_restores_online_after_outage` of class `TestBleAdvertisementHandling` reads `self._make_coordinator_with_devices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1077"}, "properties": {"repository": "lasswellt/govee-homeassistant", "repoUrl": "https://github.com/lasswellt/govee-homeassistant", "branch": "master"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 105845, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-6w46-j5rx-g56g", "level": "warning", "message": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "properties": {"repobilityId": 105844, "scanner": "osv-scanner", "fingerprint": "2e412d71fbba24ea2865b3c154607ee4e07b7258f61da0c33ceb4c16ad151b58", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-71176"], "package": "pytest", "rule_id": "GHSA-6w46-j5rx-g56g", "scanner": "osv-scanner", "correlation_key": "vuln|pytest|CVE-2025-71176|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h4gh-qq45-vh27", "level": "warning", "message": {"text": "cryptography: GHSA-h4gh-qq45-vh27"}, "properties": {"repobilityId": 105840, "scanner": "osv-scanner", "fingerprint": "740e1cff5e9d4df95197f25ccc515f7fb64de9e618d1390159ecf73fb45bfe93", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-h4gh-qq45-vh27", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-H4GH-QQ45-VH27|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9v9h-cgj8-h64p", "level": "warning", "message": {"text": "cryptography: GHSA-9v9h-cgj8-h64p"}, "properties": {"repobilityId": 105839, "scanner": "osv-scanner", "fingerprint": "013f25deb436944bb00afbe5dd18851485f785d78e9d2e36e415ad80e67e7a53", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-0727"], "package": "cryptography", "rule_id": "GHSA-9v9h-cgj8-h64p", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2024-0727|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105806, "scanner": "repobility-ast-engine", "fingerprint": "697f2a562372f7e214f27de435ac3c17e6304ff84b28db2e25e268e3435e4fd5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|697f2a562372f7e214f27de435ac3c17e6304ff84b28db2e25e268e3435e4fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/coordinator.py"}, "region": {"startLine": 1208}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105805, "scanner": "repobility-ast-engine", "fingerprint": "f1e7041b13393061576a9e023400e0410f3e0a52d09cd4c76d5d66c1704b70ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f1e7041b13393061576a9e023400e0410f3e0a52d09cd4c76d5d66c1704b70ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/diagnostics.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105754, "scanner": "repobility-ast-engine", "fingerprint": "f1839e7df58e9cfe709b90e9e4d417c093bfc1fe0944a34e107a420f88128a80", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f1839e7df58e9cfe709b90e9e4d417c093bfc1fe0944a34e107a420f88128a80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/status_badges.py"}, "region": {"startLine": 406}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 105846, "scanner": "repobility-web-presence", "fingerprint": "b45188b4971e6b8c7800eb799d6e0b723ff2a94177583b2040f138ae9d27e818", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|b45188b4971e6b8c7800eb799d6e0b723ff2a94177583b2040f138ae9d27e818"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/_research/2026-03-30_govee-login-454-error.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v8gr-m533-ghj9", "level": "note", "message": {"text": "cryptography: GHSA-v8gr-m533-ghj9"}, "properties": {"repobilityId": 105843, "scanner": "osv-scanner", "fingerprint": "523a75a8e7bef676e261278da803aae5e1e3fb5b829ddc324d9c8d12d0616cc5", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-v8gr-m533-ghj9", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-V8GR-M533-GHJ9|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jm77-qphf-c4w8", "level": "note", "message": {"text": "cryptography: GHSA-jm77-qphf-c4w8"}, "properties": {"repobilityId": 105841, "scanner": "osv-scanner", "fingerprint": "3ecd4d843e2994b190151974ed2aba34561f17b19b7211824b29f0db67006e30", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-jm77-qphf-c4w8", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-JM77-QPHF-C4W8|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `async_get_device_diagnostics` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=2, if=2, nested_bonus=7, or=1, ternary=2."}, "properties": {"repobilityId": 105828, "scanner": "repobility-threat-engine", "fingerprint": "62c13f4061b706369ba730aee9ecd96eb04102dbd450033cf15c5a7cd7267d3f", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "async_get_device_diagnostics", "breakdown": {"if": 2, "or": 1, "for": 2, "ternary": 2, "nested_bonus": 7}, "complexity": 14, "correlation_key": "fp|62c13f4061b706369ba730aee9ecd96eb04102dbd450033cf15c5a7cd7267d3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/diagnostics.