{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `sphinx-gallery` has no version pin: Unpinned pip requirement means every fresh install may", "shortDescription": {"text": "[MINED124] requirements.txt: `sphinx-gallery` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducibl"}, "fullDescription": {"text": "Replace `sphinx-gallery` with `sphinx-gallery==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `_generic_edge_filter` (list): `def _generic_edge_filter(... = []/{}/set())` \u2014 Py", "shortDescription": {"text": "[MINED109] Mutable default argument in `_generic_edge_filter` (list): `def _generic_edge_filter(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one cal"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def _generic_edge_filter(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `position_nodes_for_max_tree` has cognitive complexity 23 (SonarSource sca", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `position_nodes_for_max_tree` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains,"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 23."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED009] Floats For Money (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v5` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_gaussian_4d_ok: Test function `test_gaussian_4d_ok` runs code but contains no ass", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_gaussian_4d_ok: Test function `test_gaussian_4d_ok` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `Skeletonize3d` reads `self.image`,", "shortDescription": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `Skeletonize3d` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the"}, "fullDescription": {"text": "Initialize `self.image = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.UPLOAD_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, w", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.UPLOAD_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.UPLOAD_TOKEN }` lets a PR from any fork exfiltrate the secret ("}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`", "shortDescription": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import array` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1321"}, "properties": {"repository": "scikit-image/scikit-image", "repoUrl": "https://github.com/scikit-image/scikit-image", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sphinx-gallery` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 134873, "scanner": "repobility-supply-chain", "fingerprint": "cc170187224ff1bf05b920501cc6631e37e50d04b41a7501061e36fc1db8ca8c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc170187224ff1bf05b920501cc6631e37e50d04b41a7501061e36fc1db8ca8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".binder/requirements.txt"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `scikit-learn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 134872, "scanner": "repobility-supply-chain", "fingerprint": "424542c409b89192164d820c0193c27ce0a9350523aef384058ab722f1ca1b8f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|424542c409b89192164d820c0193c27ce0a9350523aef384058ab722f1ca1b8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".binder/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `wheel` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 134871, "scanner": "repobility-supply-chain", "fingerprint": "31f5dc22b734234111f4b924cb3fd9364207dd42568a6cd465b0f3c3dd99500e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31f5dc22b734234111f4b924cb3fd9364207dd42568a6cd465b0f3c3dd99500e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".binder/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134869, "scanner": "repobility-ast-engine", "fingerprint": "da02811bc1dfff4978d1e8bdaf4ac8d4eead96426d89d204174f7b87a411a4dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da02811bc1dfff4978d1e8bdaf4ac8d4eead96426d89d204174f7b87a411a4dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/_vendored/numpy_lookfor.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134868, "scanner": "repobility-ast-engine", "fingerprint": "37ac703b1da0d3ba8f8a5b204f31c52b27fd28a04853541a25cef3cc10a17575", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37ac703b1da0d3ba8f8a5b204f31c52b27fd28a04853541a25cef3cc10a17575"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/_vendored/numpy_lookfor.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_generic_edge_filter` (list): `def _generic_edge_filter(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134866, "scanner": "repobility-ast-engine", "fingerprint": "5c8f7dd9acedec73a739c9a00c24000ac07f1d9e6be7ebe1f5013395dc015ef2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c8f7dd9acedec73a739c9a00c24000ac07f1d9e6be7ebe1f5013395dc015ef2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/filters/edges.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134865, "scanner": "repobility-ast-engine", "fingerprint": "29bda10411a0131368adb88effc89fc60f6e3de5623183e5214ad9416a946fe4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29bda10411a0131368adb88effc89fc60f6e3de5623183e5214ad9416a946fe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/filters/thresholding.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `precompute_decompositions` (dict): `def precompute_decompositions(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134862, "scanner": "repobility-ast-engine", "fingerprint": "11c6152410da9da0b62f02f3a066c54020f88797cd87c514ca8de07cad6a884e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11c6152410da9da0b62f02f3a066c54020f88797cd87c514ca8de07cad6a884e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/precompute/_precompute_nsphere_decompositions.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `precompute_decompositions` (list): `def precompute_decompositions(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134861, "scanner": "repobility-ast-engine", "fingerprint": "980a40016bb099ebc35c68cdd03794616f2316810b593dc46b23dfa0c14e7cfd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|980a40016bb099ebc35c68cdd03794616f2316810b593dc46b23dfa0c14e7cfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/precompute/_precompute_nsphere_decompositions.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_append_msgs` (list): `def _append_msgs(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134860, "scanner": "repobility-ast-engine", "fingerprint": "f109fd113076eb1e7fa1fb61eb990397b252642e59ef3d9e782a7d0de183ea10", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f109fd113076eb1e7fa1fb61eb990397b252642e59ef3d9e782a7d0de183ea10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/tools/migration_utils.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 134796, "scanner": "repobility-threat-engine", "fingerprint": "915b6549c86bbedf235dea17a77b1130212dd80b277cffc600d7c4915bf0196e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def inverse(self):\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|915b6549c86bbedf235dea17a77b1130212dd80b277cffc600d7c4915bf0196e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/transform/_thin_plate_splines.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 134784, "scanner": "repobility-threat-engine", "fingerprint": "bcb3dfc9c264a44b3bb2cdb7c08257c4610664e309d0d03a507a205eec57f775", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bcb3dfc9c264a44b3bb2cdb7c08257c4610664e309d0d03a507a205eec57f775"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_skimage2/_shared/testing.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 134783, "scanner": "repobility-threat-engine", "fingerprint": "6b95c8883d65e033437b4b835263ce3087ec6816a2dc55bdcdf7b024d488a2fc", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|100|sec045", "duplicate_count": 1, "duplicate_rule_ids": ["SEC045"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["6b95c8883d65e033437b4b835263ce3087ec6816a2dc55bdcdf7b024d488a2fc", "84505cc66037b6e5e4e159e6c11ba1045fd67cec33cd722d2b4b9338aaef24e3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_skimage2/_shared/testing.