{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4fh9-h7wg-q85m", "name": "mdast-util-to-hast: GHSA-4fh9-h7wg-q85m", "shortDescription": {"text": "mdast-util-to-hast: GHSA-4fh9-h7wg-q85m"}, "fullDescription": {"text": "mdast-util-to-hast has unsanitized class attribute"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v9jr-rg53-9pgp", "name": "dompurify: GHSA-v9jr-rg53-9pgp", "shortDescription": {"text": "dompurify: GHSA-v9jr-rg53-9pgp"}, "fullDescription": {"text": "DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2wj-7wpq-c8vv", "name": "dompurify: GHSA-v2wj-7wpq-c8vv", "shortDescription": {"text": "dompurify: GHSA-v2wj-7wpq-c8vv"}, "fullDescription": {"text": "DOMPurify contains a Cross-site Scripting vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h8r8-wccr-v5f2", "name": "dompurify: GHSA-h8r8-wccr-v5f2", "shortDescription": {"text": "dompurify: GHSA-h8r8-wccr-v5f2"}, "fullDescription": {"text": "DOMPurify is vulnerable to mutation-XSS via Re-Contextualization "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h7mw-gpvr-xq4m", "name": "dompurify: GHSA-h7mw-gpvr-xq4m", "shortDescription": {"text": "dompurify: GHSA-h7mw-gpvr-xq4m"}, "fullDescription": {"text": "DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-crv5-9vww-q3g8", "name": "dompurify: GHSA-crv5-9vww-q3g8", "shortDescription": {"text": "dompurify: GHSA-crv5-9vww-q3g8"}, "fullDescription": {"text": "DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cjmm-f4jc-qw8r", "name": "dompurify: GHSA-cjmm-f4jc-qw8r", "shortDescription": {"text": "dompurify: GHSA-cjmm-f4jc-qw8r"}, "fullDescription": {"text": "DOMPurify ADD_ATTR predicate skips URI validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cj63-jhhr-wcxv", "name": "dompurify: GHSA-cj63-jhhr-wcxv", "shortDescription": {"text": "dompurify: GHSA-cj63-jhhr-wcxv"}, "fullDescription": {"text": "DOMPurify USE_PROFILES prototype pollution allows event handlers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-39q2-94rc-95cp", "name": "dompurify: GHSA-39q2-94rc-95cp", "shortDescription": {"text": "dompurify: GHSA-39q2-94rc-95cp"}, "fullDescription": {"text": "DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3pv8-6f4r-ffg2", "name": "tar: GHSA-3pv8-6f4r-ffg2", "shortDescription": {"text": "tar: GHSA-3pv8-6f4r-ffg2"}, "fullDescription": {"text": "tar has a PAX header desynchronization issue"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "GHSA-52f5-9888-hmc6", "name": "tmp: GHSA-52f5-9888-hmc6", "shortDescription": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "fullDescription": {"text": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-73rr-hh4g-fpgx", "name": "diff: GHSA-73rr-hh4g-fpgx", "shortDescription": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "fullDescription": {"text": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)", "shortDescription": {"text": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)"}, "fullDescription": {"text": "`uses: actions/setup-node@v6` is minor version(s) behind the latest published release v6.4.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED088", "name": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks.", "shortDescription": {"text": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 54 more): Same pattern found in 54 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 54 more): Same pattern found in 54 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-ph9p-34f9-6g65", "name": "tmp: GHSA-ph9p-34f9-6g65", "shortDescription": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "fullDescription": {"text": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pv5w-4p9q-p3v2", "name": "kysely: GHSA-pv5w-4p9q-p3v2", "shortDescription": {"text": "kysely: GHSA-pv5w-4p9q-p3v2"}, "fullDescription": {"text": "Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qjx8-664m-686j", "name": "js-cookie: GHSA-qjx8-664m-686j", "shortDescription": {"text": "js-cookie: GHSA-qjx8-664m-686j"}, "fullDescription": {"text": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v39h-62p7-jpjc", "name": "fast-uri: GHSA-v39h-62p7-jpjc", "shortDescription": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "fullDescription": {"text": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q3j6-qgpj-74h6", "name": "fast-uri: GHSA-q3j6-qgpj-74h6", "shortDescription": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "fullDescription": {"text": "fast-uri vulnerable to path traversal via percent-encoded dot segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0104", "name": "rustls-webpki: RUSTSEC-2026-0104", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "fullDescription": {"text": "Reachable panic in certificate revocation list parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0099", "name": "rustls-webpki: RUSTSEC-2026-0099", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "fullDescription": {"text": "Name constraints were accepted for certificates asserting a wildcard name"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0098", "name": "rustls-webpki: RUSTSEC-2026-0098", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "fullDescription": {"text": "Name constraints for URI names were incorrectly accepted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0049", "name": "rustls-webpki: RUSTSEC-2026-0049", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "fullDescription": {"text": "CRLs not considered authoritative by Distribution Point due to faulty matching logic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0399", "name": "rustls: RUSTSEC-2024-0399", "shortDescription": {"text": "rustls: RUSTSEC-2024-0399"}, "fullDescription": {"text": "rustls network-reachable panic in `Acceptor::accept`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0009", "name": "ring: RUSTSEC-2025-0009", "shortDescription": {"text": "ring: RUSTSEC-2025-0009"}, "fullDescription": {"text": "Some AES functions may panic when overflow checking is enabled."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0421", "name": "idna: RUSTSEC-2024-0421", "shortDescription": {"text": "idna: RUSTSEC-2024-0421"}, "fullDescription": {"text": "`idna` accepts Punycode labels that do not produce any non-ASCII when decoded"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0402", "name": "hashbrown: RUSTSEC-2024-0402", "shortDescription": {"text": "hashbrown: RUSTSEC-2024-0402"}, "fullDescription": {"text": "Borsh serialization of HashMap is non-canonical"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0007", "name": "bytes: RUSTSEC-2026-0007", "shortDescription": {"text": "bytes: RUSTSEC-2026-0007"}, "fullDescription": {"text": "Integer overflow in `BytesMut::reserve`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0056", "name": "adler: RUSTSEC-2025-0056", "shortDescription": {"text": "adler: RUSTSEC-2025-0056"}, "fullDescription": {"text": "adler crate is unmaintained, use adler2 instead"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0098", "name": "unic-ucd-version: RUSTSEC-2025-0098", "shortDescription": {"text": "unic-ucd-version: RUSTSEC-2025-0098"}, "fullDescription": {"text": "`unic-ucd-version` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0100", "name": "unic-ucd-ident: RUSTSEC-2025-0100", "shortDescription": {"text": "unic-ucd-ident: RUSTSEC-2025-0100"}, "fullDescription": {"text": "`unic-ucd-ident` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0080", "name": "unic-common: RUSTSEC-2025-0080", "shortDescription": {"text": "unic-common: RUSTSEC-2025-0080"}, "fullDescription": {"text": "`unic-common` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0075", "name": "unic-char-range: RUSTSEC-2025-0075", "shortDescription": {"text": "unic-char-range: RUSTSEC-2025-0075"}, "fullDescription": {"text": "`unic-char-range` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0081", "name": "unic-char-property: RUSTSEC-2025-0081", "shortDescription": {"text": "unic-char-property: RUSTSEC-2025-0081"}, "fullDescription": {"text": "`unic-char-property` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0103", "name": "thin-vec: RUSTSEC-2026-0103", "shortDescription": {"text": "thin-vec: RUSTSEC-2026-0103"}, "fullDescription": {"text": "Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0068", "name": "tar: RUSTSEC-2026-0068", "shortDescription": {"text": "tar: RUSTSEC-2026-0068"}, "fullDescription": {"text": "tar-rs incorrectly ignores PAX size headers if header size is nonzero"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0067", "name": "tar: RUSTSEC-2026-0067", "shortDescription": {"text": "tar: RUSTSEC-2026-0067"}, "fullDescription": {"text": "`unpack_in` can chmod arbitrary directories by following symlinks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0037", "name": "quinn-proto: RUSTSEC-2026-0037", "shortDescription": {"text": "quinn-proto: RUSTSEC-2026-0037"}, "fullDescription": {"text": "Denial of service in Quinn endpoints"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0370", "name": "proc-macro-error: RUSTSEC-2024-0370", "shortDescription": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "fullDescription": {"text": "proc-macro-error is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0002", "name": "lru: RUSTSEC-2026-0002", "shortDescription": {"text": "lru: RUSTSEC-2026-0002"}, "fullDescription": {"text": "`IterMut` violates Stacked Borrows by invalidating internal pointer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0419", "name": "gtk3-macros: RUSTSEC-2024-0419", "shortDescription": {"text": "gtk3-macros: RUSTSEC-2024-0419"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0420", "name": "gtk-sys: RUSTSEC-2024-0420", "shortDescription": {"text": "gtk-sys: RUSTSEC-2024-0420"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0415", "name": "gtk: RUSTSEC-2024-0415", "shortDescription": {"text": "gtk: RUSTSEC-2024-0415"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0429", "name": "glib: RUSTSEC-2024-0429", "shortDescription": {"text": "glib: RUSTSEC-2024-0429"}, "fullDescription": {"text": "Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0414", "name": "gdkx11-sys: RUSTSEC-2024-0414", "shortDescription": {"text": "gdkx11-sys: RUSTSEC-2024-0414"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0417", "name": "gdkx11: RUSTSEC-2024-0417", "shortDescription": {"text": "gdkx11: RUSTSEC-2024-0417"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0411", "name": "gdkwayland-sys: RUSTSEC-2024-0411", "shortDescription": {"text": "gdkwayland-sys: RUSTSEC-2024-0411"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0418", "name": "gdk-sys: RUSTSEC-2024-0418", "shortDescription": {"text": "gdk-sys: RUSTSEC-2024-0418"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0412", "name": "gdk: RUSTSEC-2024-0412", "shortDescription": {"text": "gdk: RUSTSEC-2024-0412"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0057", "name": "fxhash: RUSTSEC-2025-0057", "shortDescription": {"text": "fxhash: RUSTSEC-2025-0057"}, "fullDescription": {"text": "fxhash - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0105", "name": "core2: RUSTSEC-2026-0105", "shortDescription": {"text": "core2: RUSTSEC-2026-0105"}, "fullDescription": {"text": "core2 is unmaintained, all versions yanked"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0089", "name": "atomic-polyfill: RUSTSEC-2023-0089", "shortDescription": {"text": "atomic-polyfill: RUSTSEC-2023-0089"}, "fullDescription": {"text": "atomic-polyfill is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0416", "name": "atk-sys: RUSTSEC-2024-0416", "shortDescription": {"text": "atk-sys: RUSTSEC-2024-0416"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0413", "name": "atk: RUSTSEC-2024-0413", "shortDescription": {"text": "atk: RUSTSEC-2024-0413"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/cache` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1122"}, "properties": {"repository": "libnyanpasu/clash-nyanpasu", "repoUrl": "https://github.com/libnyanpasu/clash-nyanpasu", "branch": "main"}, "results": [{"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 111109, "scanner": "osv-scanner", "fingerprint": "d9d26d972991fffb51a1613b08ac1e8e722be1c10191fb43cced54b770250e8d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4fh9-h7wg-q85m", "level": "warning", "message": {"text": "mdast-util-to-hast: GHSA-4fh9-h7wg-q85m"}, "properties": {"repobilityId": 111105, "scanner": "osv-scanner", "fingerprint": "039e2b36672f18dbf9d417665e7f3212fd1a283e5ef0c85f75995c2c417b7e4e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66400"], "package": "mdast-util-to-hast", "rule_id": "GHSA-4fh9-h7wg-q85m", "scanner": "osv-scanner", "correlation_key": "vuln|mdast-util-to-hast|CVE-2025-66400|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9jr-rg53-9pgp", "level": "warning", "message": {"text": "dompurify: GHSA-v9jr-rg53-9pgp"}, "properties": {"repobilityId": 