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 105753, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4765ed50f8edd02669d4b3ad9e471ac3f276fc7e826580870cf40ef3ab778fa1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "custom_components/govee/api/client.py", "duplicate_line": 219, "correlation_key": "fp|4765ed50f8edd02669d4b3ad9e471ac3f276fc7e826580870cf40ef3ab778fa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/protocols/api.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 105752, "scanner": "repobility-ai-code-hygiene", "fingerprint": "273affce37af7092e6be43495c44a5f2b1a053177c6f6f33e94ced7f412e5dee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "custom_components/govee/platforms/grouped_segment.py", "duplicate_line": 110, "correlation_key": "fp|273affce37af7092e6be43495c44a5f2b1a053177c6f6f33e94ced7f412e5dee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/platforms/segment.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 105832, "scanner": "repobility-threat-engine", "fingerprint": "92a9296d2e8f54cbfc431a36881c269aa3eef9db2e56aeae75c597a8ef2c2e45", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92a9296d2e8f54cbfc431a36881c269aa3eef9db2e56aeae75c597a8ef2c2e45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/models/transport.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 105831, "scanner": "repobility-threat-engine", "fingerprint": "c62d717c70f5daf81850f4fcbb75b8f1756e85184399a955fd552c518035f78c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c62d717c70f5daf81850f4fcbb75b8f1756e85184399a955fd552c518035f78c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/models/commands.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 105830, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "handle_advertisement", "breakdown": {"if": 11, "and": 1, "for": 1, "elif": 1, "else": 1, "break": 1, "except": 2, "nested_bonus": 8}, "aggregated": true, "complexity": 26, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 105826, "scanner": "repobility-threat-engine", "fingerprint": "86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 105825, "scanner": "repobility-threat-engine", "fingerprint": "63fd1add9a25d20dda6bd838160db0a413b87f16322cb42810fa193da03042e8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|63fd1add9a25d20dda6bd838160db0a413b87f16322cb42810fa193da03042e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/protocols/api.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 105824, "scanner": "repobility-threat-engine", "fingerprint": "1608306e7071b55efd07021786afcfb6a7afeaf0330a881e5c9116983799caa1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1608306e7071b55efd07021786afcfb6a7afeaf0330a881e5c9116983799caa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/models/commands.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 105823, "scanner": "repobility-threat-engine", "fingerprint": "384db71b586cdcb6a076692861400e89c46a1a43eb97f000a77c2f142a55418f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|384db71b586cdcb6a076692861400e89c46a1a43eb97f000a77c2f142a55418f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/ble_advertisement.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "GHSA-r6ph-v2qm-q3c2", "level": "error", "message": {"text": "cryptography: GHSA-r6ph-v2qm-q3c2"}, "properties": {"repobilityId": 105842, "scanner": "osv-scanner", "fingerprint": "19d1121404d4b017c2108ee52eff3aeb26f4126b5b5a969ac90d121e636f4dd6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26007"], "package": "cryptography", "rule_id": "GHSA-r6ph-v2qm-q3c2", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-26007|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ww4-gg4f-jr7f", "level": "error", "message": {"text": "cryptography: GHSA-3ww4-gg4f-jr7f"}, "properties": {"repobilityId": 105838, "scanner": "osv-scanner", "fingerprint": "e5314aadc45df3cf6591f1f37903b5b7bb4922d3326c51d289df682a46a7e86e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-50782"], "package": "cryptography", "rule_id": "GHSA-3ww4-gg4f-jr7f", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-50782|requirements_test.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-35", "level": "error", "message": {"text": "cryptography: PYSEC-2026-35"}, "properties": {"repobilityId": 105837, "scanner": "osv-scanner", "fingerprint": "9a2a69f805a71517226b81b8787bbaeee6c6353332c03b8140eba3d869c95047", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34073", "GHSA-m959-cc7f-wv43"], "package": "cryptography", "rule_id": "PYSEC-2026-35", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-34073|requirements_test.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m959-cc7f-wv43", "PYSEC-2026-35"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9a2a69f805a71517226b81b8787bbaeee6c6353332c03b8140eba3d869c95047", "a427c959e4c3ab44f1bf9a8e788d6001cfd25a6bea91e6d99efcd8d545b9d015"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-225", "level": "error", "message": {"text": "cryptography: PYSEC-2024-225"}, "properties": {"repobilityId": 105836, "scanner": "osv-scanner", "fingerprint": "083372695d3ad41e48f4683ebe5bd25808134130b6adadb96c8f9af56af7a357", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-26130", "GHSA-6vqw-3v5j-54x4"], "package": "cryptography", "rule_id": "PYSEC-2024-225", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2024-26130|requirements_test.