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 134774, "scanner": "repobility-threat-engine", "fingerprint": "46ee9511117b7d19f54d630cff53ed576ac92e6a7dcb627fb0c01e55ced4b351", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * images.length);\n       document.write(\n'{{GALLERY_DIV", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|46ee9511117b7d19f54d630cff53ed576ac92e6a7dcb627fb0c01e55ced4b351"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/ext/skimage_extensions.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `position_nodes_for_max_tree` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=3, for=3, if=6, nested_bonus=11."}, "properties": {"repobilityId": 134765, "scanner": "repobility-threat-engine", "fingerprint": "d8dcec3266917627c0c7ef5bc46811fdc1802d95bb08a915680fe6b0b80e1ccc", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 23 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "position_nodes_for_max_tree", "breakdown": {"if": 6, "for": 3, "else": 3, "nested_bonus": 11}, "complexity": 23, "correlation_key": "fp|d8dcec3266917627c0c7ef5bc46811fdc1802d95bb08a915680fe6b0b80e1ccc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/developers/plot_max_tree.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134805, "scanner": "repobility-ai-code-hygiene", "fingerprint": "152d65cbdcd2bb4c61b81df61b8690cc14408928fa45996eb81ff67c734bf7ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/skimage/restoration/non_local_means.py", "duplicate_line": 47, "correlation_key": "fp|152d65cbdcd2bb4c61b81df61b8690cc14408928fa45996eb81ff67c734bf7ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/transform/pyramids.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134804, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a0703c1101c5fbd3685f376e22ab22abf87df57089fa75dc86ba45c4a27ffb5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/skimage/restoration/unwrap_2d_ljmu.c", "duplicate_line": 343, "correlation_key": "fp|6a0703c1101c5fbd3685f376e22ab22abf87df57089fa75dc86ba45c4a27ffb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/restoration/unwrap_3d_ljmu.c"}, "region": {"startLine": 737}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134803, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bba971847e578b1e29f78b8fdd9f5969373349d9d2187eb74a1c98a6a85ea50", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/skimage/registration/_masked_phase_cross_correlation.py", "duplicate_line": 26, "correlation_key": "fp|4bba971847e578b1e29f78b8fdd9f5969373349d9d2187eb74a1c98a6a85ea50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/registration/_phase_cross_correlation.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134802, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29ff233dc88596d1b7d227b5948e5fd887a3abe7c5dd359d025cfe9b20f9dc29", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/_skimage2/morphology/_grayscale_operators.py", "duplicate_line": 137, "correlation_key": "fp|29ff233dc88596d1b7d227b5948e5fd887a3abe7c5dd359d025cfe9b20f9dc29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/morphology/gray.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134801, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d81bc99896d2986f3740521e6406ffd91b7a5c5c1c00fb09d70a0c28a32291e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/_skimage2/metrics/_structural_similarity.py", "duplicate_line": 55, "correlation_key": "fp|d81bc99896d2986f3740521e6406ffd91b7a5c5c1c00fb09d70a0c28a32291e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/metrics/_structural_similarity.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134800, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e2a7b16b82b951cf61aceb59ec00e5ce52851b49c8a744eda5060489d7e70ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/skimage/filters/rank/_percentile.py", "duplicate_line": 32, "correlation_key": "fp|5e2a7b16b82b951cf61aceb59ec00e5ce52851b49c8a744eda5060489d7e70ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/filters/rank/bilateral.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134799, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab53f9b04a7b39ac284d1c40f616a4757d6344a43aa6e0942b749e49e8e9f7ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/_skimage2/_shared/utils.py", "duplicate_line": 692, "correlation_key": "fp|ab53f9b04a7b39ac284d1c40f616a4757d6344a43aa6e0942b749e49e8e9f7ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/filters/edges.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134798, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aeb1c662998ada57cad60e1a560e0abf00747467f61ef4152b59411c001cdf40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/_skimage2/filters/_gaussian.py", "duplicate_line": 15, "correlation_key": "fp|aeb1c662998ada57cad60e1a560e0abf00747467f61ef4152b59411c001cdf40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/filters/_gaussian.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134797, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cabfe44e802a076e6bf2f5edf9ae61f9645115059681b192aa1480db2592f972", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/_skimage2/feature/_canny.py", "duplicate_line": 83, "correlation_key": "fp|cabfe44e802a076e6bf2f5edf9ae61f9645115059681b192aa1480db2592f972"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/feature/_canny.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 134773, "scanner": "repobility-threat-engine", "fingerprint": "4ac4e473b0236336d97f3a689bbd307d28f97e5abd3d8b586973c7ff54c6de9b", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(o", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|12|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/source/_static/docversions.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 134772, "scanner": "repobility-threat-engine", "fingerprint": "2adc2ade86d71958499b170b7814ec3a365ac237b5fe43252dce671af2d46754", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|73|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/ext/skimage_extensions.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `linkcode_resolve` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=3, for=1, if=4, nested_bonus=1."}, "properties": {"repobilityId": 134766, "scanner": "repobility-threat-engine", "fingerprint": "cdc57738d405cabf37c69beef0a5d0c7a11c28849174fc8905346eb0eef93a4b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "linkcode_resolve", "breakdown": {"if": 4, "for": 1, "else": 1, "except": 3, "nested_bonus": 1}, "complexity": 10, "correlation_key": "fp|cdc57738d405cabf37c69beef0a5d0c7a11c28849174fc8905346eb0eef93a4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/source/conf.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `setup` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=6, else=1, if=4, nested_bonus=1."}, "properties": {"repobilityId": 134764, "scanner": "repobility-threat-engine", "fingerprint": "94045c5089a23bfea37b47643d4d0ac9ba4b2075154088588e6d0a885a82c54d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "setup", "breakdown": {"if": 4, "elif": 6, "else": 1, "nested_bonus": 1}, "complexity": 12, "correlation_key": "fp|94045c5089a23bfea37b47643d4d0ac9ba4b2075154088588e6d0a885a82c54d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_morphology.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED009", "level": "none", "message": {"text": "[MINED009] Floats For Money (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 134793, "scanner": "repobility-threat-engine", "fingerprint": "0df4cb2fbea220f3202f6f25a9fdf12664cf406497984bbe6567ae142c57ddcf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0df4cb2fbea220f3202f6f25a9fdf12664cf406497984bbe6567ae142c57ddcf", "aggregated_count": 1}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 134788, "scanner": "repobility-threat-engine", "fingerprint": "9942b060e51653702dbaf31ef46fca32cc40be638a9bc2c89acde6c1d22204ec", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9942b060e51653702dbaf31ef46fca32cc40be638a9bc2c89acde6c1d22204ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/future/trainable_segmentation.