111100, "scanner": "osv-scanner", "fingerprint": "fe29f6c2ee4d60a6b43c1523af3de2b8e470e80a1a60d1e3ac346be5421b7c5c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41238"], "package": "dompurify", "rule_id": "GHSA-v9jr-rg53-9pgp", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-41238|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2wj-7wpq-c8vv", "level": "warning", "message": {"text": "dompurify: GHSA-v2wj-7wpq-c8vv"}, "properties": {"repobilityId": 111099, "scanner": "osv-scanner", "fingerprint": "eb40d8741074d68235dd6bf7b9d8d2f2d9dcb58ebffc986f94151f7beaaf314a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-0540"], "package": "dompurify", "rule_id": "GHSA-v2wj-7wpq-c8vv", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-0540|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h8r8-wccr-v5f2", "level": "warning", "message": {"text": "dompurify: GHSA-h8r8-wccr-v5f2"}, "properties": {"repobilityId": 111098, "scanner": "osv-scanner", "fingerprint": "796a02be5960a7ec4e181f4caa0055e35bf76f77b00674e2637135ec98f8c117", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-h8r8-wccr-v5f2", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-H8R8-WCCR-V5F2|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h7mw-gpvr-xq4m", "level": "warning", "message": {"text": "dompurify: GHSA-h7mw-gpvr-xq4m"}, "properties": {"repobilityId": 111097, "scanner": "osv-scanner", "fingerprint": "b790519639ef959d4e63a1af8a9726a758acef79215821cdca62cb9f799c5f7c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41240"], "package": "dompurify", "rule_id": "GHSA-h7mw-gpvr-xq4m", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-41240|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-crv5-9vww-q3g8", "level": "warning", "message": {"text": "dompurify: GHSA-crv5-9vww-q3g8"}, "properties": {"repobilityId": 111096, "scanner": "osv-scanner", "fingerprint": "f512e1582fab74322b0e31a60e220e92ff8e377e435285f5b1a187533612cc51", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41239"], "package": "dompurify", "rule_id": "GHSA-crv5-9vww-q3g8", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-41239|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cjmm-f4jc-qw8r", "level": "warning", "message": {"text": "dompurify: GHSA-cjmm-f4jc-qw8r"}, "properties": {"repobilityId": 111095, "scanner": "osv-scanner", "fingerprint": "97e9d778c720bb41fdaf98f2782b49cda2c583579eca94341b3ff1d79a4b71de", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-cjmm-f4jc-qw8r", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-CJMM-F4JC-QW8R|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cj63-jhhr-wcxv", "level": "warning", "message": {"text": "dompurify: GHSA-cj63-jhhr-wcxv"}, "properties": {"repobilityId": 111094, "scanner": "osv-scanner", "fingerprint": "2547fe9dd3f8c7cb609a093be213dda5aa967e2e6df1f81590fbb12311c0a9ed", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-cj63-jhhr-wcxv", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-CJ63-JHHR-WCXV|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-39q2-94rc-95cp", "level": "warning", "message": {"text": "dompurify: GHSA-39q2-94rc-95cp"}, "properties": {"repobilityId": 111093, "scanner": "osv-scanner", "fingerprint": "abaa2e6834b6c948c1d59653cf161273479d607035b8f0ecdf7aa4619ab67969", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-39q2-94rc-95cp", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-39Q2-94RC-95CP|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 111090, "scanner": "osv-scanner", "fingerprint": "6ed3e11856b985dfd38b234bdeafe6eb9fdd6ace1789aa46a716324dba77d441", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 111089, "scanner": "osv-scanner", "fingerprint": "0b4075edd70eccc9e81ce84656b8a0c1040ecc83769ba1ed4fe7ce3796321c93", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3pv8-6f4r-ffg2", "level": "warning", "message": {"text": "tar: GHSA-3pv8-6f4r-ffg2"}, "properties": {"repobilityId": 111070, "scanner": "osv-scanner", "fingerprint": "11c51d90ab16ed78c62900c45a3aa1b0ac310a73c53dcc60d09a91c6bdab3d7f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "tar", "rule_id": "GHSA-3pv8-6f4r-ffg2", "scanner": "osv-scanner", "correlation_key": "vuln|tar|GHSA-3PV8-6F4R-FFG2|backend/cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 110999, "scanner": "repobility-threat-engine", "fingerprint": "3aaf61df56b5f5cfb11b213efee1a7e8e0ee2fc8987b5572d5fb76b42b9c32f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3aaf61df56b5f5cfb11b213efee1a7e8e0ee2fc8987b5572d5fb76b42b9c32f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/config/profile/tests.rs"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110981, "scanner": "repobility-threat-engine", "fingerprint": "f37c7065bb1ee756b57aeae6495bc479d9cb5d4cbbb16e65c8fd2187dbfb9f80", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|244|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/utils/custom-css-compiler.ts"}, "region": {"startLine": 244}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110980, "scanner": "repobility-threat-engine", "fingerprint": "9847873c47e12d3305977d21c4b1a4f340f25d2312db5f571b2c4293227145f5", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|frontend/nyanpasu/src/pages/ editor /editor/profile/index.tsx|132|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(editor)/editor/profile/index.tsx"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 110979, "scanner": "repobility-threat-engine", "fingerprint": "a5422d6e09302557cb9d959580e9bf84d926d6ef6faaec71f04d70c5e51a379c", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|frontend/nyanpasu/src/pages/ editor /editor/_modules/utils.tsx|69|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(editor)/editor/_modules/utils.tsx"}, "region": {"startLine": 69}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 110974, "scanner": "repobility-agent-runtime", "fingerprint": "1c94eccd9e6b3785f91daee383adece999b7e275990f9dabae22b82a80c1af59", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|1c94eccd9e6b3785f91daee383adece999b7e275990f9dabae22b82a80c1af59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/hooks/use-kv-storage.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 111113, "scanner": "repobility-web-presence", "fingerprint": "dd459133a0f582409a93b7079b80fabb5697c58ab0d4ae2152f0521104323019", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|dd459133a0f582409a93b7079b80fabb5697c58ab0d4ae2152f0521104323019"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 111111, "scanner": "osv-scanner", "fingerprint": "ceb0fe0330a6e8c65b0a6d6b0c1b4e5717c16a2c1143f50b7130f9599cd67450", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 111092, "scanner": "osv-scanner", "fingerprint": "8c668fba000790b63076d59a9979b7c2de72c5f84d365e64fc242ae039652734", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 111091, "scanner": "osv-scanner", "fingerprint": "3e70f19011b58b157f75487899fec2e42cb88c0a653227b585f67c95414d291b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 111033, "scanner": "repobility-threat-engine", "fingerprint": "26060e57a7769adb4c6920c0f5c0fc9a3c21f645e114ab6a8108b4d241281ca0", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = s", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|6|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/utils/styled.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 110972, "scanner": "repobility-dependency-currency", "fingerprint": "a802dce58b43917520e6d4d064090a323d9ce381cdbd3bd1128561b2b91fffb4", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|a802dce58b43917520e6d4d064090a323d9ce381cdbd3bd1128561b2b91fffb4", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `Swatinem/rust-cache@v2` is minor version(s) behind (latest v2.9.1)"}, "properties": {"repobilityId": 110969, "scanner": "repobility-dependency-currency", "fingerprint": "fbb5fbd4fa183454a8b77ab671cc9a7b59ddfdf79f1701660ea140e413bfbb30", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "Swatinem/rust-cache", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.9.1", "correlation_key": "fp|fbb5fbd4fa183454a8b77ab671cc9a7b59ddfdf79f1701660ea140e413bfbb30", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 108}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 110965, "scanner": "repobility-dependency-currency", "fingerprint": "7870a398ca4b614afd025c984c12cec01dd9900b7a89fe15e024efc592ed9040", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|7870a398ca4b614afd025c984c12cec01dd9900b7a89fe15e024efc592ed9040", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 83}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 110961, "scanner": "repobility-dependency-currency", "fingerprint": "f13efa7fb0b2ea00a385ff34e551333af9ffb428bafd3eab9a9413b3c2b2e680", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|f13efa7fb0b2ea00a385ff34e551333af9ffb428bafd3eab9a9413b3c2b2e680", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `orhun/git-cliff-action@v4` is minor version(s) behind (latest v4.8.0)"}, "properties": {"repobilityId": 110956, "scanner": "repobility-dependency-currency", "fingerprint": "4e7e58eafc6ddfe41a56fcad6381f8f55d1635a68cbede69240c60cca8b68728", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "orhun/git-cliff-action", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v4.8.0", "correlation_key": "fp|4e7e58eafc6ddfe41a56fcad6381f8f55d1635a68cbede69240c60cca8b68728", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/release.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `Swatinem/rust-cache@v2` is minor version(s) behind (latest v2.9.1)"}, "properties": {"repobilityId": 110954, "scanner": "repobility-dependency-currency", "fingerprint": "9042627e4dcf7dc57be15fc4f353f47c90ed319ccdb39648b2eda4d18a1e8263", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "Swatinem/rust-cache", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.9.1", "correlation_key": "fp|9042627e4dcf7dc57be15fc4f353f47c90ed319ccdb39648b2eda4d18a1e8263", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/format.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions-rs/audit-check@v1` is minor version(s) behind (latest v1.2.0)"}, "properties": {"repobilityId": 110952, "scanner": "repobility-dependency-currency", "fingerprint": "db4238130c1b0d1ddc25ec0f904636280a0f0ba4d4160b3985c18158f8e5f89a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions-rs/audit-check", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v1.2.0", "correlation_key": "fp|db4238130c1b0d1ddc25ec0f904636280a0f0ba4d4160b3985c18158f8e5f89a", "current_version": "v1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/audit.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `Swatinem/rust-cache@v2` is minor version(s) behind (latest v2.9.1)"}, "properties": {"repobilityId": 110950, "scanner": "repobility-dependency-currency", "fingerprint": "83b3421de6a55f3a82ee04969ed7024375df5aa2c289ab5f2aa35ea00c722190", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "Swatinem/rust-cache", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.9.1", "correlation_key": "fp|83b3421de6a55f3a82ee04969ed7024375df5aa2c289ab5f2aa35ea00c722190", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/lint.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6adc10c9d06ce0acbbf46a7f2320a4bde59b3e457ee67fca3fb9c2b208edee78", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/log-level-selector.tsx", "duplicate_line": 46, "correlation_key": "fp|6adc10c9d06ce0acbbf46a7f2320a4bde59b3e457ee67fca3fb9c2b208edee78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/tray-menu-mode.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b7ed7a162101e5c3f98734523a434d3b174c43f769557a6bd6a6971a336cdbd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/log-level-selector.tsx", "duplicate_line": 46, "correlation_key": "fp|6b7ed7a162101e5c3f98734523a434d3b174c43f769557a6bd6a6971a336cdbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/tray-menu-close-behavior.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb7e94e7f6d9b580652a09a671f55935c98f853d9515c73917b16908b5e0696c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/break-when-mode-change-switch.tsx", "duplicate_line": 3, "correlation_key": "fp|eb7e94e7f6d9b580652a09a671f55935c98f853d9515c73917b16908b5e0696c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/enable-builtin-enhanced-switch.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9a775500faa3f2db3eb3a308a7c149300789b56bacc508ef76cf734dd3242c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/break-when-mode-change-switch.tsx", "duplicate_line": 3, "correlation_key": "fp|d9a775500faa3f2db3eb3a308a7c149300789b56bacc508ef76cf734dd3242c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/break-when-proxy-change-switch.