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6vqw-3v5j-54x4", "PYSEC-2024-225"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["083372695d3ad41e48f4683ebe5bd25808134130b6adadb96c8f9af56af7a357", "2a8c81aa5ebffb87c7b164fc6123ca829d6376bfe099b7020facb2f974454bf9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-254", "level": "error", "message": {"text": "cryptography: PYSEC-2023-254"}, "properties": {"repobilityId": 105835, "scanner": "osv-scanner", "fingerprint": "59d21128220f350f083f0c5894489fd99a984e13a34d349f5e806cccedd3f7f4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-49083", "GHSA-jfhm-5ghh-2f97"], "package": "cryptography", "rule_id": "PYSEC-2023-254", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-49083|requirements_test.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jfhm-5ghh-2f97", "PYSEC-2023-254"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["041609ca072fa541f6bfddceef1d5aa3eba74c42adbc16f2f60435cfbb41e608", "59d21128220f350f083f0c5894489fd99a984e13a34d349f5e806cccedd3f7f4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-112", "level": "error", "message": {"text": "cryptography: PYSEC-2023-112"}, "properties": {"repobilityId": 105834, "scanner": "osv-scanner", "fingerprint": "95f8d31d302d2de46a8ae2f707331306e62aeb74058ab16ab25abfb4866c8546", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-38325", "GHSA-cf7p-gm2m-833m"], "package": "cryptography", "rule_id": "PYSEC-2023-112", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-38325|requirements_test.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cf7p-gm2m-833m", "PYSEC-2023-112"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5ff13f6bf67aac145dde4220312deea8740aa4ee54a34450adbc78a5ef8f86c1", "95f8d31d302d2de46a8ae2f707331306e62aeb74058ab16ab25abfb4866c8546"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements_test.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 31 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, continue=2, for=5, if=8, nested_bonus=13, recursion=1, ternary=1."}, "properties": {"repobilityId": 105829, "scanner": "repobility-threat-engine", "fingerprint": "754b14f3a46a449c8ef18a01eaf51378e00fe54de60dc814e26a4aef22fdd7bd", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 31 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"if": 8, "for": 5, "break": 1, "ternary": 1, "continue": 2, "recursion": 1, "nested_bonus": 13}, "complexity": 31, "correlation_key": "fp|754b14f3a46a449c8ef18a01eaf51378e00fe54de60dc814e26a4aef22fdd7bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/humidifier.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `handle_advertisement` has cognitive complexity 26 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, break=1, elif=1, else=1, except=2, for=1, if=11, nested_bonus=8."}, "properties": {"repobilityId": 105827, "scanner": "repobility-threat-engine", "fingerprint": "df46abb53af8fd451cfd8d62b4433f5ba2b2a1e96cf32ef06bdf6d3c58e11626", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 26 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "handle_advertisement", "breakdown": {"if": 11, "and": 1, "for": 1, "elif": 1, "else": 1, "break": 1, "except": 2, "nested_bonus": 8}, "complexity": 26, "correlation_key": "fp|df46abb53af8fd451cfd8d62b4433f5ba2b2a1e96cf32ef06bdf6d3c58e11626"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/ble_advertisement.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 105822, "scanner": "repobility-threat-engine", "fingerprint": "5e019cba6e74448b05076940a8cbca7fded290c3dc1cda1bdffcda10e87fa97f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5e019cba6e74448b05076940a8cbca7fded290c3dc1cda1bdffcda10e87fa97f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "custom_components/govee/ble_advertisement.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 105820, "scanner": "repobility-supply-chain", "fingerprint": "5d7b8e9a9d8795563a6e160ed973e8baebc3d602dfbcaae91227243c8beaa671", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d7b8e9a9d8795563a6e160ed973e8baebc3d602dfbcaae91227243c8beaa671"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tox.yaml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 105819, "scanner": "repobility-supply-chain", "fingerprint": "447a33e66f05a251a1a6ddb762484582f4be707b0ab4a7d2f2e7303552a3a4b7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|447a33e66f05a251a1a6ddb762484582f4be707b0ab4a7d2f2e7303552a3a4b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tox.