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 134787, "scanner": "repobility-threat-engine", "fingerprint": "52de38e4831b761e051c1a3a033198f7ae1a3cbf6fe24d432b0ebf119701a14a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|52de38e4831b761e051c1a3a033198f7ae1a3cbf6fe24d432b0ebf119701a14a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/feature/_fisher_vector.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 134778, "scanner": "repobility-threat-engine", "fingerprint": "24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "aggregated_count": 1}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 134777, "scanner": "repobility-threat-engine", "fingerprint": "e3828fbeb35699a05e72cf95d4c964c0aa56dea524925af7ab6ba1d702b82739", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e3828fbeb35699a05e72cf95d4c964c0aa56dea524925af7ab6ba1d702b82739"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/io/sift.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 134776, "scanner": "repobility-threat-engine", "fingerprint": "42c9d34a5efcf19840e91c91ec01f0ddc4bcaa047ffc9411dfe8e66cd624ef19", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42c9d34a5efcf19840e91c91ec01f0ddc4bcaa047ffc9411dfe8e66cd624ef19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/tools/plot_pr.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 134775, "scanner": "repobility-threat-engine", "fingerprint": "ec1667c7860e7fe673ce20962b706057c7c90fa2b09633d97b1b20ea6adda53f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec1667c7860e7fe673ce20962b706057c7c90fa2b09633d97b1b20ea6adda53f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/tools/build_modref_templates.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 134771, "scanner": "repobility-threat-engine", "fingerprint": "360682972d748d4e9b8f4cd70e828491a9ee3c14672ad9b1ba021b723bb5f4a2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|360682972d748d4e9b8f4cd70e828491a9ee3c14672ad9b1ba021b723bb5f4a2", "aggregated_count": 18}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134770, "scanner": "repobility-threat-engine", "fingerprint": "26253ac02d793cc0dc4ed7412d4b0f42bab09d875360983931347e91cb606efb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|26253ac02d793cc0dc4ed7412d4b0f42bab09d875360983931347e91cb606efb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/edges/plot_contours.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134769, "scanner": "repobility-threat-engine", "fingerprint": "9ad438a9fed63cfd25d677f48336e2a6e133a89cfd08de52de373d21fefca2fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ad438a9fed63cfd25d677f48336e2a6e133a89cfd08de52de373d21fefca2fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/color_exposure/plot_rgb_to_gray.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134768, "scanner": "repobility-threat-engine", "fingerprint": "ee0d6d3f4f138c8e72d0b692026e52ce5ad6fe3ac81bf69a9a822e0d6144490a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee0d6d3f4f138c8e72d0b692026e52ce5ad6fe3ac81bf69a9a822e0d6144490a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/color_exposure/plot_equalize.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 56 more): Same pattern found in 56 additional files. Review if needed."}, "properties": {"repobilityId": 134767, "scanner": "repobility-threat-engine", "fingerprint": "29c986db70218c3bc26912ce62fb10d792e5c2b481aaf59beceac39aa7cbca7d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 56 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "setup", "breakdown": {"if": 4, "elif": 6, "else": 1, "nested_bonus": 1}, "aggregated": true, "complexity": 12, "correlation_key": "fp|29c986db70218c3bc26912ce62fb10d792e5c2b481aaf59beceac39aa7cbca7d", "aggregated_count": 56}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 134763, "scanner": "repobility-threat-engine", "fingerprint": "5dbeeb73bb720b57759584c17afd0bf42e7d6e7730b037bc27e569b25a88dc3a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5dbeeb73bb720b57759584c17afd0bf42e7d6e7730b037bc27e569b25a88dc3a", "aggregated_count": 7}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 134759, "scanner": "repobility-threat-engine", "fingerprint": "e6b965a932ba9d1b98018a7b9adf317d53d3c8e6cd2c854020a6cb63d293618f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e6b965a932ba9d1b98018a7b9adf317d53d3c8e6cd2c854020a6cb63d293618f", "aggregated_count": 26}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134758, "scanner": "repobility-threat-engine", "fingerprint": "56feef4dfc070d8f433b100e6f41e586b69a8a82e03a37eadba86fd6c47c8382", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|56feef4dfc070d8f433b100e6f41e586b69a8a82e03a37eadba86fd6c47c8382"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_import_time.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134757, "scanner": "repobility-threat-engine", "fingerprint": "b90496fdc98406ff901256773cd17d48ef6164b6715f1306c2520c836a97924f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b90496fdc98406ff901256773cd17d48ef6164b6715f1306c2520c836a97924f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_filters.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134756, "scanner": "repobility-threat-engine", "fingerprint": "743f662e80babe91432983cefae1fd742caa2d07ab71f3f988046578981a70aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|743f662e80babe91432983cefae1fd742caa2d07ab71f3f988046578981a70aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_exposure.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 134755, "scanner": "repobility-threat-engine", "fingerprint": "54f0ba2553a9969ec5da5e41b0c00e9b57db6a94780fe536927c7eef8128da2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54f0ba2553a9969ec5da5e41b0c00e9b57db6a94780fe536927c7eef8128da2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/setup-test-env.sh"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 134754, "scanner": "repobility-threat-engine", "fingerprint": "fd80c4a809aaa4b1b464c0656fb1cc872bb0d260c34ab8be151b3a76fda263c6", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(bool(sysconfig.get_config_var('Py_GIL_DISABLED')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|. token|3|print bool sysconfig.get_config_var py_gil_disabled"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/setup-test-env.sh"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134900, "scanner": "repobility-supply-chain", "fingerprint": "8322d70282b76b17bb66dd533d4da6512aeda98281616c66e368566210c4197c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8322d70282b76b17bb66dd533d4da6512aeda98281616c66e368566210c4197c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-macos.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134899, "scanner": "repobility-supply-chain", "fingerprint": "785a65c74e8523bda0c5bf5f3e6c23b457b66dbb70d19b244f020c5140c7f00b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|785a65c74e8523bda0c5bf5f3e6c23b457b66dbb70d19b244f020c5140c7f00b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/typing.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134898, "scanner": "repobility-supply-chain", "fingerprint": "d4cf03ffdc60fa3415f72fea09e2b9be2b66d7f7b4b37954ce608b62e4184ba0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4cf03ffdc60fa3415f72fea09e2b9be2b66d7f7b4b37954ce608b62e4184ba0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/typing.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134897, "scanner": "repobility-supply-chain", "fingerprint": "96592463dbb36e11abd5f9e12127a58946870ffea004c314607900ed950ccd65", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96592463dbb36e11abd5f9e12127a58946870ffea004c314607900ed950ccd65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/typing.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134896, "scanner": "repobility-supply-chain", "fingerprint": "ded4bff078d674b7df23a4cf5d35731109f7edc70ebd89cdfa0a64e9451f141a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ded4bff078d674b7df23a4cf5d35731109f7edc70ebd89cdfa0a64e9451f141a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-docs.yaml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134895, "scanner": "repobility-supply-chain", "fingerprint": "7c5c477b48e47d99ee84f6750411cf2c19bf1db6efe7668a23845d05467568d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c5c477b48e47d99ee84f6750411cf2c19bf1db6efe7668a23845d05467568d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-docs.