{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 93 more): Same pattern found in 93 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 93 more): Same pattern found in 93 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `ubuntu:22.04` unpinned: `container/services image: ubuntu:22.04` without `", "shortDescription": {"text": "[MINED126] Workflow container/services image `ubuntu:22.04` unpinned: `container/services image: ubuntu:22.04` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain di"}, "fullDescription": {"text": "Replace with `ubuntu:22.04@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions-rs/cargo@<40-char-sha>  # v1` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `alpine:3.22` not pinned by digest: `FROM alpine:3.22` resolves the tag at build time. The re", "shortDescription": {"text": "[MINED118] Dockerfile FROM `alpine:3.22` not pinned by digest: `FROM alpine:3.22` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should"}, "fullDescription": {"text": "Replace with: `FROM alpine:3.22@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC019", "name": "[SEC019] Raw Authorization Token in Example: A real-looking API token appears in an Authorization-style header or servic", "shortDescription": {"text": "[SEC019] Raw Authorization Token in Example: A real-looking API token appears in an Authorization-style header or service-key example. Use placeholders in docs and CI snippets; never paste live tokens into source, comments, or README files."}, "fullDescription": {"text": "Replace the value with a placeholder, revoke or rotate the exposed token, and store live values only in a masked secret store."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/900"}, "properties": {"repository": "meilisearch/meilisearch", "repoUrl": "https://github.com/meilisearch/meilisearch", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 84038, "scanner": "repobility-docker", "fingerprint": "a198cab1bf137a955baa13be0f357b4ca15c96f548f6a685b95178a5a497542c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.22", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a198cab1bf137a955baa13be0f357b4ca15c96f548f6a685b95178a5a497542c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 84037, "scanner": "repobility-docker", "fingerprint": "08a8e06291e967f070afda28e1ceaeb2925a51c591c84706836fabc9ae06f22f", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 15 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 15, "correlation_key": "fp|08a8e06291e967f070afda28e1ceaeb2925a51c591c84706836fabc9ae06f22f", "dependency_install_line": 16}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 84036, "scanner": "repobility-docker", "fingerprint": "8d96a8720df6ff3371ada3609e8a4cdc0299734c753ccb5d1621ad974e89f1e5", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8d96a8720df6ff3371ada3609e8a4cdc0299734c753ccb5d1621ad974e89f1e5", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 84035, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": "crates/dump/tests/assets/v6-with-network.dump", "size_mb": 3.3}, {"path": "crates/dump/tests/assets/v5.dump", "size_mb": 0.1}, {"path": "crates/dump/tests/assets/v2.dump", "size_mb": 0.1}, {"path": "crates/dump/tests/assets/v4.dump", "size_mb": 0.1}, {"path": "crates/dump/tests/assets/v3.dump", "size_mb": 0.1}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 84034, "scanner": "repobility-agent-runtime", "fingerprint": "c08909e97447d3303a6e96dec2931aac8270e3a6404b996384ca595ac128a377", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c08909e97447d3303a6e96dec2931aac8270e3a6404b996384ca595ac128a377"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdks-tests.yml"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 84003, "scanner": "repobility-threat-engine", "fingerprint": "9c698cae4cafc0343c376f5b566752c11c07b9caed0642063ee22e067906e6d2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|crates/xtask/src/main.rs|60|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/xtask/src/main.rs"}, "region": {"startLine": 60}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 84039, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84033, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f53daa69e9c5764ee982dac10e516f6c760862fc12b02887bb952f55e72b6de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v4/settings.rs", "duplicate_line": 134, "correlation_key": "fp|4f53daa69e9c5764ee982dac10e516f6c760862fc12b02887bb952f55e72b6de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/settings.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84032, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de1e8e676b2c24966f8dda4592ef4df52c84c1be5de6cb1269a2b0a05381dcef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/mod.rs", "duplicate_line": 433, "correlation_key": "fp|de1e8e676b2c24966f8dda4592ef4df52c84c1be5de6cb1269a2b0a05381dcef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/mod.rs"}, "region": {"startLine": 230}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84031, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85af00c04b99d8c4421c3b126278148b34a8ae1f2d065728f682e3aae9c369f3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v2/mod.rs", "duplicate_line": 133, "correlation_key": "fp|85af00c04b99d8c4421c3b126278148b34a8ae1f2d065728f682e3aae9c369f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/mod.rs"}, "region": {"startLine": 160}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84030, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b4f3ecb0e6f4942e409bdbf09986cffc3239de29d2ff86be08c33af323d421f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v3/mod.rs", "duplicate_line": 69, "correlation_key": "fp|3b4f3ecb0e6f4942e409bdbf09986cffc3239de29d2ff86be08c33af323d421f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/mod.rs"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84029, "scanner": "repobility-ai-code-hygiene", "fingerprint": "458e623034fd1df0a6a4a38301ece52913aca8610d179d406cdb43f250087ac3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v4/mod.rs", "duplicate_line": 78, "correlation_key": "fp|458e623034fd1df0a6a4a38301ece52913aca8610d179d406cdb43f250087ac3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/mod.rs"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84028, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9776c08c60325feaa185d3797b4ac5e544d542bdeb0a4260940caccca8b5743", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v4/meta.rs", "duplicate_line": 4, "correlation_key": "fp|f9776c08c60325feaa185d3797b4ac5e544d542bdeb0a4260940caccca8b5743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/meta.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84027, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c80c5e5a3a3718e0f14ba70dd08004d73fbdd2d6e33da97dfc65f49a7a43cfca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v3/errors.rs", "duplicate_line": 7, "correlation_key": "fp|c80c5e5a3a3718e0f14ba70dd08004d73fbdd2d6e33da97dfc65f49a7a43cfca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/errors.