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 105818, "scanner": "repobility-supply-chain", "fingerprint": "1f86201ffea748608ad0b343d5a9fa91d78d002555026908ec2cb89a26606614", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f86201ffea748608ad0b343d5a9fa91d78d002555026908ec2cb89a26606614"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tox.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `home-assistant/actions/hassfest` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 105817, "scanner": "repobility-supply-chain", "fingerprint": "94bd73dd4252d22f6b1a71ae235ca19c013caf643e9ef8debac8cea147f66441", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|94bd73dd4252d22f6b1a71ae235ca19c013caf643e9ef8debac8cea147f66441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/hacs-hass.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 105816, "scanner": "repobility-supply-chain", "fingerprint": "f5695a1942eab72d27d7190ea8538f4ce5be5eb5a5157d7cde03a440caff5926", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f5695a1942eab72d27d7190ea8538f4ce5be5eb5a5157d7cde03a440caff5926"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/install-stats.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 105815, "scanner": "repobility-supply-chain", "fingerprint": "5a631fb8a025308b4d763e67c319c8f957acee4d14bce04a626ab1f5cd305038", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a631fb8a025308b4d763e67c319c8f957acee4d14bce04a626ab1f5cd305038"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/install-stats.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 105814, "scanner": "repobility-supply-chain", "fingerprint": "629c849a3fb097c0efe3f26951d77f08c0e1111000f0d081f3b16f55988e83b9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|629c849a3fb097c0efe3f26951d77f08c0e1111000f0d081f3b16f55988e83b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/uptime.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 105813, "scanner": "repobility-supply-chain", "fingerprint": "9de4a8fc3bac5c341c66543d4db1e2fc3dabb1c0c1de05bfda39d1da3f8467b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9de4a8fc3bac5c341c66543d4db1e2fc3dabb1c0c1de05bfda39d1da3f8467b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/uptime.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 105812, "scanner": "repobility-supply-chain", "fingerprint": "a66388889339a2dd78a38efed543b6554a05058e9257d18be963b5fdcd72ff97", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a66388889339a2dd78a38efed543b6554a05058e9257d18be963b5fdcd72ff97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rebase_dependencies.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 105811, "scanner": "repobility-supply-chain", "fingerprint": "f07d9ef592832776c64324f5bfc4842037d572118de8d694cac5353c4e19cd2a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f07d9ef592832776c64324f5bfc4842037d572118de8d694cac5353c4e19cd2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/type-check.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 105810, "scanner": "repobility-supply-chain", "fingerprint": "9a94f8a943224c25c5ca9c957a421a58aff16acc2326e12dce1c0fe85dec2e62", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a94f8a943224c25c5ca9c957a421a58aff16acc2326e12dce1c0fe85dec2e62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/type-check.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.13.0`"}, "properties": {"repobilityId": 105809, "scanner": "repobility-supply-chain", "fingerprint": "a9e7e9bc20c264f0642dcde6b5e46b74bc3d5dc0d472cee950eb3ad9536f66db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9e7e9bc20c264f0642dcde6b5e46b74bc3d5dc0d472cee950eb3ad9536f66db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/PyCQA/flake8` pinned to mutable rev `7.1.1`"}, "properties": {"repobilityId": 105808, "scanner": "repobility-supply-chain", "fingerprint": "3da7e06bd4bb0d387c8c4e4ff333a5957cb26b4fe3360b1f7bdabdd3f87f7cc0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3da7e06bd4bb0d387c8c4e4ff333a5957cb26b4fe3360b1f7bdabdd3f87f7cc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/psf/black` pinned to mutable rev `24.10.0`"}, "properties": {"repobilityId": 105807, "scanner": "repobility-supply-chain", "fingerprint": "547227e287eabb46c51f07e409a44ef8001133edf98a719c52e7f4c2611be71e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|547227e287eabb46c51f07e409a44ef8001133edf98a719c52e7f4c2611be71e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_set_mode_rejects_unknown"}, "properties": {"repobilityId": 105804, "scanner": "repobility-ast-engine", "fingerprint": "7254f7a61010bac60d86e428b4ec7c2d9bc1471ea06d8405c4e0e45955c5d11d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7254f7a61010bac60d86e428b4ec7c2d9bc1471ea06d8405c4e0e45955c5d11d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_humidifier.