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134894, "scanner": "repobility-supply-chain", "fingerprint": "0aea4dc3949986595a9a3b7827ff7f03805f0eab08200ced512fc04ea33de718", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0aea4dc3949986595a9a3b7827ff7f03805f0eab08200ced512fc04ea33de718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-docs.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134893, "scanner": "repobility-supply-chain", "fingerprint": "c99b720a722e9fee705c5e09f389f078843eb853f0e9cd66d99334bde748f956", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c99b720a722e9fee705c5e09f389f078843eb853f0e9cd66d99334bde748f956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-windows.yaml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134892, "scanner": "repobility-supply-chain", "fingerprint": "a5939077f7f4fc0d60c962a0b95fbf229803f9b6a8a393e77fda9074e800b935", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a5939077f7f4fc0d60c962a0b95fbf229803f9b6a8a393e77fda9074e800b935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-windows.yaml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134891, "scanner": "repobility-supply-chain", "fingerprint": "044512d39cd1a7e9f779ed220d55b636818d10af0a199d04671b94c2c5319755", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|044512d39cd1a7e9f779ed220d55b636818d10af0a199d04671b94c2c5319755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-windows.yaml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134890, "scanner": "repobility-supply-chain", "fingerprint": "170dbe937478d19aa7ed6444a61d1c3c6094ce945ad5b5766219222528d0cd95", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|170dbe937478d19aa7ed6444a61d1c3c6094ce945ad5b5766219222528d0cd95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-nightlies-on-main.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134889, "scanner": "repobility-supply-chain", "fingerprint": "92d3185fdcdf17ea3019e6063259ca8fdbf5373c7236ec1f53ead94c54b2703c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92d3185fdcdf17ea3019e6063259ca8fdbf5373c7236ec1f53ead94c54b2703c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-nightlies-on-main.yaml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134886, "scanner": "repobility-supply-chain", "fingerprint": "a13e79ca8d9d6eeaa21a2588c2f1819e427362dd0e6d13e81188a5e147f6184f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a13e79ca8d9d6eeaa21a2588c2f1819e427362dd0e6d13e81188a5e147f6184f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yaml"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134885, "scanner": "repobility-supply-chain", "fingerprint": "f0e2126a1396b2800ad02ceecfc8142bfba1c2cfd9df432d11f0b465e06326d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0e2126a1396b2800ad02ceecfc8142bfba1c2cfd9df432d11f0b465e06326d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yaml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134884, "scanner": "repobility-supply-chain", "fingerprint": "bb995dbb7722dbaf987208313e23aa0c3a58703c57b7188c1e111e3fac6cfe14", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb995dbb7722dbaf987208313e23aa0c3a58703c57b7188c1e111e3fac6cfe14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yaml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134883, "scanner": "repobility-supply-chain", "fingerprint": "9c1559a37bf6758516806e100286d9467474c5b382434545607ffc83d5661162", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9c1559a37bf6758516806e100286d9467474c5b382434545607ffc83d5661162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134882, "scanner": "repobility-supply-chain", "fingerprint": "b8692538e04a4c070642b6c0dc59ca487eae60bf316017a2538143ab4f799a5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b8692538e04a4c070642b6c0dc59ca487eae60bf316017a2538143ab4f799a5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_test_linux_for_python_x.yaml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134881, "scanner": "repobility-supply-chain", "fingerprint": "9f81cbea3c5bc839b6d0c9cfebb69542085af368caaf1d40b7b42e6e23e657bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f81cbea3c5bc839b6d0c9cfebb69542085af368caaf1d40b7b42e6e23e657bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_test_linux_for_python_x.yaml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134880, "scanner": "repobility-supply-chain", "fingerprint": "a3986aea85a1e4d3368b0ef3aa366367edebbf2a10791bfa17de1c6271e60864", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a3986aea85a1e4d3368b0ef3aa366367edebbf2a10791bfa17de1c6271e60864"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_test_linux_for_python_x.yaml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134879, "scanner": "repobility-supply-chain", "fingerprint": "4543bd842569310efd591b8e7dc8dc6b8ffd565fce1d954e3598688644378eb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4543bd842569310efd591b8e7dc8dc6b8ffd565fce1d954e3598688644378eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_for_python_x.yaml"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134878, "scanner": "repobility-supply-chain", "fingerprint": "2efd3570e8f29347047991a378d4eab42c6e914f599d939e653a34a324af772b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2efd3570e8f29347047991a378d4eab42c6e914f599d939e653a34a324af772b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_for_python_x.yaml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134877, "scanner": "repobility-supply-chain", "fingerprint": "0f1225f923e2473da0e7129af5144db9c9d274ec5158e49d0bf044741fe6f5ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f1225f923e2473da0e7129af5144db9c9d274ec5158e49d0bf044741fe6f5ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_for_python_x.yaml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134876, "scanner": "repobility-supply-chain", "fingerprint": "5f9bab7b81c4fa081a1b9d386ffd2c71a98fe0d736ef0532fb30026f036bdca6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f9bab7b81c4fa081a1b9d386ffd2c71a98fe0d736ef0532fb30026f036bdca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_for_python_x.yaml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134875, "scanner": "repobility-supply-chain", "fingerprint": "263958b0efbace44853f6ee316419410dde70d5b701e17527ecf74dc22866a10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|263958b0efbace44853f6ee316419410dde70d5b701e17527ecf74dc22866a10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-docs.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134874, "scanner": "repobility-supply-chain", "fingerprint": "1347abd5ef0f7cea16261fe0c5fabd4a946dac6b292013a52e721e74ec8e568c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1347abd5ef0f7cea16261fe0c5fabd4a946dac6b292013a52e721e74ec8e568c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-docs.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gaussian_4d_ok: Test function `test_gaussian_4d_ok` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134855, "scanner": "repobility-ast-engine", "fingerprint": "2c8e99ebb148efb96611321b63207713847b33712c75ff2011ee5e4e86835bf2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c8e99ebb148efb96611321b63207713847b33712c75ff2011ee5e4e86835bf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/filters/test_gaussian.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gaussian_multichannel: Test function `test_gaussian_multichannel` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134854, "scanner": "repobility-ast-engine", "fingerprint": "8b28038a7ae41ba8f61ee1131a09126bdc1e5b61085fc7017aa38c778b5b14dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b28038a7ae41ba8f61ee1131a09126bdc1e5b61085fc7017aa38c778b5b14dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/filters/test_gaussian.