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "882c3da5cdf3a2ec60de5e6757d4310f89cde54146251aad10f440f44ebb5f48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/break-when-mode-change-switch.tsx", "duplicate_line": 3, "correlation_key": "fp|882c3da5cdf3a2ec60de5e6757d4310f89cde54146251aad10f440f44ebb5f48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/nyanpasu/_modules/break-when-profile-change-switch.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fdbdb1c66e2a1f9d17f9997c7eb03e316adbb2815a254e2e0fabbfd54c12b7ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/detail/_modules/chian-editor-card.tsx", "duplicate_line": 200, "correlation_key": "fp|fdbdb1c66e2a1f9d17f9997c7eb03e316adbb2815a254e2e0fabbfd54c12b7ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/clash/_modules/core-manager-card.tsx"}, "region": {"startLine": 310}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f5bb0744fdf49c76d4dcec323bf65f555276ad17bd3244fa7fd29f0ecdebb56", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/providers/_modules/providers-title.tsx", "duplicate_line": 25, "correlation_key": "fp|3f5bb0744fdf49c76d4dcec323bf65f555276ad17bd3244fa7fd29f0ecdebb56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/_modules/settings-title.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19f55292a51e1fa14f34aabb79eb242d64e53eb928e9a1a5f64fe6fbdab5376f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/connections/route.tsx", "duplicate_line": 3, "correlation_key": "fp|19f55292a51e1fa14f34aabb79eb242d64e53eb928e9a1a5f64fe6fbdab5376f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/rules/route.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6456f7009515b128e09407af7239d06f1524220d1fd818455097cdfc1f1691ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/providers/proxies/_modules/info-card.tsx", "duplicate_line": 22, "correlation_key": "fp|6456f7009515b128e09407af7239d06f1524220d1fd818455097cdfc1f1691ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/providers/rules/_modules/info-card.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "329f4711d48b091aac1487679b6d48b524e5f1d4a58fe393c2fd234fc78f5d97", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/components/ui/animated-item.tsx", "duplicate_line": 5, "correlation_key": "fp|329f4711d48b091aac1487679b6d48b524e5f1d4a58fe393c2fd234fc78f5d97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/_modules/error-item.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49138a4043227138ac66e67b59ce65b7c96ca56ca47ca6749daa5ef78f30c0b9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/detail/_modules/profile-name-editor.tsx", "duplicate_line": 59, "correlation_key": "fp|49138a4043227138ac66e67b59ce65b7c96ca56ca47ca6749daa5ef78f30c0b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/detail/_modules/update-option-editor.tsx"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34041a4569f7956236f9620f0008233407f5c27641dfe9ff3cf352363b0ba1b9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/detail/_modules/profile-name-editor.tsx", "duplicate_line": 59, "correlation_key": "fp|34041a4569f7956236f9620f0008233407f5c27641dfe9ff3cf352363b0ba1b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/detail/_modules/subscription-url-editor.tsx"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "591d1aabb4f162d08e2ee012cf9eeda10d9de4c14278c909b44e684fde760323", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/_modules/local-profile-button.tsx", "duplicate_line": 165, "correlation_key": "fp|591d1aabb4f162d08e2ee012cf9eeda10d9de4c14278c909b44e684fde760323"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/_modules/remote-profile-button.tsx"}, "region": {"startLine": 151}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5d1df8ed24683c384656b1f524de7b66d5a96580a72d60e2bd854ab1ee84784", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/_modules/chain-profile-import.tsx", "duplicate_line": 85, "correlation_key": "fp|a5d1df8ed24683c384656b1f524de7b66d5a96580a72d60e2bd854ab1ee84784"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/_modules/remote-profile-button.tsx"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17d1fa3071ae6818addde61f5dde24c7bec1a66b8d6b545e17edee3e780ada96", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/_modules/chain-profile-import.tsx", "duplicate_line": 85, "correlation_key": "fp|17d1fa3071ae6818addde61f5dde24c7bec1a66b8d6b545e17edee3e780ada96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/_modules/local-profile-button.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f427c313ee5cc3740df4229c50421a6241e61599e29fc3840ee12329776f31af", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/pages/(main)/main/connections/route.tsx", "duplicate_line": 6, "correlation_key": "fp|f427c313ee5cc3740df4229c50421a6241e61599e29fc3840ee12329776f31af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/logs/route.tsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3649bc6296beef087ab9685007fde55c888beff183c31d839b773a8e3ade59b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/components/ui/dnd-grid/dnd-grid-item.tsx", "duplicate_line": 72, "correlation_key": "fp|e3649bc6296beef087ab9685007fde55c888beff183c31d839b773a8e3ade59b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/dashboard/_modules/widget-item.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9db82021b5d21bafeef2333f3d84f2cb9d3ee1f9a1a60cf2e54470165d63640b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/components/ui/input.tsx", "duplicate_line": 14, "correlation_key": "fp|9db82021b5d21bafeef2333f3d84f2cb9d3ee1f9a1a60cf2e54470165d63640b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/ui/select.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25564cb898aa57c0c3b8c3160395a9032a1a498574a231649067a73e7b190656", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/nyanpasu/src/components/ui/context-menu.tsx", "duplicate_line": 5, "correlation_key": "fp|25564cb898aa57c0c3b8c3160395a9032a1a498574a231649067a73e7b190656"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/ui/dropdown-menu.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2914ff6a549c4036632507987f36fd7d371fda51fa0211adb5bf3bec252f408a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/interface/src/ipc/use-clash-connections.ts", "duplicate_line": 24, "correlation_key": "fp|2914ff6a549c4036632507987f36fd7d371fda51fa0211adb5bf3bec252f408a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/service/types.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b6670ec82079896ffa5c8a237607e7cd99732bde3410b0b35abf5453f294234", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/tauri/src/utils/resolve.rs", "duplicate_line": 51, "correlation_key": "fp|3b6670ec82079896ffa5c8a237607e7cd99732bde3410b0b35abf5453f294234"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/window.rs"}, "region": {"startLine": 658}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f16ef227351d602c45f3b196e73d2a371e1f8cde14ec9d12e6a56056aa0896d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/tauri/src/core/pac.rs", "duplicate_line": 113, "correlation_key": "fp|2f16ef227351d602c45f3b196e73d2a371e1f8cde14ec9d12e6a56056aa0896d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/sysopt.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5775c45fa9d490c3112083e39eb670da22c3595d6a51a7117e7ba6b179601d34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/tauri/src/config/draft.rs", "duplicate_line": 73, "correlation_key": "fp|5775c45fa9d490c3112083e39eb670da22c3595d6a51a7117e7ba6b179601d34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/state.rs"}, "region": {"startLine": 146}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4ed7c5857ed9ed9b5f217b8e91434a216908863d8b680ed38c90e62766352b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/tauri/src/core/migration/units/unit_160.rs", "duplicate_line": 158, "correlation_key": "fp|e4ed7c5857ed9ed9b5f217b8e91434a216908863d8b680ed38c90e62766352b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/migration/units/unit_200.rs"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ff68cec10a5c48b13620942bf3d0bc334bb3ca7468784623593c7a69bfe3b5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/nyanpasu-egui/src/widget/network_statistic_large.rs", "duplicate_line": 40, "correlation_key": "fp|9ff68cec10a5c48b13620942bf3d0bc334bb3ca7468784623593c7a69bfe3b5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/src/widget/network_statistic_small.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51c14fea80a5cf6862713cef07a3be806a3302dfc8db0058a9cc9e532f694fc4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/nyanpasu-core/src/state/manager/persistent_state.rs", "duplicate_line": 45, "correlation_key": "fp|51c14fea80a5cf6862713cef07a3be806a3302dfc8db0058a9cc9e532f694fc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/weak_persistent_state.rs"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110897, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4550b8a63676a80f2e8dbc214f6f4811d8f8bb45ffa819adbdcb25be23e03010", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/nyanpasu-core/src/state/manager/persistent_builder.rs", "duplicate_line": 1, "correlation_key": "fp|4550b8a63676a80f2e8dbc214f6f4811d8f8bb45ffa819adbdcb25be23e03010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/weak_persistent_state.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb29014d76dadb65b214089becd53b4ace5612087e3e7326582f14c9276804a6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/nyanpasu-core/src/state/manager/persistent_state.rs", "duplicate_line": 189, "correlation_key": "fp|eb29014d76dadb65b214089becd53b4ace5612087e3e7326582f14c9276804a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/simple.rs"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3188a5a0f8b6710c2e43ae6c3c8f3a5e02e908a6c6cd11e6c91e9b2334c3801d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/nyanpasu-core/src/state/manager/persistent_builder.rs", "duplicate_line": 258, "correlation_key": "fp|3188a5a0f8b6710c2e43ae6c3c8f3a5e02e908a6c6cd11e6c91e9b2334c3801d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/simple.rs"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 110894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "13214647901d03305ea5465b49fc96b9e39ba1b0493b2d213eb8f8d7be9e772f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/nyanpasu-core/src/state/manager/persistent_builder.rs", "duplicate_line": 1, "correlation_key": "fp|13214647901d03305ea5465b49fc96b9e39ba1b0493b2d213eb8f8d7be9e772f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/persistent_state.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 110893, "scanner": "repobility-ai-code-hygiene", "fingerprint": "43427f8f7d8baf8fdda000171e826c6ad17c22d65bc02eeb696d2ee2c080f00e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|43427f8f7d8baf8fdda000171e826c6ad17c22d65bc02eeb696d2ee2c080f00e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/providers/_modules/use-rules-provider-update.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 110892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "becf0694ca0c3d8cb6c01a402aaad52caa65e2b4e6a39bc16b6cde10916de31c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|becf0694ca0c3d8cb6c01a402aaad52caa65e2b4e6a39bc16b6cde10916de31c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/providers/_modules/use-proxies-provider-update.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 110891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca1902aa493508d6679edccd0f06c72fa54de668aa123dc5d510c3f3ed6e025c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ca1902aa493508d6679edccd0f06c72fa54de668aa123dc5d510c3f3ed6e025c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-macro/src/builder_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED088", "level": "none", "message": {"text": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks."}, "properties": {"repobilityId": 111032, "scanner": "repobility-threat-engine", "fingerprint": "1c5311fb71eafd7ccf30979856746a8dcce54cb9d3ffa288935cb26b92ba3af3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-conditional-hook", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348143+00:00", "triaged_in_corpus": 20, "observations_count": 600, "ai_coder_pattern_id": 139}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c5311fb71eafd7ccf30979856746a8dcce54cb9d3ffa288935cb26b92ba3af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/utils/get-strict-context.