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_off_skipped_when_device_already_off"}, "properties": {"repobilityId": 105803, "scanner": "repobility-ast-engine", "fingerprint": "a4ead4a0a77767e88879f900d639d14152383413c08fb0c2c4d720e24b4c860b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4ead4a0a77767e88879f900d639d14152383413c08fb0c2c4d720e24b4c860b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_grouped_segment.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_off_skipped_when_power_off_pending"}, "properties": {"repobilityId": 105802, "scanner": "repobility-ast-engine", "fingerprint": "a8d771f41028a8b1ca0d74234e4da66b3e6e03c5260c34d9df88b25a61150b28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8d771f41028a8b1ca0d74234e4da66b3e6e03c5260c34d9df88b25a61150b28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_grouped_segment.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unsubscribe_is_idempotent"}, "properties": {"repobilityId": 105801, "scanner": "repobility-ast-engine", "fingerprint": "243504237f3e4eff45bdfe6d7026762f4b832012c39345e5f3680f0f80d83bf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|243504237f3e4eff45bdfe6d7026762f4b832012c39345e5f3680f0f80d83bf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_api_ble.py"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_govee_credentials_propagates_auth_error"}, "properties": {"repobilityId": 105800, "scanner": "repobility-ast-engine", "fingerprint": "5b44ece0d588b5c6d6835ee19089f7e9bd47050afabac6af3f8c4f32d557bcaf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b44ece0d588b5c6d6835ee19089f7e9bd47050afabac6af3f8c4f32d557bcaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 1037}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fetch_device_topics_connection_error_raises_api_error"}, "properties": {"repobilityId": 105799, "scanner": "repobility-ast-engine", "fingerprint": "4c9d358b6c127f7246b232dc11beec2d965e6fbbf1ff34359361b189a45ea9c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c9d358b6c127f7246b232dc11beec2d965e6fbbf1ff34359361b189a45ea9c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 921}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fetch_device_topics_non_200_raises_api_error"}, "properties": {"repobilityId": 105798, "scanner": "repobility-ast-engine", "fingerprint": "b83928281cc97543b237fd7a89fcdcb916cdb53c7699125e876c6f7fcc7ae169", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b83928281cc97543b237fd7a89fcdcb916cdb53c7699125e876c6f7fcc7ae169"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 908}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_missing_token_key_raises_api_error"}, "properties": {"repobilityId": 105797, "scanner": "repobility-ast-engine", "fingerprint": "1ac8da2e4b3f5b6cc5d9b7a84fdf790bfa2c93c828d0a20990a83d0643d24fdd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ac8da2e4b3f5b6cc5d9b7a84fdf790bfa2c93c828d0a20990a83d0643d24fdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 567}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_client_response_error_raises_api_error"}, "properties": {"repobilityId": 105796, "scanner": "repobility-ast-engine", "fingerprint": "5c52359cdd7b3a807007b7aaec619c5c87e59a56821b6b7d9a5bd9012fd0a7e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c52359cdd7b3a807007b7aaec619c5c87e59a56821b6b7d9a5bd9012fd0a7e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 522}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_json_password_in_message_raises_auth_error"}, "properties": {"repobilityId": 105795, "scanner": "repobility-ast-engine", "fingerprint": "d09334f97d0174abca2d7f195549f4210c24f639400bbb730fec5bf47fef95ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d09334f97d0174abca2d7f195549f4210c24f639400bbb730fec5bf47fef95ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 462}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_json_status_454_with_code_raises_2fa_code_invalid"}, "properties": {"repobilityId": 105794, "scanner": "repobility-ast-engine", "fingerprint": "7e029b4de0bbcf501f09adca6878a4715bd122911c28f7e5495318cf5fd23513", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e029b4de0bbcf501f09adca6878a4715bd122911c28f7e5495318cf5fd23513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 450}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_json_status_454_without_code_raises_2fa_required"}, "properties": {"repobilityId": 105793, "scanner": "repobility-ast-engine", "fingerprint": "1b964b45cbc5517496ad2ddb49795c28ddc6361c6ce0974932d1fea341a271e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b964b45cbc5517496ad2ddb49795c28ddc6361c6ce0974932d1fea341a271e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 438}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_json_status_401_raises_auth_error"}, "properties": {"repobilityId": 105792, "scanner": "repobility-ast-engine", "fingerprint": "ed2eec21268125c28d404997132ac32d9ec96b05aacb884baa7ea40779b59bba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed2eec21268125c28d404997132ac32d9ec96b05aacb884baa7ea40779b59bba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_http_500_raises_login_rejected_error"}, "properties": {"repobilityId": 