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gaussian_default_sigma: Test function `test_gaussian_default_sigma` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134853, "scanner": "repobility-ast-engine", "fingerprint": "a8bdec0821747798a7a5edb80268c9d93c61678b5e237fe05d81e1f79d699f63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8bdec0821747798a7a5edb80268c9d93c61678b5e237fe05d81e1f79d699f63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/filters/test_gaussian.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gaussian_negative_sigma: Test function `test_gaussian_negative_sigma` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134852, "scanner": "repobility-ast-engine", "fingerprint": "0ac5d70dbcb27dc3197e54753777d6c23634cc2bd630178224650d9fe543f6df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ac5d70dbcb27dc3197e54753777d6c23634cc2bd630178224650d9fe543f6df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/filters/test_gaussian.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_coord_map: Test function `test_coord_map` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134851, "scanner": "repobility-ast-engine", "fingerprint": "bd5899001bb16eec57c3a0f1276f67fd00f43b8974ff4a7669e21924180ab75c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd5899001bb16eec57c3a0f1276f67fd00f43b8974ff4a7669e21924180ab75c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_interpolation.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_int_cast_possible: Test function `test_int_cast_possible` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134850, "scanner": "repobility-ast-engine", "fingerprint": "c96fc015857bfbc0eb462be6c5238b58048c93bff43dc550f90cdf08d3e8ff91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c96fc015857bfbc0eb462be6c5238b58048c93bff43dc550f90cdf08d3e8ff91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_safe_as_int.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_int_cast_not_possible: Test function `test_int_cast_not_possible` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134849, "scanner": "repobility-ast-engine", "fingerprint": "566d39c25dc1610822c4e14a08d2243087c46ea874051936ed6d9611e656bab0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|566d39c25dc1610822c4e14a08d2243087c46ea874051936ed6d9611e656bab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_safe_as_int.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_hand_clip: Test function `test_hand_clip` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134848, "scanner": "repobility-ast-engine", "fingerprint": "d27d4d7afe32bddef4bb2a62f11de0dbac60c1e1e4e984c5897815a9b1cac2bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d27d4d7afe32bddef4bb2a62f11de0dbac60c1e1e4e984c5897815a9b1cac2bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_geometry.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_poly_clip: Test function `test_poly_clip` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134847, "scanner": "repobility-ast-engine", "fingerprint": "9b1de08895eeed9e65174c891671cd06b6017531bfc73fd69116da1d13b86411", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b1de08895eeed9e65174c891671cd06b6017531bfc73fd69116da1d13b86411"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_geometry.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_polygon_area: Test function `test_polygon_area` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134846, "scanner": "repobility-ast-engine", "fingerprint": "a32565ed88c04389acf7a009cba461762b3ed98499595d42a842c7af18996f1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a32565ed88c04389acf7a009cba461762b3ed98499595d42a842c7af18996f1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_geometry.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_stacklevel: Test function `test_stacklevel` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134845, "scanner": "repobility-ast-engine", "fingerprint": "7f6b88f28568750459d1f4ff58db212789769268507de500a8402bf138687ef1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f6b88f28568750459d1f4ff58db212789769268507de500a8402bf138687ef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_utils.py"}, "region": {"startLine": 518}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_wrong_param_name: Test function `test_wrong_param_name` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134844, "scanner": "repobility-ast-engine", "fingerprint": "9d08dd63d9f23ede427e5f45bb949628fd2a6e2b85fbfa6c79a67af308b97f92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d08dd63d9f23ede427e5f45bb949628fd2a6e2b85fbfa6c79a67af308b97f92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_utils.py"}, "region": {"startLine": 497}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_wrong_call_signature: Test function `test_wrong_call_signature` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134843, "scanner": "repobility-ast-engine", "fingerprint": "bb5ee8ee82bfd31c6a6eae7676a4b19edf6d17801f3447d4dfc31b634ccd1fee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb5ee8ee82bfd31c6a6eae7676a4b19edf6d17801f3447d4dfc31b634ccd1fee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_utils.py"}, "region": {"startLine": 484}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_conflicting_old_and_new: Test function `test_conflicting_old_and_new` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134842, "scanner": "repobility-ast-engine", "fingerprint": "6c68a0f7ab545fd7e17958091b7ccae25012e7936072030d98e7946619cc8ff2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c68a0f7ab545fd7e17958091b7ccae25012e7936072030d98e7946619cc8ff2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_utils.py"}, "region": {"startLine": 470}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_nD: Test function `test_check_nD` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134841, "scanner": "repobility-ast-engine", "fingerprint": "a9e37a7d397ab19a9fd48038ddc51b62f4327410078fbc132132be67b2dfb94a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9e37a7d397ab19a9fd48038ddc51b62f4327410078fbc132132be67b2dfb94a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_utils.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_require: Test function `test_require` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134840, "scanner": "repobility-ast-engine", "fingerprint": "ca2ac896287b608bdc810d005d4418c354dba4ac2b2c90b1039592f07e5ea619", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca2ac896287b608bdc810d005d4418c354dba4ac2b2c90b1039592f07e5ea619"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_version_requirements.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_strict_warning_false: Test function `test_strict_warning_false` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134839, "scanner": "repobility-ast-engine", "fingerprint": "8913e159611ed5f6e0751a4095e1901b3317a042f6b48ab17166e5d1fe6a1d47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8913e159611ed5f6e0751a4095e1901b3317a042f6b48ab17166e5d1fe6a1d47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_warnings.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_strict_warning_true: Test function `test_strict_warning_true` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134838, "scanner": "repobility-ast-engine", "fingerprint": "aaf6d8f6080787c44247decf5a0522d11157e0f34d035625ed0f0edad87c2386", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aaf6d8f6080787c44247decf5a0522d11157e0f34d035625ed0f0edad87c2386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_warnings.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_strict_warnigns_default: Test function `test_strict_warnigns_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134837, "scanner": "repobility-ast-engine", "fingerprint": "78828e5c7c027889611342bcdc95618bde61fed258b2fb327ea7e8ea481e6165", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78828e5c7c027889611342bcdc95618bde61fed258b2fb327ea7e8ea481e6165"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_warnings.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_wrong_stacklevel: Test function `test_wrong_stacklevel` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134836, "scanner": "repobility-ast-engine", "fingerprint": "52b1f101891ceff98bb68c435521192a613f02368244bd218de4d8e609629a76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52b1f101891ceff98bb68c435521192a613f02368244bd218de4d8e609629a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_testing.