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 111031, "scanner": "repobility-threat-engine", "fingerprint": "17166292c11a1b8f13c0b71c3e946254b0e47a13302159094a14fa381b6184b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17166292c11a1b8f13c0b71c3e946254b0e47a13302159094a14fa381b6184b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/system/_modules/system-service-ctrl.tsx"}, "region": {"startLine": 214}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 111030, "scanner": "repobility-threat-engine", "fingerprint": "55517ef644e00050914571d81ced5039cf1193fb364b043a4e658428174b6601", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|frontend/nyanpasu/src/pages/ main /main/dashboard/index.tsx|181|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/dashboard/index.tsx"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 111025, "scanner": "repobility-threat-engine", "fingerprint": "53d0d55f0ce05bf89db2db74d074a0af0d2e2f55e7abb4083cb8de8c90e785f6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|53d0d55f0ce05bf89db2db74d074a0af0d2e2f55e7abb4083cb8de8c90e785f6", "aggregated_count": 7}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 111024, "scanner": "repobility-threat-engine", "fingerprint": "9e4bdba49d2c3006fdef11ac944682681de5af5074fa2ff730f222c56c24466c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e4bdba49d2c3006fdef11ac944682681de5af5074fa2ff730f222c56c24466c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/profiles/$type/detail/_modules/action-card.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 111023, "scanner": "repobility-threat-engine", "fingerprint": "ee35189ef451049bb5df29696400018fba66d8273abb75c5f640a02619529856", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee35189ef451049bb5df29696400018fba66d8273abb75c5f640a02619529856"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/ui/segmented-button.tsx"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 111022, "scanner": "repobility-threat-engine", "fingerprint": "d29e8b431643da5ed87fc1e973f4ea4522eeeca9935baf73ad8a47ffa9965e4c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d29e8b431643da5ed87fc1e973f4ea4522eeeca9935baf73ad8a47ffa9965e4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/ui/scroll-area.tsx"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 111021, "scanner": "repobility-threat-engine", "fingerprint": "e3388b234273f4a2e74e16f8adc875a3f1486e18f190fcdf1616eb27c8e71c32", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e3388b234273f4a2e74e16f8adc875a3f1486e18f190fcdf1616eb27c8e71c32", "aggregated_count": 1}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 111020, "scanner": "repobility-threat-engine", "fingerprint": "73c5f9330d4f2666714d72e77d89b4e6ff5e4ba34abc87192cbe89ccf98fafca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73c5f9330d4f2666714d72e77d89b4e6ff5e4ba34abc87192cbe89ccf98fafca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/system/_modules/current-system-proxy.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 111019, "scanner": "repobility-threat-engine", "fingerprint": "59a7fc788fd5b92fcb1fadcf3aa7ac1725163faaffd6a12a13a7ecdddabaf8aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|59a7fc788fd5b92fcb1fadcf3aa7ac1725163faaffd6a12a13a7ecdddabaf8aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/settings/clash/_modules/field-filter-card.tsx"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 111018, "scanner": "repobility-threat-engine", "fingerprint": "eb350c1246d9fef35ae66cb6f2b992982061b797a2e7129d4270cc1f46e01282", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb350c1246d9fef35ae66cb6f2b992982061b797a2e7129d4270cc1f46e01282"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/ui/highlight-text.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 111017, "scanner": "repobility-threat-engine", "fingerprint": "86fe91b2f0a6d2fcf51720285215f86453dce4818a8b1268c0ad7845c98b0f4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|86fe91b2f0a6d2fcf51720285215f86453dce4818a8b1268c0ad7845c98b0f4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/vite.config.ts"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 111016, "scanner": "repobility-threat-engine", "fingerprint": "e22d98f3831d1097df1e672a42688d81e5b279dde4ad97f616332f555fc0a3a3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e22d98f3831d1097df1e672a42688d81e5b279dde4ad97f616332f555fc0a3a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/router/animated-outlet.tsx"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 111015, "scanner": "repobility-threat-engine", "fingerprint": "6a53297f8be5cf581d525bdbd6937c63e155a57cbe50c0988271a3fb63332dc3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a53297f8be5cf581d525bdbd6937c63e155a57cbe50c0988271a3fb63332dc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/utils/index.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 111014, "scanner": "repobility-threat-engine", "fingerprint": "8c16c201a10fb41d8f163b2cfb7cdd90e2bbe3343e16c0389371f21954fcade4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c16c201a10fb41d8f163b2cfb7cdd90e2bbe3343e16c0389371f21954fcade4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/main/connections/_modules/table-row.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 111013, "scanner": "repobility-threat-engine", "fingerprint": "11da14b5dc5afc3153346d215a3303f3146e94ea8dbb01b00f62349cef8e3f11", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|11da14b5dc5afc3153346d215a3303f3146e94ea8dbb01b00f62349cef8e3f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/components/primitives/animate/slot.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 111012, "scanner": "repobility-threat-engine", "fingerprint": "92af23c733d01113d9820522ca2cfa5d65ce72571508b92f9b7aad61dd38be34", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|92af23c733d01113d9820522ca2cfa5d65ce72571508b92f9b7aad61dd38be34", "aggregated_count": 19}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 111011, "scanner": "repobility-threat-engine", "fingerprint": "63363d7639ccf01f8b6d9efbc3d442b0233702a9b816674217295f5d2671847a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|63363d7639ccf01f8b6d9efbc3d442b0233702a9b816674217295f5d2671847a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/provider/clash-ws-provider.tsx"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 111010, "scanner": "repobility-threat-engine", "fingerprint": "a2b70750c59465babac6ecd84a7661dc87fccad5445235fda2ade01b5fc5b100", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2b70750c59465babac6ecd84a7661dc87fccad5445235fda2ade01b5fc5b100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/ipc/use-clash-cores.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 111009, "scanner": "repobility-threat-engine", "fingerprint": "8a30507737ddecd174d7957e4ad3f208e36618fc6eba504cc7cbd43602ef20b4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a30507737ddecd174d7957e4ad3f208e36618fc6eba504cc7cbd43602ef20b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/hooks/use-kv-storage.ts"}, "region": {"startLine": 180}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 111008, "scanner": "repobility-threat-engine", "fingerprint": "7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111002, "scanner": "repobility-threat-engine", "fingerprint": "2a7cd8e0b204f8f359580038eddbe3bd1feab6913efea8337386f00db887f2a9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a7cd8e0b204f8f359580038eddbe3bd1feab6913efea8337386f00db887f2a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/utils/config.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111001, "scanner": "repobility-threat-engine", "fingerprint": "d50377a4dcdbe195cf1dfb0691e2a2c23816d847c9c30f3ddecf65b998d89a77", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d50377a4dcdbe195cf1dfb0691e2a2c23816d847c9c30f3ddecf65b998d89a77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/download/mod.rs"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 111000, "scanner": "repobility-threat-engine", "fingerprint": "68ac75991db229f74ff88c1b4609075e006b543b2a16d62ed599d3ce2ce8bea0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68ac75991db229f74ff88c1b4609075e006b543b2a16d62ed599d3ce2ce8bea0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/download/adapter.rs"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 110998, "scanner": "repobility-threat-engine", "fingerprint": "ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee"}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 110994, "scanner": "repobility-threat-engine", "fingerprint": "31cfe034f7d93b016997e51d1d01d0ffe0ab1f2b5cee2c8edd914a92a3c53c4c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|31cfe034f7d93b016997e51d1d01d0ffe0ab1f2b5cee2c8edd914a92a3c53c4c", "aggregated_count": 6}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 110993, "scanner": "repobility-threat-engine", "fingerprint": "2d4b9a734d96f67d14a80a295d0b4fa998cb587e1b4fe6830aa76f6695c2bb09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d4b9a734d96f67d14a80a295d0b4fa998cb587e1b4fe6830aa76f6695c2bb09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/src/windows.rs"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 110992, "scanner": "repobility-threat-engine", "fingerprint": "485c090834871541ff7ecf277f56421384df7e843853c3f1d292e1b5c15acdf6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|485c090834871541ff7ecf277f56421384df7e843853c3f1d292e1b5c15acdf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/src/macos.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 110991, "scanner": "repobility-threat-engine", "fingerprint": "583d043597d2a682415ddfeddaebecbcc06d194f8c33e501fdddbc06266c5935", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|583d043597d2a682415ddfeddaebecbcc06d194f8c33e501fdddbc06266c5935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/src/widget/mod.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 110990, "scanner": "repobility-threat-engine", "fingerprint": "9a22336672f8eb2fb76d4ab7671c851ff41a605bfb058736772199ac2ea0f56e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9a22336672f8eb2fb76d4ab7671c851ff41a605bfb058736772199ac2ea0f56e", "aggregated_count": 3}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 110989, "scanner": "repobility-threat-engine", "fingerprint": "a6b4234a5646a59613ea1c707ec6b5727744527b93852d8fdd468155bee00663", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6b4234a5646a59613ea1c707ec6b5727744527b93852d8fdd468155bee00663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/simple.rs"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 110988, "scanner": "repobility-threat-engine", "fingerprint": "abc64947f495c2e64076645e8c0287573c6663569e0f5ecc519aed739c324077", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|abc64947f495c2e64076645e8c0287573c6663569e0f5ecc519aed739c324077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/boa_utils/src/module/http.rs"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 110987, "scanner": "repobility-threat-engine", "fingerprint": "5005b846d57c3e3e672ca2d4a290fc98fbaa3eb76ecb38b0cf97c43b6a89aa91", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5005b846d57c3e3e672ca2d4a290fc98fbaa3eb76ecb38b0cf97c43b6a89aa91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/boa_utils/src/module/builtin.rs"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 110986, "scanner": "repobility-threat-engine", "fingerprint": "c02a4a766acbef3e257bb917cb5e1b5547c74e92e36f0b500971fcac1bb9ebf2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c02a4a766acbef3e257bb917cb5e1b5547c74e92e36f0b500971fcac1bb9ebf2", "aggregated_count": 11}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 110985, "scanner": "repobility-threat-engine", "fingerprint": "c91f93127cd57c51bb1637165e6755ae9f2cb5ced60ada93a0d040f1b30ed206", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c91f93127cd57c51bb1637165e6755ae9f2cb5ced60ada93a0d040f1b30ed206"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/example/main.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 110984, "scanner": "repobility-threat-engine", "fingerprint": "96a4f23e3a1f7a22cf6fd83663d4a1d06cb76762a3e7b20496bc185d602c5d95", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96a4f23e3a1f7a22cf6fd83663d4a1d06cb76762a3e7b20496bc185d602c5d95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/version.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 110983, "scanner": "repobility-threat-engine", "fingerprint": "4dd8461e2d4c03d4e9dba731dc69f7d6c01edd1a6fd473aa279cd5a6bdfb7993", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4dd8461e2d4c03d4e9dba731dc69f7d6c01edd1a6fd473aa279cd5a6bdfb7993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/boa_utils/src/module/http.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 110982, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 54 more): Same pattern found in 54 additional files. Review if needed."