105791, "scanner": "repobility-ast-engine", "fingerprint": "fefd39349870cf727ef85e13cf41a1cc9bc6563f7495be1fc6b72fc4e627d4be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fefd39349870cf727ef85e13cf41a1cc9bc6563f7495be1fc6b72fc4e627d4be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_login_http_454_raises_login_rejected_error"}, "properties": {"repobilityId": 105790, "scanner": "repobility-ast-engine", "fingerprint": "1e5f4a21ba6209474fe9a629111c47a87f0f313a1ad574a7a5d2bdfd42115420", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e5f4a21ba6209474fe9a629111c47a87f0f313a1ad574a7a5d2bdfd42115420"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_auth.py"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_on_with_unknown_effect_logs_warning"}, "properties": {"repobilityId": 105789, "scanner": "repobility-ast-engine", "fingerprint": "a0861427686798aa1e01be2e9539bc8eb2a15da416c40c20323ad4b5102a0b86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0861427686798aa1e01be2e9539bc8eb2a15da416c40c20323ad4b5102a0b86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_light.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105788, "scanner": "repobility-ast-engine", "fingerprint": "a1c7b458556f3892bb8c8f3f4925c172c0efedc23c3495a593e6bfae0373d453", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1c7b458556f3892bb8c8f3f4925c172c0efedc23c3495a593e6bfae0373d453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1500}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105787, "scanner": "repobility-ast-engine", "fingerprint": "ad586b11752382ccb3c833e8d0a2b68bd300e7955933ee1a605c9167e3994e49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad586b11752382ccb3c833e8d0a2b68bd300e7955933ee1a605c9167e3994e49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1481}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105786, "scanner": "repobility-ast-engine", "fingerprint": "659894c19446c616890c0766d8e0c3df802c434187eaca653c74676ca5dc9137", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|659894c19446c616890c0766d8e0c3df802c434187eaca653c74676ca5dc9137"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1477}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105785, "scanner": "repobility-ast-engine", "fingerprint": "1610bea45630ee4bf9e2cfee9b68d6ce33070a2db1c99df1f4abdf56c002ae0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1610bea45630ee4bf9e2cfee9b68d6ce33070a2db1c99df1f4abdf56c002ae0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1459}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105784, "scanner": "repobility-ast-engine", "fingerprint": "c431a5fbf6206f41a27eabbf75e97049d27909a0a0b3ddbd21656c44c884c588", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c431a5fbf6206f41a27eabbf75e97049d27909a0a0b3ddbd21656c44c884c588"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1455}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105783, "scanner": "repobility-ast-engine", "fingerprint": "0afad0112f4fc3cc6b2b1bd0795f7c3f248eca273f4af21106a88d0d91db2591", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0afad0112f4fc3cc6b2b1bd0795f7c3f248eca273f4af21106a88d0d91db2591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1435}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105782, "scanner": "repobility-ast-engine", "fingerprint": "8ff1907b35021ff8bcfff5eec672c4f65735d0bef83d949a38a55f0b2930560e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ff1907b35021ff8bcfff5eec672c4f65735d0bef83d949a38a55f0b2930560e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1434}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105781, "scanner": "repobility-ast-engine", "fingerprint": "6aed957edb89f91b8aecaf19a23c62c2c3e5d6a6634f5e14c18352a9d77df2bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6aed957edb89f91b8aecaf19a23c62c2c3e5d6a6634f5e14c18352a9d77df2bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1431}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105780, "scanner": "repobility-ast-engine", "fingerprint": "d586bf184d25ef5a68fb3508997fdc7440290e53d9690396598d08ddff297a48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d586bf184d25ef5a68fb3508997fdc7440290e53d9690396598d08ddff297a48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1423}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105779, "scanner": "repobility-ast-engine", "fingerprint": "8ee4bac824ef0bfc239b694a8f194b11309626bc3fa48568174ceacc310b0559", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ee4bac824ef0bfc239b694a8f194b11309626bc3fa48568174ceacc310b0559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1416}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105778, "scanner": "repobility-ast-engine", "fingerprint": "672daa6a1f13b3e153a944d40252aa182af4ced884f6f584e1d453e893222dd7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|672daa6a