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_correct_stacklevel: Test function `test_correct_stacklevel` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134835, "scanner": "repobility-ast-engine", "fingerprint": "3e40b6f866e6a22f5a2265abaf937d015a30e27352be49edafa1a83d1026dabf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e40b6f866e6a22f5a2265abaf937d015a30e27352be49edafa1a83d1026dabf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_testing.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_expected_warnings_noop: Test function `test_expected_warnings_noop` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134834, "scanner": "repobility-ast-engine", "fingerprint": "fc1795f39e0d4632059dca8cad5242909c69259713e670bf38361f9a9e0e9e55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc1795f39e0d4632059dca8cad5242909c69259713e670bf38361f9a9e0e9e55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_testing.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_parallel_warning: Test function `test_parallel_warning` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134833, "scanner": "repobility-ast-engine", "fingerprint": "70f9da00fec4d01e38a6f2bc1485781f62ab5beec1b5f7cfb51ec31561681894", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70f9da00fec4d01e38a6f2bc1485781f62ab5beec1b5f7cfb51ec31561681894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage2/_shared/test_testing.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_skimage2migration_comment_check: Test function `test_skimage2migration_comment_check` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134832, "scanner": "repobility-ast-engine", "fingerprint": "510d5f3bc8858bca31501e420a7bffb03756c235fe561cc8fd97237a0cf4fabb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|510d5f3bc8858bca31501e420a7bffb03756c235fe561cc8fd97237a0cf4fabb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage/test_migration.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_root_dir: Test function `test_root_dir` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134831, "scanner": "repobility-ast-engine", "fingerprint": "e48f241ff222fca07796c1db01942ab3c30df3910905773da35ad80a78f115b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e48f241ff222fca07796c1db01942ab3c30df3910905773da35ad80a78f115b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage/conftest.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `Skeletonize3d` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134830, "scanner": "repobility-ast-engine", "fingerprint": "e63a3e8bb8083caf97215983eb347bc300d8172d532f6e22ea2e800ce6126dc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e63a3e8bb8083caf97215983eb347bc300d8172d532f6e22ea2e800ce6126dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_morphology.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `time_hessian_matrix_det` of class `FeatureSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134829, "scanner": "repobility-ast-engine", "fingerprint": "944cf7e42dd2c3b38db43e482ebffd12d9634b67e671c09805857002b44d3944", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|944cf7e42dd2c3b38db43e482ebffd12d9634b67e671c09805857002b44d3944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.keypoints` used but never assigned in __init__: Method `time_brief` of class `FeatureSuite` reads `self.keypoints`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134828, "scanner": "repobility-ast-engine", "fingerprint": "e2c33b0559d7314db7fc9b5f3f5c5a1632e408bf4301e25857f31fa5bd87940c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2c33b0559d7314db7fc9b5f3f5c5a1632e408bf4301e25857f31fa5bd87940c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `time_brief` of class `FeatureSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134827, "scanner": "repobility-ast-engine", "fingerprint": "6595260d63c2c6fa7d151560edc7dbeaee8ee00303f67e10aef25c07b61b2c84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6595260d63c2c6fa7d151560edc7dbeaee8ee00303f67e10aef25c07b61b2c84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image_ubyte` used but never assigned in __init__: Method `time_glcm` of class `FeatureSuite` reads `self.image_ubyte`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134826, "scanner": "repobility-ast-engine", "fingerprint": "f26cc22a9531088bb75595d06994470f48aa50a2c3fdf4fff9a8c536e46d3bba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f26cc22a9531088bb75595d06994470f48aa50a2c3fdf4fff9a8c536e46d3bba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `time_canny` of class `FeatureSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134825, "scanner": "repobility-ast-engine", "fingerprint": "94c44925687948211463bcb158992959ad75fb5fd66cf99a82e13fcc6ebd2efa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94c44925687948211463bcb158992959ad75fb5fd66cf99a82e13fcc6ebd2efa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `FeatureSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134824, "scanner": "repobility-ast-engine", "fingerprint": "b6adffe884a05f67e909def8336f0e746df59705e884ec446dfb2163b23cb7ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6adffe884a05f67e909def8336f0e746df59705e884ec446dfb2163b23cb7ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `FeatureSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134823, "scanner": "repobility-ast-engine", "fingerprint": "a7730bc06ebe0e4235eb7055cebd8b2bf47b18c46357f733a7de90ef6597beff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7730bc06ebe0e4235eb7055cebd8b2bf47b18c46357f733a7de90ef6597beff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.keypoints` used but never assigned in __init__: Method `setup` of class `FeatureSuite` reads `self.keypoints`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134822, "scanner": "repobility-ast-engine", "fingerprint": "844802f8bb2034c0ccf6d690261f90220d06edd3ab5d778cb995e7361a0e66eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|844802f8bb2034c0ccf6d690261f90220d06edd3ab5d778cb995e7361a0e66eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image_ubyte` used but never assigned in __init__: Method `setup` of class `FeatureSuite` reads `self.image_ubyte`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134821, "scanner": "repobility-ast-engine", "fingerprint": "1574f31f3121d81b2b56656798a8725c66ae4efa03d861be857104d5dc39e199", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1574f31f3121d81b2b56656798a8725c66ae4efa03d861be857104d5dc39e199"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `FeatureSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134820, "scanner": "repobility-ast-engine", "fingerprint": "f649d13de745850d86ea9424258027bd5e8688744cf58c56cc8de4b1bcb6a43c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f649d13de745850d86ea9424258027bd5e8688744cf58c56cc8de4b1bcb6a43c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_feature.