}, "properties": {"repobilityId": 110978, "scanner": "repobility-threat-engine", "fingerprint": "d3b6a06eecf2d695b7b084ce8a1491d13df74923e8eedcd831d4da71856cc6ab", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 54 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d3b6a06eecf2d695b7b084ce8a1491d13df74923e8eedcd831d4da71856cc6ab", "aggregated_count": 54}}}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `pnpm/action-setup@v6` is patch version(s) behind (latest v6.0.8)"}, "properties": {"repobilityId": 110973, "scanner": "repobility-dependency-currency", "fingerprint": "3546a548705d09521793eb02ffa7229464e73402b23e7d35b18911d15646bc55", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "pnpm/action-setup", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.8", "correlation_key": "fp|3546a548705d09521793eb02ffa7229464e73402b23e7d35b18911d15646bc55", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110971, "scanner": "repobility-dependency-currency", "fingerprint": "8e88de152028d026b1ff74b22b6c20703189b18f7781e57bc13bb25328c05c60", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|8e88de152028d026b1ff74b22b6c20703189b18f7781e57bc13bb25328c05c60", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/upload-artifact@v7` is patch version(s) behind (latest v7.0.1)"}, "properties": {"repobilityId": 110970, "scanner": "repobility-dependency-currency", "fingerprint": "4b96016e532fbffa8d1d2de4b4dd83fa03cec9417bc0a8e8d5379a2bad9ef964", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/upload-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.1", "correlation_key": "fp|4b96016e532fbffa8d1d2de4b4dd83fa03cec9417bc0a8e8d5379a2bad9ef964", "current_version": "v7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 229}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/cache@v5` is patch version(s) behind (latest v5.0.5)"}, "properties": {"repobilityId": 110968, "scanner": "repobility-dependency-currency", "fingerprint": "e6f22e187fadd6db2dca57bfc1ba9647e4d4139d1922539896a520026cb9f86e", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/cache", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v5.0.5", "correlation_key": "fp|e6f22e187fadd6db2dca57bfc1ba9647e4d4139d1922539896a520026cb9f86e", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 100}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `denoland/setup-deno@v2` is patch version(s) behind (latest v2.0.4)"}, "properties": {"repobilityId": 110967, "scanner": "repobility-dependency-currency", "fingerprint": "0a2a8396eada6072b3be704c3aabb3430d265c26f107408f7caa525201597b17", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "denoland/setup-deno", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.0.4", "correlation_key": "fp|0a2a8396eada6072b3be704c3aabb3430d265c26f107408f7caa525201597b17", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 91}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `pnpm/action-setup@v6` is patch version(s) behind (latest v6.0.8)"}, "properties": {"repobilityId": 110966, "scanner": "repobility-dependency-currency", "fingerprint": "dbbbd5f2b1fea5a9f7e0088ffdea68b4eebe2ed0a8c2d9fb1b26cdc5fbff4932", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "pnpm/action-setup", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.8", "correlation_key": "fp|dbbbd5f2b1fea5a9f7e0088ffdea68b4eebe2ed0a8c2d9fb1b26cdc5fbff4932", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 86}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110964, "scanner": "repobility-dependency-currency", "fingerprint": "9a0b16947b1b3236c8c7b7e5e0209dd15dc59d6e357476345b07110f558714ff", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|9a0b16947b1b3236c8c7b7e5e0209dd15dc59d6e357476345b07110f558714ff", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/download-artifact@v8` is patch version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 110963, "scanner": "repobility-dependency-currency", "fingerprint": "ea33890d238c6e7b8260621ed02efd3e65680bb1151900abb1eff1a2e5f5960d", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|ea33890d238c6e7b8260621ed02efd3e65680bb1151900abb1eff1a2e5f5960d", "current_version": "v8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `denoland/setup-deno@v2` is patch version(s) behind (latest v2.0.4)"}, "properties": {"repobilityId": 110962, "scanner": "repobility-dependency-currency", "fingerprint": "fd59523c5c1e5700ea1c148c41ee772c6abd4f5274efdda07d163a926fdcf5af", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "denoland/setup-deno", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.0.4", "correlation_key": "fp|fd59523c5c1e5700ea1c148c41ee772c6abd4f5274efdda07d163a926fdcf5af", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 43}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110960, "scanner": "repobility-dependency-currency", "fingerprint": "cb8e96aac3f061f45dcd5e58b50a1531ca4ab8edd6b7069c77dc5fc5f6f55e30", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|cb8e96aac3f061f45dcd5e58b50a1531ca4ab8edd6b7069c77dc5fc5f6f55e30", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 38}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110959, "scanner": "repobility-dependency-currency", "fingerprint": "18b5466985fa8aad1040da4bf64f568500a12d071ea90aeba23be95e7c4a2ce2", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|18b5466985fa8aad1040da4bf64f568500a12d071ea90aeba23be95e7c4a2ce2", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-delete-releases.yaml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/download-artifact@v8` is patch version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 110958, "scanner": "repobility-dependency-currency", "fingerprint": "c7d8bfa7f5d9119e39b302e45beb2c55b0fd7f99f710f1ace42baafcd6fd1fb3", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|c7d8bfa7f5d9119e39b302e45beb2c55b0fd7f99f710f1ace42baafcd6fd1fb3", "current_version": "v8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-upload-release-assets.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110957, "scanner": "repobility-dependency-currency", "fingerprint": "918c266561e46a9eb4f09aca2203628bdf36da02de269c6ad882da25f1ebc18e", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|918c266561e46a9eb4f09aca2203628bdf36da02de269c6ad882da25f1ebc18e", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-upload-release-assets.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110955, "scanner": "repobility-dependency-currency", "fingerprint": "35af64547d36ee9505f8935282a20c72f5d17ffe5f7141888a80d2b0703a203c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|35af64547d36ee9505f8935282a20c72f5d17ffe5f7141888a80d2b0703a203c", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110953, "scanner": "repobility-dependency-currency", "fingerprint": "eb8dbdadb23765db5e946ff959031730b8bfa86322c7f91d515fba46047f0f9f", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|eb8dbdadb23765db5e946ff959031730b8bfa86322c7f91d515fba46047f0f9f", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/format.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110951, "scanner": "repobility-dependency-currency", "fingerprint": "be1595a0a4ca56e1b6fa4c66b00c86a2f597183c4ede2702a7341fd48b130364", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|be1595a0a4ca56e1b6fa4c66b00c86a2f597183c4ede2702a7341fd48b130364", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/audit.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 110949, "scanner": "repobility-dependency-currency", "fingerprint": "f6d1aa1552c07211bd2f7c14a3ff92b7c834d0c29941f68c6c062e84d03394b2", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|f6d1aa1552c07211bd2f7c14a3ff92b7c834d0c29941f68c6c062e84d03394b2", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/lint.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 111112, "scanner": "osv-scanner", "fingerprint": "85237a582679ce02ed5374b4c960bb9330e68d29c31080114a7ec45740887db3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 111110, "scanner": "osv-scanner", "fingerprint": "a3dd2390244022d96de63689cdd673fb906d1165f495d6a42a0980e956db632d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 111108, "scanner": "osv-scanner", "fingerprint": "c3482c8b051b710219b686b962c8edfcc83babb0e1e54a2b470ae7782dd0b574", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 111107, "scanner": "osv-scanner", "fingerprint": "2fd5e24a94dfd2116cfc5d9aeb4e4f584669c9b76d1795010331a7b69b3682a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 111106, "scanner": "osv-scanner", "fingerprint": "af7663e4c51288986bfb4927d06e33aa650fed364bb14d31804c3d4da5638193", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pv5w-4p9q-p3v2", "level": "error", "message": {"text": "kysely: GHSA-pv5w-4p9q-p3v2"}, "properties": {"repobilityId": 111104, "scanner": "osv-scanner", "fingerprint": "b053937a8e3478e3ddd86cc4d027bbb69f8b472d2fa9ddea3c2b54c51df1da01", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44635"], "package": "kysely", "rule_id": "GHSA-pv5w-4p9q-p3v2", "scanner": "osv-scanner", "correlation_key": "vuln|kysely|CVE-2026-44635|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qjx8-664m-686j", "level": "error", "message": {"text": "js-cookie: GHSA-qjx8-664m-686j"}, "properties": {"repobilityId": 111103, "scanner": "osv-scanner", "fingerprint": "b6a964729a27af4aca2dabfe78855d09e7c52d0b76e1d0eeaa9032e7bc58fa6d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46625"], "package": "js-cookie", "rule_id": "GHSA-qjx8-664m-686j", "scanner": "osv-scanner", "correlation_key": "vuln|js-cookie|CVE-2026-46625|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 111102, "scanner": "osv-scanner", "fingerprint": "757ca37fe4ebddf5cdaa5c162265d6a31d93aef1fb513c46093294c58d5112ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 111101, "scanner": "osv-scanner", "fingerprint": "25bb35258c39d7fb16dad079b84e7a9b4b5253e8dee49c1760d88494d1e449a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 111088, "scanner": "osv-scanner", "fingerprint": "f1078bbfe44428500bcd02a727d3a51ea170dc366d6235b932a855c4da65c8a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2baedb1f6692855ff9c436e12665fab022f1c53169c3548101fa39e6d1f501f4", "f1078bbfe44428500bcd02a727d3a51ea170dc366d6235b932a855c4da65c8a6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 111087, "scanner": "osv-scanner", "fingerprint": "d66278c4f8882ebe1653617bc5265bcb869d45027ec284e359ea8a473e7d2afc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["b7e345a82a580a56f8fca67c998849abfc144627bcdbc78d1fe1dc51c9c0cbbf", "d66278c4f8882ebe1653617bc5265bcb869d45027ec284e359ea8a473e7d2afc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 111086, "scanner": "osv-scanner", "fingerprint": "9aa28ed12d1ed047e7dce91a0d8f52694351fafcb2e036a65e037db68cab8135", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9aa28ed12d1ed047e7dce91a0d8f52694351fafcb2e036a65e037db68cab8135", "da95c15b221e079e260ddd72be7417dd0c27ff860129e45ba55bdb62b2901de5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0049", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "properties": {"repobilityId": 111085, "scanner": "osv-scanner", "fingerprint": "3843afae2ac404abb2611fad5bab321736db1b463610c1c5088eba5faacb6143", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-pwjx-qhcg-rvj4"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0049", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-PWJX-QHCG-RVJ4|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pwjx-qhcg-rvj4", "RUSTSEC-2026-0049"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3465dcbd9ee662659b22b0d336a0bf2382647b489db91747272f5a6888bc182f", "3843afae2ac404abb2611fad5bab321736db1b463610c1c5088eba5faacb6143"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0399", "level": "error", "message": {"text": "rustls: RUSTSEC-2024-0399"}, "properties": {"repobilityId": 111084, "scanner": "osv-scanner", "fingerprint": "0778ed46b608b1123f799074fdc25f72a217522201546f3774dc6bfc43e259eb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-11738", "GHSA-qg5g-gv98-5ffh"], "package": "rustls", "rule_id": "RUSTSEC-2024-0399", "scanner": "osv-scanner", "correlation_key": "vuln|rustls|CVE-2024-11738|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qg5g-gv98-5ffh", "RUSTSEC-2024-0399"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0778ed46b608b1123f799074fdc25f72a217522201546f3774dc6bfc43e259eb", "f6ace585e6f8edfcf9003149b955baf7e012e229e91a584c19c7d07a117ee087"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0009", "level": "error", "message": {"text": "ring: RUSTSEC-2025-0009"}, "properties": {"repobilityId": 111083, "scanner": "osv-scanner", "fingerprint": "ce2ea4cc5ad2f6f1db26ba73c9953f278164572752b451c40ccf8a4e9d5aa348", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-4432", "GHSA-4p46-pwfr-66x6", "GHSA-c86p-w88r-qvqr", "GO-2025-3678"], "package": "ring", "rule_id": "RUSTSEC-2025-0009", "scanner": "osv-scanner", "correlation_key": "vuln|ring|CVE-2025-4432|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-4p46-pwfr-66x6", "RUSTSEC-2025-0009"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["ce2ea4cc5ad2f6f1db26ba73c9953f278164572752b451c40ccf8a4e9d5aa348", "e1633fed67eba9ae1b2f82ffbfdad47101cf43219cf9a513612590b3b0cf83ba"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 