1f13b3e153a944d40252aa182af4ced884f6f584e1d453e893222dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1392}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105777, "scanner": "repobility-ast-engine", "fingerprint": "c43d2afc67d0be141baf77b952d7e00a0eedc085f91dc0ba731c6321cf8514c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c43d2afc67d0be141baf77b952d7e00a0eedc085f91dc0ba731c6321cf8514c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1386}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105776, "scanner": "repobility-ast-engine", "fingerprint": "bdee2f0b89ca1edbb94b5dd13d0fd639dbc627988a631e1b8379d6adea2de3c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdee2f0b89ca1edbb94b5dd13d0fd639dbc627988a631e1b8379d6adea2de3c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1364}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105775, "scanner": "repobility-ast-engine", "fingerprint": "ac23c7e4749eb767b02ac37ceac42fc192b8baea6271c9f2aeb6699fb5365abd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac23c7e4749eb767b02ac37ceac42fc192b8baea6271c9f2aeb6699fb5365abd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1363}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105774, "scanner": "repobility-ast-engine", "fingerprint": "66fd4850725bc178c6391c46d17164b49e462480c4a81ca486e56c103dbd9219", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|66fd4850725bc178c6391c46d17164b49e462480c4a81ca486e56c103dbd9219"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1347}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105773, "scanner": "repobility-ast-engine", "fingerprint": "2031ed7e8681441d187c0025a7c4e2f5ece592be50b5be7b90702f0e290872df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2031ed7e8681441d187c0025a7c4e2f5ece592be50b5be7b90702f0e290872df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1346}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105772, "scanner": "repobility-ast-engine", "fingerprint": "610f2658f029fbf8485dc272bb83f833f1da3d7603d05176422a70a90b258d15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|610f2658f029fbf8485dc272bb83f833f1da3d7603d05176422a70a90b258d15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1338}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105771, "scanner": "repobility-ast-engine", "fingerprint": "4366445d204c43e94936384c3b797e33c138f6daae27c24261dc7187db8f532b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4366445d204c43e94936384c3b797e33c138f6daae27c24261dc7187db8f532b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1335}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105770, "scanner": "repobility-ast-engine", "fingerprint": "88069c62664aa9a7e44b7a29046646e5a2baf8b1492e826fa96e284cf95ce71c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88069c62664aa9a7e44b7a29046646e5a2baf8b1492e826fa96e284cf95ce71c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1327}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_coordinator_with_devices` used but never assigned in __init__"}, "properties": {"repobilityId": 105769, "scanner": "repobility-ast-engine", "fingerprint": "f4aecce3b59cdc118b0b98f58d447a097b7a4f0e9a94db66a0eabf61fe28bd6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4aecce3b59cdc118b0b98f58d447a097b7a4f0e9a94db66a0eabf61fe28bd6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1324}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_service_info` used but never assigned in __init__"}, "properties": {"repobilityId": 105768, "scanner": "repobility-ast-engine", "fingerprint": "e246ead558270eef1a6188456c91bd077acadc15145cb76ddecee953c5a94ee2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e246ead558270eef1a6188456c91bd077acadc15145cb76ddecee953c5a94ee2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 1316}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_device` used but never assigned in __init__"}, "properties": {"repobilityId": 105767, "scanner": "repobility-ast-engine", "fingerprint": "553a706d04a887ce5fdc2947150d77472be45be9c2363c5fe55476224a92b20c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|553a706d04a887ce5fdc2947150d77472be45be9c2363c5fe55476224a92b20c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 958}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_device` used but never assigned in __init__"}, "properties": {"repobilityId": 105766, "scanner": "repobility-ast-engine", "fingerprint": "00dc647f1a7e3228524b82ebf303fc8cc8cd810ba938c7111e5c26a2a147a16e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00dc647f1a7e3228524b82ebf303fc8cc8cd810ba938c7111e5c26a2a147a16e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 939}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_device` used but never assigned in __init__"}, "properties": {"repobilityId": 