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.footprint_3d` used but never assigned in __init__: Method `time_3d_filters` of class `Rank3DSuite` reads `self.footprint_3d`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134819, "scanner": "repobility-ast-engine", "fingerprint": "95b21e66679db7bdb8a045b8a7176dcffb1a4d53e96caf7d1997f6a33c35404e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95b21e66679db7bdb8a045b8a7176dcffb1a4d53e96caf7d1997f6a33c35404e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.volume` used but never assigned in __init__: Method `time_3d_filters` of class `Rank3DSuite` reads `self.volume`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134818, "scanner": "repobility-ast-engine", "fingerprint": "b17c2190922cff9d076bff96d789c95ff9dec7b0b0f8ae97746453d02484d85f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b17c2190922cff9d076bff96d789c95ff9dec7b0b0f8ae97746453d02484d85f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.footprint_3d` used but never assigned in __init__: Method `setup` of class `Rank3DSuite` reads `self.footprint_3d`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134817, "scanner": "repobility-ast-engine", "fingerprint": "676b20f7a19ca2e9611b8c19ccfb555b6a774f135db2784c507bc61ed8c3a287", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|676b20f7a19ca2e9611b8c19ccfb555b6a774f135db2784c507bc61ed8c3a287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.volume` used but never assigned in __init__: Method `setup` of class `Rank3DSuite` reads `self.volume`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134816, "scanner": "repobility-ast-engine", "fingerprint": "05cdaee52fd4313dcde358da97e406f8709db69a75b3e7ed7090f6078d3ddc45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05cdaee52fd4313dcde358da97e406f8709db69a75b3e7ed7090f6078d3ddc45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.footprint` used but never assigned in __init__: Method `time_filter` of class `RankSuite` reads `self.footprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134815, "scanner": "repobility-ast-engine", "fingerprint": "d63c76f4793d0fb832e343ddf7ef745d9e8a5a713e005bdb288a8d2b37a05359", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d63c76f4793d0fb832e343ddf7ef745d9e8a5a713e005bdb288a8d2b37a05359"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `time_filter` of class `RankSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134814, "scanner": "repobility-ast-engine", "fingerprint": "ef5b25f4841dc43fe2d35d58fe60f606e673d83fdcc2c0928bf6a82a5534076e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef5b25f4841dc43fe2d35d58fe60f606e673d83fdcc2c0928bf6a82a5534076e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.footprint` used but never assigned in __init__: Method `setup` of class `RankSuite` reads `self.footprint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134813, "scanner": "repobility-ast-engine", "fingerprint": "69fcdbb66634780f3f70107564d4acfc636fb2952027920da360ec6f7e45ce2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69fcdbb66634780f3f70107564d4acfc636fb2952027920da360ec6f7e45ce2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.image` used but never assigned in __init__: Method `setup` of class `RankSuite` reads `self.image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134812, "scanner": "repobility-ast-engine", "fingerprint": "efe104ebce1e6d60cf9104bd70ab088fe328cdf8dac577acb225acedd04a9cdd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efe104ebce1e6d60cf9104bd70ab088fe328cdf8dac577acb225acedd04a9cdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_rank.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.n` used but never assigned in __init__: Method `time_central_pixel` of class `GraphSuite` reads `self.n`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134811, "scanner": "repobility-ast-engine", "fingerprint": "1004a94e0dda95ad8e5d7ad4444f2852fe74c5e6d4448dd880d995f7abd73f7c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1004a94e0dda95ad8e5d7ad4444f2852fe74c5e6d4448dd880d995f7abd73f7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_graph.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.g` used but never assigned in __init__: Method `time_central_pixel` of class `GraphSuite` reads `self.g`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134810, "scanner": "repobility-ast-engine", "fingerprint": "aec189e7da79c4d148f21d202f7c6ddc36790aef961bf6a877614e6b5448515f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aec189e7da79c4d148f21d202f7c6ddc36790aef961bf6a877614e6b5448515f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_graph.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.skeleton` used but never assigned in __init__: Method `time_build_pixel_graph` of class `GraphSuite` reads `self.skeleton`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134809, "scanner": "repobility-ast-engine", "fingerprint": "8b5e92d91589d3f67bb362e655ba61fc8241c2f20738cc90c8fb3628860db0ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b5e92d91589d3f67bb362e655ba61fc8241c2f20738cc90c8fb3628860db0ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_graph.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.n` used but never assigned in __init__: Method `setup` of class `GraphSuite` reads `self.n`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134808, "scanner": "repobility-ast-engine", "fingerprint": "c435dfe391a0626048cc33ecee5ca7bfb19b598015e5765fe211f5b718926330", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c435dfe391a0626048cc33ecee5ca7bfb19b598015e5765fe211f5b718926330"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_graph.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.g` used but never assigned in __init__: Method `setup` of class `GraphSuite` reads `self.g`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134807, "scanner": "repobility-ast-engine", "fingerprint": "61337c598ae95f7c1748087ed0851e51d71c4cf67110aab145e80bb386b9d094", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|61337c598ae95f7c1748087ed0851e51d71c4cf67110aab145e80bb386b9d094"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_graph.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.skeleton` used but never assigned in __init__: Method `setup` of class `GraphSuite` reads `self.skeleton`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134806, "scanner": "repobility-ast-engine", "fingerprint": "bd474e924fc140a0e0b7ac1805644e7d507d541abce2f71d59a3a88b349cd9a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd474e924fc140a0e0b7ac1805644e7d507d541abce2f71d59a3a88b349cd9a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_graph.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134795, "scanner": "repobility-threat-engine", "fingerprint": "2af1c8af8dc4c771fc176c1b7612227b52e2d6f4e471cb36c4697f0b20820a2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "np.save(fname, opt_vals)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2af1c8af8dc4c771fc176c1b7612227b52e2d6f4e471cb36c4697f0b20820a2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/precompute/_precompute_nsphere_decompositions.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134794, "scanner": "repobility-threat-engine", "fingerprint": "a445e9955a242dc7b0ab23b6aca9087e1babfedc98833244c543fc39e19626f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "img.save(fname, format=format_str, **kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a445e9955a242dc7b0ab23b6aca9087e1babfedc98833244c543fc39e19626f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/io/_plugins/pil_plugin.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 134792, "scanner": "repobility-threat-engine", "fingerprint": "ae193d7792644309c5bef4a394af610da6269b339c658ebd06c962356099aa20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae193d7792644309c5bef4a394af610da6269b339c658ebd06c962356099aa20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/graph/spath.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 134791, "scanner": "repobility-threat-engine", "fingerprint": "73a7877641cec2cc175c623d9e2520c07064d23b34f7cd70c022f19a7eaa44a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73a7877641cec2cc175c623d9e2520c07064d23b34f7cd70c022f19a7eaa44a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/graph/mcp.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 134790, "scanner": "repobility-threat-engine", "fingerprint": "69794696d2e8edd7e600357fd48bdf20aa75c0fd95a066bf64f73f25e7507731", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69794696d2e8edd7e600357fd48bdf20aa75c0fd95a066bf64f73f25e7507731"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/graph/_ncut.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 134782, "scanner": "repobility-threat-engine", "fingerprint": "8efa440accaa8c475363e775ad67a55cfe6ab935dc2deba27a5a6a33508271f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8efa440accaa8c475363e775ad67a55cfe6ab935dc2deba27a5a6a33508271f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/_vendored/numpy_lookfor.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 134781, "scanner": "repobility-threat-engine", "fingerprint": "1435f6eeb3a234936ed95d4edde1e388309fac23e2e1d04ef0cbc14bf738b62a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1435f6eeb3a234936ed95d4edde1e388309fac23e2e1d04ef0cbc14bf738b62a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_skimage2/_shared/tester.