111082, "scanner": "osv-scanner", "fingerprint": "da9c18d39306add29957cea47933ae222732a84955789117fdb3e56e29e39b93", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["da9c18d39306add29957cea47933ae222732a84955789117fdb3e56e29e39b93", "e40d3f82914420f1b9c2b45390a52fc11176f558cb9af3e165b310c843b2c340"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 111081, "scanner": "osv-scanner", "fingerprint": "5b06c798a1930ae3cd060d5b4a9ef02e30d50e3377a5d8880f52654cb0765860", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|5b06c798a1930ae3cd060d5b4a9ef02e30d50e3377a5d8880f52654cb0765860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0421", "level": "error", "message": {"text": "idna: RUSTSEC-2024-0421"}, "properties": {"repobilityId": 111080, "scanner": "osv-scanner", "fingerprint": "882187d1e5faa7d2df4b1ed22fe66f2fcba640c47f38b301c6dbb338262b1613", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-12224", "GHSA-h97m-ww89-6jmq"], "package": "idna", "rule_id": "RUSTSEC-2024-0421", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-12224|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-h97m-ww89-6jmq", "RUSTSEC-2024-0421"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["784744ea42e53a68537b1f5849f2e3b007e0df1f092be8b84aa01ba8f54f1d8e", "882187d1e5faa7d2df4b1ed22fe66f2fcba640c47f38b301c6dbb338262b1613"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0402", "level": "error", "message": {"text": "hashbrown: RUSTSEC-2024-0402"}, "properties": {"repobilityId": 111079, "scanner": "osv-scanner", "fingerprint": "77b6638fa5931d3e1994fde5840811906e5e40775ac2e59555e021e115448241", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-wwq9-3cpr-mm53"], "package": "hashbrown", "rule_id": "RUSTSEC-2024-0402", "scanner": "osv-scanner", "correlation_key": "vuln|hashbrown|GHSA-WWQ9-3CPR-MM53|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wwq9-3cpr-mm53", "RUSTSEC-2024-0402"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["77b6638fa5931d3e1994fde5840811906e5e40775ac2e59555e021e115448241", "d6ce7039142034fb1ab6542f58fa5c0b107ef539a9b264f69f1c876695dde416"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0007", "level": "error", "message": {"text": "bytes: RUSTSEC-2026-0007"}, "properties": {"repobilityId": 111078, "scanner": "osv-scanner", "fingerprint": "0ebbb307cc70c1d5b3bb3906796b180d5243e149c67e52aa0a586e10822d4512", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-25541", "GHSA-434x-w66g-qw3r"], "package": "bytes", "rule_id": "RUSTSEC-2026-0007", "scanner": "osv-scanner", "correlation_key": "vuln|bytes|CVE-2026-25541|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-434x-w66g-qw3r", "RUSTSEC-2026-0007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0ebbb307cc70c1d5b3bb3906796b180d5243e149c67e52aa0a586e10822d4512", "add7cb946d8d404f7015c590d124cea83aa603d6fe359d51e33ac761bdf03b0a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0056", "level": "error", "message": {"text": "adler: RUSTSEC-2025-0056"}, "properties": {"repobilityId": 111077, "scanner": "osv-scanner", "fingerprint": "8638138e8b0a05293f6a9e2b309dea0ec1684bb64e5e75af1d44a65648547f8b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "adler", "rule_id": "RUSTSEC-2025-0056", "scanner": "osv-scanner", "correlation_key": "fp|8638138e8b0a05293f6a9e2b309dea0ec1684bb64e5e75af1d44a65648547f8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-egui/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0098", "level": "error", "message": {"text": "unic-ucd-version: RUSTSEC-2025-0098"}, "properties": {"repobilityId": 111076, "scanner": "osv-scanner", "fingerprint": "2f31db6554e2ccdfb5e7d43c2380f67704883bf58e88095f83c368e6cc5f7131", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-ucd-version", "rule_id": "RUSTSEC-2025-0098", "scanner": "osv-scanner", "correlation_key": "fp|2f31db6554e2ccdfb5e7d43c2380f67704883bf58e88095f83c368e6cc5f7131"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0100", "level": "error", "message": {"text": "unic-ucd-ident: RUSTSEC-2025-0100"}, "properties": {"repobilityId": 111075, "scanner": "osv-scanner", "fingerprint": "c2f2133763500e394dca729a23afb2b476f54a172d62dc8990fdcd07c8648ae2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-ucd-ident", "rule_id": "RUSTSEC-2025-0100", "scanner": "osv-scanner", "correlation_key": "fp|c2f2133763500e394dca729a23afb2b476f54a172d62dc8990fdcd07c8648ae2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0080", "level": "error", "message": {"text": "unic-common: RUSTSEC-2025-0080"}, "properties": {"repobilityId": 111074, "scanner": "osv-scanner", "fingerprint": "abbc58a4b599a1e545020b0bde05682cec1b13457450307c610c82119ca634e7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-common", "rule_id": "RUSTSEC-2025-0080", "scanner": "osv-scanner", "correlation_key": "fp|abbc58a4b599a1e545020b0bde05682cec1b13457450307c610c82119ca634e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0075", "level": "error", "message": {"text": "unic-char-range: RUSTSEC-2025-0075"}, "properties": {"repobilityId": 111073, "scanner": "osv-scanner", "fingerprint": "cd2b4e06b9f6cf2c09eeeb19992657733b4d6043edab66a1abbf785ef78c6b61", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-char-range", "rule_id": "RUSTSEC-2025-0075", "scanner": "osv-scanner", "correlation_key": "fp|cd2b4e06b9f6cf2c09eeeb19992657733b4d6043edab66a1abbf785ef78c6b61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0081", "level": "error", "message": {"text": "unic-char-property: RUSTSEC-2025-0081"}, "properties": {"repobilityId": 111072, "scanner": "osv-scanner", "fingerprint": "e8f8013dad76ff555872054e1880ea02eec0cb51c6f94765579d3441ec6fc4a9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-char-property", "rule_id": "RUSTSEC-2025-0081", "scanner": "osv-scanner", "correlation_key": "fp|e8f8013dad76ff555872054e1880ea02eec0cb51c6f94765579d3441ec6fc4a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0103", "level": "error", "message": {"text": "thin-vec: RUSTSEC-2026-0103"}, "properties": {"repobilityId": 111071, "scanner": "osv-scanner", "fingerprint": "0c572b5d47a01d177412710d95b9fcf0b818ae297a80b93b4eee53f9b2d41aec", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-6654", "GHSA-xphw-cqx3-667j"], "package": "thin-vec", "rule_id": "RUSTSEC-2026-0103", "scanner": "osv-scanner", "correlation_key": "vuln|thin-vec|CVE-2026-6654|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xphw-cqx3-667j", "RUSTSEC-2026-0103"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0c572b5d47a01d177412710d95b9fcf0b818ae297a80b93b4eee53f9b2d41aec", "1243d7242d6dffa038f66faecef5524a0509ae13e686bfe5f0ecf23164c36171"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0068", "level": "error", "message": {"text": "tar: RUSTSEC-2026-0068"}, "properties": {"repobilityId": 111069, "scanner": "osv-scanner", "fingerprint": "bc9e2d5f91000eda8cab0fbfda22c698fb093e8e5d05efbcb011c1ca4be38b34", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33055", "GHSA-gchp-q4r4-x4ff"], "package": "tar", "rule_id": "RUSTSEC-2026-0068", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-33055|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-gchp-q4r4-x4ff", "RUSTSEC-2026-0068"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0ede7187c1dc104a9b94c7c233678af4ff3321ce5301025ddddd7621429a5676", "bc9e2d5f91000eda8cab0fbfda22c698fb093e8e5d05efbcb011c1ca4be38b34"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0067", "level": "error", "message": {"text": "tar: RUSTSEC-2026-0067"}, "properties": {"repobilityId": 111068, "scanner": "osv-scanner", "fingerprint": "f7b2ceae747cf76b9f8400fcb0652227f9e27d20004257b640798e40f95cc9dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33056", "GHSA-j4xf-2g29-59ph"], "package": "tar", "rule_id": "RUSTSEC-2026-0067", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-33056|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j4xf-2g29-59ph", "RUSTSEC-2026-0067"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["f6fbe3a2d648cf69086dac5755252f30d7f0140abf244872edad83f292fda639", "f7b2ceae747cf76b9f8400fcb0652227f9e27d20004257b640798e40f95cc9dc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 111067, "scanner": "osv-scanner", "fingerprint": "ac029ab18eb30cdc18b06bf5d7b38124c108bc0afb7bc12b5e0e45f2bad6e353", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2674effe2bef15c3d63d7224df6d5dc7706005e899e978d122a2de14c687f99e", "ac029ab18eb30cdc18b06bf5d7b38124c108bc0afb7bc12b5e0e45f2bad6e353"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 111066, "scanner": "osv-scanner", "fingerprint": "851854bc09eba84a9cadb5a80729f450d28c02f63fc2c622850d3ad506c084c8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["851854bc09eba84a9cadb5a80729f450d28c02f63fc2c622850d3ad506c084c8", "d10fd54f26913a71d84b9e0b42eb96639eb88f3dbbca3ec17500b5ab34b4ec80"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 111065, "scanner": "osv-scanner", "fingerprint": "c02e2815a4c4c51ec1bed2779ce937cf17fbba116538afb1f54594b748a29f27", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["c02e2815a4c4c51ec1bed2779ce937cf17fbba116538afb1f54594b748a29f27", "e3824c48d39a853f3576312f05efa8a3ea44e23ab48b9e405407ed099776126d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0049", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "properties": {"repobilityId": 111064, "scanner": "osv-scanner", "fingerprint": "705c9368bdbe0c6da6aa681a3628cfb8437e6dde0074e778f891a627dacfb436", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-pwjx-qhcg-rvj4"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0049", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-PWJX-QHCG-RVJ4|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pwjx-qhcg-rvj4", "RUSTSEC-2026-0049"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["705c9368bdbe0c6da6aa681a3628cfb8437e6dde0074e778f891a627dacfb436", "9af2537931d941f85ab4d9e2c78e1b7e4697331ea51a86110f4f7de87c035fd1"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 111063, "scanner": "osv-scanner", "fingerprint": "1471b16164e25973ee3d787d587d41a0d4b872c8bb0f31a2b1da55a83fe83924", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1471b16164e25973ee3d787d587d41a0d4b872c8bb0f31a2b1da55a83fe83924", "50fab06d075d75f2a9ae202d55e3fe97fc7835c4f4ed000144ce1c74ff7b4ef7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0037", "level": "error", "message": {"text": "quinn-proto: RUSTSEC-2026-0037"}, "properties": {"repobilityId": 111062, "scanner": "osv-scanner", "fingerprint": "cb24149f411da30a158f3711706bb36567f57419eb528e568c8e77ac368728a7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-31812", "GHSA-6xvm-j4wr-6v98"], "package": "quinn-proto", "rule_id": "RUSTSEC-2026-0037", "scanner": "osv-scanner", "correlation_key": "vuln|quinn-proto|CVE-2026-31812|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6xvm-j4wr-6v98", "RUSTSEC-2026-0037"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1f141570c40baaa83c734941d3aa2b22182e46fe114abd189c4a49a04b4dd37f", "cb24149f411da30a158f3711706bb36567f57419eb528e568c8e77ac368728a7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0370", "level": "error", "message": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "properties": {"repobilityId": 111061, "scanner": "osv-scanner", "fingerprint": "6eaef023c201a6d87b399387f69007ed28fc95ff1dfd231df152bb8b9faed58f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "proc-macro-error", "rule_id": "RUSTSEC-2024-0370", "scanner": "osv-scanner", "correlation_key": "fp|6eaef023c201a6d87b399387f69007ed28fc95ff1dfd231df152bb8b9faed58f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 111060, "scanner": "osv-scanner", "fingerprint": "53cd0716c2ab4009058ae95ee106026e737b8db6ed655d860ed80e91533c95ad", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|53cd0716c2ab4009058ae95ee106026e737b8db6ed655d860ed80e91533c95ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0002", "level": "error", "message": {"text": "lru: RUSTSEC-2026-0002"}, "properties": {"repobilityId": 111059, "scanner": "osv-scanner", "fingerprint": "8fc49f9ea43138d2701108a8e8cb53fe7fb1d2b8926bfea7c1e23222876ef9d8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-rhfx-m35p-ff5j"], "package": "lru", "rule_id": "RUSTSEC-2026-0002", "scanner": "osv-scanner", "correlation_key": "vuln|lru|GHSA-RHFX-M35P-FF5J|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-rhfx-m35p-ff5j", "RUSTSEC-2026-0002"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["36285e273199950a922a1e3b174a0a5006b44c2adcc093d15fbf95215fddcbe8", "8fc49f9ea43138d2701108a8e8cb53fe7fb1d2b8926bfea7c1e23222876ef9d8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0419", "level": "error", "message": {"text": "gtk3-macros: RUSTSEC-2024-0419"}, "properties": {"repobilityId": 111058, "scanner": "osv-scanner", "fingerprint": "c4b863f94a4acfb623a389156db170d38597c4483c62f8eedcdabade0c0ada22", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gtk3-macros", "rule_id": "RUSTSEC-2024-0419", "scanner": "osv-scanner", "correlation_key": "fp|c4b863f94a4acfb623a389156db170d38597c4483c62f8eedcdabade0c0ada22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0420", "level": "error", "message": {"text": "gtk-sys: RUSTSEC-2024-0420"}, "properties": {"repobilityId": 111057, "scanner": "osv-scanner", "fingerprint": "1a3aba8fe8e71e8df15bda97291b0bf0a2f1cdcb5b690931a59ee57eb6f1dabf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gtk-sys", "rule_id": "RUSTSEC-2024-0420", "scanner": "osv-scanner", "correlation_key": "fp|1a3aba8fe8e71e8df15bda97291b0bf0a2f1cdcb5b690931a59ee57eb6f1dabf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0415", "level": "error", "message": {"text": "gtk: RUSTSEC-2024-0415"}, "properties": {"repobilityId": 111056, "scanner": "osv-scanner", "fingerprint": "6c12eb6bf8ef2dad8d3548a4cea979376010cdc65c482a1b6a3c0c311e7a56ef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gtk", "rule_id": "RUSTSEC-2024-0415", "scanner": "osv-scanner", "correlation_key": "fp|6c12eb6bf8ef2dad8d3548a4cea979376010cdc65c482a1b6a3c0c311e7a56ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0429", "level": "error", "message": {"text": "glib: RUSTSEC-2024-0429"}, "properties": {"repobilityId": 111055, "scanner": "osv-scanner", "fingerprint": "34e629752ba6f6ef7819dd352aa4cbc5d1b89976d331fe800944eca7bc7495bb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-wrw7-89jp-8q8g"], "package": "glib", "rule_id": "RUSTSEC-2024-0429", "scanner": "osv-scanner", "correlation_key": "vuln|glib|GHSA-WRW7-89JP-8Q8G|backend/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wrw7-89jp-8q8g", "RUSTSEC-2024-0429"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["34e629752ba6f6ef7819dd352aa4cbc5d1b89976d331fe800944eca7bc7495bb", "d752da80c8b3d62ca50567100a6fdef3d1c3e38f5b995fbf1b537ccec49c4868"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0414", "level": "error", "message": {"text": "gdkx11-sys: RUSTSEC-2024-0414"}, "properties": {"repobilityId": 111054, "scanner": "osv-scanner", "fingerprint": "dc3f2d85ea00e7a04946d907c5a7744e10f7d0c47526353c669b9dc7aa3f93fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdkx11-sys", "rule_id": "RUSTSEC-2024-0414", "scanner": "osv-scanner", "correlation_key": "fp|dc3f2d85ea00e7a04946d907c5a7744e10f7d0c47526353c669b9dc7aa3f93fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0417", "level": "error", "message": {"text": "gdkx11: RUSTSEC-2024-0417"}, "properties": {"repobilityId": 111053, "scanner": "osv-scanner", "fingerprint": "c50cdeff98f9e117e80592ad6c22f6bdd6f29f80fb27e31efc4b1ec315c3028d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdkx11", "rule_id": "RUSTSEC-2024-0417", "scanner": "osv-scanner", "correlation_key": "fp|c50cdeff98f9e117e80592ad6c22f6bdd6f29f80fb27e31efc4b1ec315c3028d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0411", "level": "error", "message": {"text": "gdkwayland-sys: RUSTSEC-2024-0411"}, "properties": {"repobilityId": 111052, "scanner": "osv-scanner", "fingerprint": "85ea6286dae325d7f6126bb6fbf34a0724790bf10b1c99a1a7bd741560fee776", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdkwayland-sys", "rule_id": "RUSTSEC-2024-0411", "scanner": "osv-scanner", "correlation_key": "fp|85ea6286dae325d7f6126bb6fbf34a0724790bf10b1c99a1a7bd741560fee776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0418", "level": "error", "message": {"text": "gdk-sys: RUSTSEC-2024-0418"}, "properties": {"repobilityId": 111051, "scanner": "osv-scanner", "fingerprint": "b94fb775c3a29f631129012410577b8a474fdde6efb53860f3fcc83d021dbdc1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdk-sys", "rule_id": "RUSTSEC-2024-0418", "scanner": "osv-scanner", "correlation_key": "fp|b94fb775c3a29f631129012410577b8a474fdde6efb53860f3fcc83d021dbdc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0412", "level": "error", "message": {"text": "gdk: RUSTSEC-2024-0412"}, "properties": {"repobilityId": 111050, "scanner": "osv-scanner", "fingerprint": "867298b6f25719c23b3d0d5200f77f787caeddaab6b8c0b3ee5eda03ee987529", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdk", "rule_id": "RUSTSEC-2024-0412", "scanner": "osv-scanner", "correlation_key": "fp|867298b6f25719c23b3d0d5200f77f787caeddaab6b8c0b3ee5eda03ee987529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0057", "level": "error", "message": {"text": "fxhash: RUSTSEC-2025-0057"}, "properties": {"repobilityId": 111049, "scanner": "osv-scanner", "fingerprint": "2e24816fc27fa4c6ad622cba3a7db2bbf501746886c533a382b6ba795a6b0676", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fxhash", "rule_id": "RUSTSEC-2025-0057", "scanner": "osv-scanner", "correlation_key": "fp|2e24816fc27fa4c6ad622cba3a7db2bbf501746886c533a382b6ba795a6b0676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0105", "level": "error", "message": {"text": "core2: RUSTSEC-2026-0105"}, "properties": {"repobilityId": 111048, "scanner": "osv-scanner", "fingerprint": "d43b1b173b186c27167cc0c3410c1db001e25e9887b43e74234e6aa6aafa0642", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "core2", "rule_id": "RUSTSEC-2026-0105", "scanner": "osv-scanner", "correlation_key": "fp|d43b1b173b186c27167cc0c3410c1db001e25e9887b43e74234e6aa6aafa0642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 111047, "scanner": "osv-scanner", "fingerprint": "f99f4aac413df6933413d3313f236db2242281094f23f0089daef6d1d00c4945", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|f99f4aac413df6933413d3313f236db2242281094f23f0089daef6d1d00c4945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0089", "level": "error", "message": {"text": "atomic-polyfill: RUSTSEC-2023-0089"}, "properties": {"repobilityId": 111046, "scanner": "osv-scanner", "fingerprint": "1729dd1aa735668a8f32e400886ba4e8d8a0b3fd2efe6c527523dc752822ea6c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atomic-polyfill", "rule_id": "RUSTSEC-2023-0089", "scanner": "osv-scanner", "correlation_key": "fp|1729dd1aa735668a8f32e400886ba4e8d8a0b3fd2efe6c527523dc752822ea6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0416", "level": "error", "message": {"text": "atk-sys: RUSTSEC-2024-0416"}, "properties": {"repobilityId": 111045, "scanner": "osv-scanner", "fingerprint": "6bdd9f380bbfae2435971cc7796c1450856235dbead5c24df3b7fe2bb92f615f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atk-sys", "rule_id": "RUSTSEC-2024-0416", "scanner": "osv-scanner", "correlation_key": "fp|6bdd9f380bbfae2435971cc7796c1450856235dbead5c24df3b7fe2bb92f615f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0413", "level": "error", "message": {"text": "atk: RUSTSEC-2024-0413"}, "properties": {"repobilityId": 111044, "scanner": "osv-scanner", "fingerprint": "153a19a57198a4cf296e8b1c92f652ab3a6e31ad67a0df8c67077cf4769908fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atk", "rule_id": "RUSTSEC-2024-0413", "scanner": "osv-scanner", "correlation_key": "fp|153a19a57198a4cf296e8b1c92f652ab3a6e31ad67a0df8c67077cf4769908fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0056", "level": "error", "message": {"text": "adler: RUSTSEC-2025-0056"}, "properties": {"repobilityId": 111043, "scanner": "osv-scanner", "fingerprint": "f8cf9ad8b42d41393aee23e9251746e98660ce2ed0fc15e0d64be3a3f46c2a58", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "adler", "rule_id": "RUSTSEC-2025-0056", "scanner": "osv-scanner", "correlation_key": "fp|f8cf9ad8b42d41393aee23e9251746e98660ce2ed0fc15e0d64be3a3f46c2a58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 111034, "scanner": "repobility-threat-engine", "fingerprint": "12123a87d11a0831948766fd9feda4837244d91a5dcbee484d96e15cba54cf5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(\n    `${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|12123a87d11a0831948766fd9feda4837244d91a5dcbee484d96e15cba54cf5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/manifest.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 111029, "scanner": "repobility-threat-engine", "fingerprint": "0c554bf19873bae8f7bcb4b7b1007da5e0ef47896aac6d3a0ceb7e6663080986", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((v) => `> ${v}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0c554bf19873bae8f7bcb4b7b1007da5e0ef47896aac6d3a0ceb7e6663080986"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(main)/_modules/header-help-action.tsx"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 111028, "scanner": "repobility-threat-engine", "fingerprint": "005cc4562596ef299d0c4d95a49afda2000d42eab00fa2cb5c9936d0cff5291e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(candidate", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|005cc4562596ef299d0c4d95a49afda2000d42eab00fa2cb5c9936d0cff5291e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/utils/custom-css-compiler.ts"}, "region": {"startLine": 244}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 111027, "scanner": "repobility-threat-engine", "fingerprint": "df23ecf704cf5d5d558829282eafe39857270885ed4f5fce9746f64da0a3d4cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(lineContent", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|df23ecf704cf5d5d558829282eafe39857270885ed4f5fce9746f64da0a3d4cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(editor)/editor/profile/index.tsx"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 111026, "scanner": "repobility-threat-engine", "fingerprint": "517f04602af212d35eaf0dac73a19249538e7238265b925505894a7a94cef02c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(line", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|517f04602af212d35eaf0dac73a19249538e7238265b925505894a7a94cef02c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/nyanpasu/src/pages/(editor)/editor/_modules/utils.tsx"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111007, "scanner": "repobility-threat-engine", "fingerprint": "315c123a532bb7801657fafe325f707f5be848047bfd65b212d5e362b6d1e34e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|315c123a532bb7801657fafe325f707f5be848047bfd65b212d5e362b6d1e34e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/provider/mutation-provider.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111006, "scanner": "repobility-threat-engine", "fingerprint": "46663c7b66a37370806445440af2e4c8dbe78719f022cbf806ff5c013fc5ba4c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pendingWritesRef.current.delete('null')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|46663c7b66a37370806445440af2e4c8dbe78719f022cbf806ff5c013fc5ba4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/interface/src/hooks/use-kv-storage.ts"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 111005, "scanner": "repobility-threat-engine", "fingerprint": "a784a09930ac485ab70e97a26072984bac32c329c0fc916f51e5fc7a3d69eab8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(b\"clash-nyanpasu:fallback\");", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a784a09930ac485ab70e97a26072984bac32c329c0fc916f51e5fc7a3d69eab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/utils/hwid.rs"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 111004, "scanner": "repobility-threat-engine", "fingerprint": "cca8250cc4133ec22c1e712b28e6c3c0fbc394c646ab56f510adef7287e87d56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cca8250cc4133ec22c1e712b28e6c3c0fbc394c646ab56f510adef7287e87d56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/enhance/script/runner.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 111003, "scanner": "repobility-threat-engine", "fingerprint": "9ed16b05a3373360dd7983984abf0b207ad92f75f7a5989d8d84af7d3141bc07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ed16b05a3373360dd7983984abf0b207ad92f75f7a5989d8d84af7d3141bc07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/tasks/executor.rs"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110997, "scanner": "repobility-threat-engine", "fingerprint": "e91a3ecd9cc308e485e954edd48fc4212b84b12d45e3337accf49cfdc7a48032", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e91a3ecd9cc308e485e954edd48fc4212b84b12d45e3337accf49cfdc7a48032"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/pac.rs"}, "region": {"startLine": 293}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110996, "scanner": "repobility-threat-engine", "fingerprint": "4ce558240c1c5b99fc0782c32a656c8e4c8e9667990252a9ba6576adcd110440", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4ce558240c1c5b99fc0782c32a656c8e4c8e9667990252a9ba6576adcd110440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/core/download/adapter.rs"}, "region": {"startLine": 148}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 110995, "scanner": "repobility-threat-engine", "fingerprint": "09425fabe1d7edb43fb2b2ef387f20ef8ef8f5f529dd2cae241e2b561daca8ac", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09425fabe1d7edb43fb2b2ef387f20ef8ef8f5f529dd2cae241e2b561daca8ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/src/config/profile/tests.rs"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 110977, "scanner": "repobility-threat-engine", "fingerprint": "ec4a8a607300a46a9552e7216f4e7a936a92429e36ff4358565931ec6690eeea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec4a8a607300a46a9552e7216f4e7a936a92429e36ff4358565931ec6690eeea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/nyanpasu-core/src/state/manager/simple.rs"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 110976, "scanner": "repobility-threat-engine", "fingerprint": "767276cf18209162a958264b3e9333c36a5a6f3693b076dd8add390a1ac2cb45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|767276cf18209162a958264b3e9333c36a5a6f3693b076dd8add390a1ac2cb45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/boa_utils/src/module/http.rs"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 110975, "scanner": "repobility-threat-engine", "fingerprint": "fcca666ae7aa35ef60236fb148e08e6907c082848ee1047e683555a19a332f98", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fcca666ae7aa35ef60236fb148e08e6907c082848ee1047e683555a19a332f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/boa_utils/src/console/tests.