105765, "scanner": "repobility-ast-engine", "fingerprint": "54d6482e5e9929817475f2db7334fb77386cba77528eaa20b52a7151c0d60a6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54d6482e5e9929817475f2db7334fb77386cba77528eaa20b52a7151c0d60a6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 924}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_device` used but never assigned in __init__"}, "properties": {"repobilityId": 105764, "scanner": "repobility-ast-engine", "fingerprint": "bf5f322a9b16d90d11583d2a42de4f9849e13b8865a9a48471265b7e9ee6eb9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf5f322a9b16d90d11583d2a42de4f9849e13b8865a9a48471265b7e9ee6eb9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_coordinator.py"}, "region": {"startLine": 911}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mode_command_immutable"}, "properties": {"repobilityId": 105763, "scanner": "repobility-ast-engine", "fingerprint": "047d4ee12b1a34bb7b0aa81130e652169c138cccf46c5fb5cf05e6e792472d2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|047d4ee12b1a34bb7b0aa81130e652169c138cccf46c5fb5cf05e6e792472d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 1083}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_command_immutable"}, "properties": {"repobilityId": 105762, "scanner": "repobility-ast-engine", "fingerprint": "003241df37f457d689895690eca0dbc07407636c6fc7a6ad34afbf0685db4fb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|003241df37f457d689895690eca0dbc07407636c6fc7a6ad34afbf0685db4fb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 1034}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_immutable"}, "properties": {"repobilityId": 105761, "scanner": "repobility-ast-engine", "fingerprint": "a611be1c89947faad081e79f103e30e7cfa696a3026b330f4002206620c15798", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a611be1c89947faad081e79f103e30e7cfa696a3026b330f4002206620c15798"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 403}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_immutable"}, "properties": {"repobilityId": 105760, "scanner": "repobility-ast-engine", "fingerprint": "db4b7efb257884cb567689c0a606b1c96a1f51f8e71426ddba6d0649fb2ac06f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db4b7efb257884cb567689c0a606b1c96a1f51f8e71426ddba6d0649fb2ac06f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_immutable"}, "properties": {"repobilityId": 105759, "scanner": "repobility-ast-engine", "fingerprint": "7801a083dc090a97d501aec3af974255b3d5fd5941187da720afc09b287c8399", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7801a083dc090a97d501aec3af974255b3d5fd5941187da720afc09b287c8399"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_off_when_no_state_exists"}, "properties": {"repobilityId": 105758, "scanner": "repobility-ast-engine", "fingerprint": "82dfb6caa057371c71acc1350e3d917458624ef285f0584fb1dc1f015869fc45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82dfb6caa057371c71acc1350e3d917458624ef285f0584fb1dc1f015869fc45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_segment.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_off_skipped_when_both_conditions"}, "properties": {"repobilityId": 105757, "scanner": "repobility-ast-engine", "fingerprint": "08994853902ddee5db8e56b4da07cdcb377e4028bc60006f7ef85977c0a7d7ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08994853902ddee5db8e56b4da07cdcb377e4028bc60006f7ef85977c0a7d7ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_segment.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_off_skipped_when_device_already_off"}, "properties": {"repobilityId": 105756, "scanner": "repobility-ast-engine", "fingerprint": "05e2d4ffa1e714a414ec8f02e23ba11fdfbc11ca64999fbb47173c72eff8980c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05e2d4ffa1e714a414ec8f02e23ba11fdfbc11ca64999fbb47173c72eff8980c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_segment.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_turn_off_skipped_when_power_off_pending"}, "properties": {"repobilityId": 105755, "scanner": "repobility-ast-engine", "fingerprint": "7404b91001ed342a0152bddf8b4f5d73181e17e93772a2ef2c404df7f193083e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7404b91001ed342a0152bddf8b4f5d73181e17e93772a2ef2c404df7f193083e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_segment.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 105833, "scanner": "gitleaks", "fingerprint": "da3ab644e50d46d75b6f5ca14079ee5c1dd0aeb2b6b3707fb7467d3909502606", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|105|token : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/govee-protocol-reference.md"}, "region": {"startLine": 1057}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105821, "scanner": "repobility-supply-chain", "fingerprint": "b63ab19eadf3e41c5480da5cc7318efb137237370ccb4535ef2fa854154a825c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b63ab19eadf3e41c5480da5cc7318efb137237370ccb4535ef2fa854154a825c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tox.yaml"}, "region": {"startLine": 38}}}]}]}]}