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134780, "scanner": "repobility-threat-engine", "fingerprint": "58952049d7d8b1c2c5a2f657eb40474a3318802f2ad55f9058b065a0c0537b20", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|58952049d7d8b1c2c5a2f657eb40474a3318802f2ad55f9058b065a0c0537b20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/io/util.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134779, "scanner": "repobility-threat-engine", "fingerprint": "df2b47aec9720b0e847b34c1a7a219d639242e2a54f58a38a326f1285f92eebd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.urlopen(\n            f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|df2b47aec9720b0e847b34c1a7a219d639242e2a54f58a38a326f1285f92eebd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/tools/plot_pr.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 134762, "scanner": "repobility-threat-engine", "fingerprint": "a9e6d0d54269a135e5c765f3f616e5c2abc28bbd6cfd13c320c700171857ad74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9e6d0d54269a135e5c765f3f616e5c2abc28bbd6cfd13c320c700171857ad74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/color_exposure/plot_adapt_hist_eq_3d.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 134761, "scanner": "repobility-threat-engine", "fingerprint": "edde2c6562ebe3dbe94352b27295024259a34950d8e046d2cd6f7daec749534a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|edde2c6562ebe3dbe94352b27295024259a34950d8e046d2cd6f7daec749534a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_registration.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 134760, "scanner": "repobility-threat-engine", "fingerprint": "5682ba6cba1303af6ebca4af3b4c0b91354a37af5dd6ba303330cd0e4ae8703b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5682ba6cba1303af6ebca4af3b4c0b91354a37af5dd6ba303330cd0e4ae8703b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/benchmark_metrics.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.UPLOAD_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.UPLOAD_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 134901, "scanner": "repobility-supply-chain", "fingerprint": "ed37e4422e9bf946c0cb9a66a17f86cb0602a06daba0cd403f2f8426c0ec922c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed37e4422e9bf946c0cb9a66a17f86cb0602a06daba0cd403f2f8426c0ec922c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly-wheel-build.yaml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CACHE_VERSION` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CACHE_VERSION }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 134888, "scanner": "repobility-supply-chain", "fingerprint": "cbaacd1988f81d5840d7809995b60084d3038b9b532410c8ae64c666c759122a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbaacd1988f81d5840d7809995b60084d3038b9b532410c8ae64c666c759122a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yaml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CACHE_VERSION` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CACHE_VERSION }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 134887, "scanner": "repobility-supply-chain", "fingerprint": "502254c335a4cf5731eb65623a25425ab63d589416812c8b969dd774894a3873", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|502254c335a4cf5731eb65623a25425ab63d589416812c8b969dd774894a3873"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yaml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134870, "scanner": "repobility-ast-engine", "fingerprint": "ef4c58ae61e8a76f8e521b68721ec494753e715f6e8099c0aa6537d4ef303527", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef4c58ae61e8a76f8e521b68721ec494753e715f6e8099c0aa6537d4ef303527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/util/apply_parallel.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `random` used but not imported: The file uses `random.something(...)` but never imports `random`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134867, "scanner": "repobility-ast-engine", "fingerprint": "33897bee5e306a677dec8646ac7b10e2c0ade2bed918a418e08ae42ef23c8ebb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33897bee5e306a677dec8646ac7b10e2c0ade2bed918a418e08ae42ef23c8ebb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/draw/_random_shapes.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134864, "scanner": "repobility-ast-engine", "fingerprint": "1967dad0edbad148c9e43b3e63805cfa7f0be1acdfd529528aed1ebfd1ffc746", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1967dad0edbad148c9e43b3e63805cfa7f0be1acdfd529528aed1ebfd1ffc746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_skimage2/_shared/utils.py"}, "region": {"startLine": 948}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134863, "scanner": "repobility-ast-engine", "fingerprint": "bf667adaac280947d1022d45a02ef37ca15c99bf9e714e8add88e0d0bfd77cf6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf667adaac280947d1022d45a02ef37ca15c99bf9e714e8add88e0d0bfd77cf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/precompute/mc_meta/createluts.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134859, "scanner": "repobility-ast-engine", "fingerprint": "40f1615706baa6732c2ebc92722f980d29ea18b3d99393315ffd23a3e5c14f87", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40f1615706baa6732c2ebc92722f980d29ea18b3d99393315ffd23a3e5c14f87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage/io/test_multi_image.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134858, "scanner": "repobility-ast-engine", "fingerprint": "bba56d20e589cbf322c2878468196e16547aa2d6ee17eea0b6c2de19cf96206d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bba56d20e589cbf322c2878468196e16547aa2d6ee17eea0b6c2de19cf96206d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage/io/test_collection.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `gc` used but not imported: The file uses `gc.something(...)` but never imports `gc`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134857, "scanner": "repobility-ast-engine", "fingerprint": "ed374549ac262777c80f9cb82bc133a08859e479720b5fda1d121e4abf2da86c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed374549ac262777c80f9cb82bc133a08859e479720b5fda1d121e4abf2da86c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage/graph/test_rag.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134856, "scanner": "repobility-ast-engine", "fingerprint": "4469dd865651aeb8b4ca142dbb1526ab7c49375f1fd6ac670a66dc289e579282", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4469dd865651aeb8b4ca142dbb1526ab7c49375f1fd6ac670a66dc289e579282"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/skimage/filters/test_unsharp_mask.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 134789, "scanner": "repobility-threat-engine", "fingerprint": "7fea8be974efe867f4f46b7b40b7723da4c9b0c2dc7e674b675d5fbeefd53c51", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7fea8be974efe867f4f46b7b40b7723da4c9b0c2dc7e674b675d5fbeefd53c51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/feature/template.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 134786, "scanner": "repobility-threat-engine", "fingerprint": "ba81dbccaa9ecfd58c3bb752c66ea0bc1e96d71f7947d4d8d1b880d2d6059b5d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(np", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ba81dbccaa9ecfd58c3bb752c66ea0bc1e96d71f7947d4d8d1b880d2d6059b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/skimage/restoration/unwrap.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 134785, "scanner": "repobility-threat-engine", "fingerprint": "4e22ec17a8d451f9c3ffe22c585a92bc72dcdbf7f8ab9cb786ad52fcb32ded71", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(name", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4e22ec17a8d451f9c3ffe22c585a92bc72dcdbf7f8ab9cb786ad52fcb32ded71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_skimage2/_shared/version_requirements.py"}, "region": {"startLine": 110}}}]}]}]}