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 110948, "scanner": "repobility-supply-chain", "fingerprint": "603b3523143b8e936391ada77a4e2aa06671ffff530c126693d4506f2b418b50", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|603b3523143b8e936391ada77a4e2aa06671ffff530c126693d4506f2b418b50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `denoland/setup-deno` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 110947, "scanner": "repobility-supply-chain", "fingerprint": "4255d090ff9afd2a23cc41e0023d684d864d855ecdd90c9f08d8a793e24a3a70", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4255d090ff9afd2a23cc41e0023d684d864d855ecdd90c9f08d8a793e24a3a70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110946, "scanner": "repobility-supply-chain", "fingerprint": "ac78167e1ac2a64fed28f06d1532023b9279311612650db611276fe357d5ca36", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac78167e1ac2a64fed28f06d1532023b9279311612650db611276fe357d5ca36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110945, "scanner": "repobility-supply-chain", "fingerprint": "8aed06d6981f835a388ccfe4043d4f7dbd36b252e98685e2a3cc7dde15762c9c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8aed06d6981f835a388ccfe4043d4f7dbd36b252e98685e2a3cc7dde15762c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cargo-bins/cargo-binstall` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 110944, "scanner": "repobility-supply-chain", "fingerprint": "bec59e8d9c05df2b5b6bb789a39c9a291f18181c034337dc9f6c6dc479162a42", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bec59e8d9c05df2b5b6bb789a39c9a291f18181c034337dc9f6c6dc479162a42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110943, "scanner": "repobility-supply-chain", "fingerprint": "a8944e9577615c14fbf5565eb17c9c6ce899115ab0008c9b2a8a7f2361337ec8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a8944e9577615c14fbf5565eb17c9c6ce899115ab0008c9b2a8a7f2361337ec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-build-linux.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 110942, "scanner": "repobility-supply-chain", "fingerprint": "212331fab9d315a3cabd3e603693bd6edd9f1e83b1acbbdb1531b6e0d30853a2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|212331fab9d315a3cabd3e603693bd6edd9f1e83b1acbbdb1531b6e0d30853a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `denoland/setup-deno` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 110941, "scanner": "repobility-supply-chain", "fingerprint": "00a1dd4704b97fc53378961ac4ae34eaab89432fe5a6f1c0f6a823074aa299b7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|00a1dd4704b97fc53378961ac4ae34eaab89432fe5a6f1c0f6a823074aa299b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110940, "scanner": "repobility-supply-chain", "fingerprint": "11c4687b51f7a9d5052dcc53b8212c81a286b59e87beea97325991281e2c23f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11c4687b51f7a9d5052dcc53b8212c81a286b59e87beea97325991281e2c23f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110939, "scanner": "repobility-supply-chain", "fingerprint": "2b6099328bff6568c75d629dcea6c475f4e473f28bdf9061ab886f007ecdbdee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b6099328bff6568c75d629dcea6c475f4e473f28bdf9061ab886f007ecdbdee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-message-telegram.yaml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mknejp/delete-release-assets` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 110938, "scanner": "repobility-supply-chain", "fingerprint": "bfc83a835ac9e616839cf3b924261899bca546b33c2df0d9e3459212c2453bef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bfc83a835ac9e616839cf3b924261899bca546b33c2df0d9e3459212c2453bef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-delete-releases.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110937, "scanner": "repobility-supply-chain", "fingerprint": "bc8f61199a1ee4b7de33f20d2b40bc0e9eaabccc14c7d9f38b8a806cae8ff5dd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc8f61199a1ee4b7de33f20d2b40bc0e9eaabccc14c7d9f38b8a806cae8ff5dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-delete-releases.yaml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 110936, "scanner": "repobility-supply-chain", "fingerprint": "bec1fd235755fa9b8be5d535fca9102d05d1ed7a2702782231283effc6aa1bc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bec1fd235755fa9b8be5d535fca9102d05d1ed7a2702782231283effc6aa1bc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-upload-release-assets.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110935, "scanner": "repobility-supply-chain", "fingerprint": "d4cc8abef7251b9ecae664943ef803eb113e71667a311b49eb498c1d91807655", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4cc8abef7251b9ecae664943ef803eb113e71667a311b49eb498c1d91807655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deps-upload-release-assets.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 110934, "scanner": "repobility-supply-chain", "fingerprint": "70a7620632eecda281926c9268f60410a529656a52ab178ede6210b038325e29", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70a7620632eecda281926c9268f60410a529656a52ab178ede6210b038325e29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/release.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `orhun/git-cliff-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 110933, "scanner": "repobility-supply-chain", "fingerprint": "f0d4ab1efdaee0f3b82dc982093b7de339015f6a4223726e75895c093a64def5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0d4ab1efdaee0f3b82dc982093b7de339015f6a4223726e75895c093a64def5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/release.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110932, "scanner": "repobility-supply-chain", "fingerprint": "8473d35353a451f7f92009350bb489ebd6c957218d43393de1c3433af4d04bc3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8473d35353a451f7f92009350bb489ebd6c957218d43393de1c3433af4d04bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 110931, "scanner": "repobility-supply-chain", "fingerprint": "cda4f3bcb555df6887e3ccbdad6ea9337360026c8a37071210c28814c7d8a405", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cda4f3bcb555df6887e3ccbdad6ea9337360026c8a37071210c28814c7d8a405"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/format.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 110930, "scanner": "repobility-supply-chain", "fingerprint": "98206cd08f2f52b2b12fcf11fc33677d627ba5101eed18968addc1b28421db7f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98206cd08f2f52b2b12fcf11fc33677d627ba5101eed18968addc1b28421db7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/format.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110929, "scanner": "repobility-supply-chain", "fingerprint": "233cfb620aef01d33ee0122c3520696008e85c530423ffe8a01bd561f9d3ef0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|233cfb620aef01d33ee0122c3520696008e85c530423ffe8a01bd561f9d3ef0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/format.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions-rs/audit-check` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 110928, "scanner": "repobility-supply-chain", "fingerprint": "82d177a281a84c6326789999357798b5dfa0bc58e033ec61b7947d13db0753b2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|82d177a281a84c6326789999357798b5dfa0bc58e033ec61b7947d13db0753b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/audit.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110927, "scanner": "repobility-supply-chain", "fingerprint": "724a65ee6426a8631dcfdfb9361797d265a2d4ca95e24c713529c168a0864d85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|724a65ee6426a8631dcfdfb9361797d265a2d4ca95e24c713529c168a0864d85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/audit.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 110926, "scanner": "repobility-supply-chain", "fingerprint": "2eb6608574258a785c5c34d8043ee7551b7a7da95054773a3dbae63b89093e57", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2eb6608574258a785c5c34d8043ee7551b7a7da95054773a3dbae63b89093e57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/lint.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 110925, "scanner": "repobility-supply-chain", "fingerprint": "6749877dffe6bd377325068514ef1ebc2de533b1700214165ef0a35e7fac5bbd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6749877dffe6bd377325068514ef1ebc2de533b1700214165ef0a35e7fac5bbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/lint.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 110924, "scanner": "repobility-supply-chain", "fingerprint": "9c7429e36fd3000de90293dba245da615565ea328f57166d6c8778db5c01a63e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9c7429e36fd3000de90293dba245da615565ea328f57166d6c8778db5c01a63e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri-plugin-deep-link/.github/workflows/lint.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111042, "scanner": "gitleaks", "fingerprint": "ffca4a66d52529e546ff8217cd90448e36a954f4fafd677e536b80e792361d0e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "private-key: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|144|private-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 1445}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111041, "scanner": "gitleaks", "fingerprint": "27395ab4f751a29cdcbf5525086efd1e85f174b0f98e2076a9147108086e9768", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "password: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|142|password: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 1429}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111040, "scanner": "gitleaks", "fingerprint": "2cd0d96aab3719dbf2326e772a186eabcdce9830a799c50a51d696b4e22d2c62", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "private-key: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|138|private-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 1385}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111039, "scanner": "gitleaks", "fingerprint": "0c3e519adc3378e08f54cb262bf2a88a696b41871ac7df6c909e309dc407348a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "private-key: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|130|private-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 1302}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111038, "scanner": "gitleaks", "fingerprint": "df30c350e63a7a43fe35919496022904f1455e56f57be81ba62602235be642fb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "password: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|126|password: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 1265}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111037, "scanner": "gitleaks", "fingerprint": "3d2e361fd3d431d051c9265271347d59a3e4cad1c4927b254bc8aa4a5f89cc09", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "pre-shared-key: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|84|pre-shared-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 850}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111036, "scanner": "gitleaks", "fingerprint": "d5983af805c2cf5cc6cb456bdbe8f3cff6e8881812ab6d4d416989404bf7f94b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "private-key: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|83|private-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 835}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 111035, "scanner": "gitleaks", "fingerprint": "11520edcfaf488baed03b36fd67723a6eedb7e0b2467b1d61e9a97bbaa6621ab", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "pre-shared-key: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|83|pre-shared-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tauri/tests/sample_clash_config.yaml"}, "region": {"startLine": 834}}}]}]}]}