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84026, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4925d94221fa22cee3abc51cf14586362a3aecc4b4b29d34ffd1577a79bf02bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v4/errors.rs", "duplicate_line": 6, "correlation_key": "fp|4925d94221fa22cee3abc51cf14586362a3aecc4b4b29d34ffd1577a79bf02bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v5/errors.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84025, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a156552feaf16cff90292a14accb6571de06d0cca6d5528d442b3a43469bd284", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v2/settings.rs", "duplicate_line": 5, "correlation_key": "fp|a156552feaf16cff90292a14accb6571de06d0cca6d5528d442b3a43469bd284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v4/settings.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84024, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2397b600ed53fee46d56007a48a9ca7a494778c7b5206c77875134657d757e14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v3/settings.rs", "duplicate_line": 1, "correlation_key": "fp|2397b600ed53fee46d56007a48a9ca7a494778c7b5206c77875134657d757e14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v4/settings.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84023, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9fb118c2dbdbe4de0c3f89c0e3360315021feae86975d579c77f5af648069496", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/mod.rs", "duplicate_line": 492, "correlation_key": "fp|9fb118c2dbdbe4de0c3f89c0e3360315021feae86975d579c77f5af648069496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v4/mod.rs"}, "region": {"startLine": 225}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84022, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1eb05a906aa0792d5848c83b3aba9327ce4f60359659090be24a40879805061", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v2/mod.rs", "duplicate_line": 133, "correlation_key": "fp|a1eb05a906aa0792d5848c83b3aba9327ce4f60359659090be24a40879805061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v4/mod.rs"}, "region": {"startLine": 156}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84021, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4994250f0af9de3e556e098df0f0c7bdd82b83abf71c3d05dd09f3ec501f28a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v3/mod.rs", "duplicate_line": 69, "correlation_key": "fp|4994250f0af9de3e556e098df0f0c7bdd82b83abf71c3d05dd09f3ec501f28a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v4/mod.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84020, "scanner": "repobility-ai-code-hygiene", "fingerprint": "171073141e4137de6cdbceca010e981f062824f640d3cab590c920b3c5906d0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v3/errors.rs", "duplicate_line": 7, "correlation_key": "fp|171073141e4137de6cdbceca010e981f062824f640d3cab590c920b3c5906d0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v4/errors.rs"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84019, "scanner": "repobility-ai-code-hygiene", "fingerprint": "15cbf16a2e2e1568619a516b7800e6250bdfa289ff24ca450ae9f175203c3b8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v2/updates.rs", "duplicate_line": 117, "correlation_key": "fp|15cbf16a2e2e1568619a516b7800e6250bdfa289ff24ca450ae9f175203c3b8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v3/updates.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84018, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7cabc7b78f11b8bc152c258140d7f52b36ae8e0bc87f7bfc675d7456689f6c9b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v2/settings.rs", "duplicate_line": 5, "correlation_key": "fp|7cabc7b78f11b8bc152c258140d7f52b36ae8e0bc87f7bfc675d7456689f6c9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v3/settings.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84017, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d14b3e101252f72766f7d0252db6f6cef8ff1d2cfb23124ea3609abdf0324f70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/mod.rs", "duplicate_line": 653, "correlation_key": "fp|d14b3e101252f72766f7d0252db6f6cef8ff1d2cfb23124ea3609abdf0324f70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v3/mod.rs"}, "region": {"startLine": 237}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84016, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d987c2b1baba117148605add8c006af74e61a280cba0400638c4ccb2a3460f47", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v2_to_v3.rs", "duplicate_line": 429, "correlation_key": "fp|d987c2b1baba117148605add8c006af74e61a280cba0400638c4ccb2a3460f47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v3/mod.rs"}, "region": {"startLine": 230}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84015, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71f946fc09efe541cd71b36dcba1d5758bb5a441f07a03dbbc743a051c57ca70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/v2/mod.rs", "duplicate_line": 115, "correlation_key": "fp|71f946fc09efe541cd71b36dcba1d5758bb5a441f07a03dbbc743a051c57ca70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v3/mod.rs"}, "region": {"startLine": 121}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84014, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fea96d77050564a5ba94bd4996891e3ab0ce31a7ab4243250d9d573afb6d9375", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/mod.rs", "duplicate_line": 621, "correlation_key": "fp|fea96d77050564a5ba94bd4996891e3ab0ce31a7ab4243250d9d573afb6d9375"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v2/mod.rs"}, "region": {"startLine": 196}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84013, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f6ccedf1bf7c93b88008f111f28c5beba9a21d96ef14a0921841d6b00ef7c7f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v2_to_v3.rs", "duplicate_line": 399, "correlation_key": "fp|9f6ccedf1bf7c93b88008f111f28c5beba9a21d96ef14a0921841d6b00ef7c7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v2/mod.rs"}, "region": {"startLine": 191}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84012, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ebe153bb175282d21f5b2759a0e2f512c18b9b385077ab673bc4dba37214b9e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v1_to_v2.rs", "duplicate_line": 318, "correlation_key": "fp|ebe153bb175282d21f5b2759a0e2f512c18b9b385077ab673bc4dba37214b9e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v1/mod.rs"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84011, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0716815cb464a9c763a015b22c43c599a2ff82629b24aad8fa12fe30c0acfa0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v1_to_v2.rs", "duplicate_line": 313, "correlation_key": "fp|0716815cb464a9c763a015b22c43c599a2ff82629b24aad8fa12fe30c0acfa0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/mod.rs"}, "region": {"startLine": 749}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84010, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f14c9ecb86c119d77e0560b17bd304a5b3d3006b2c3f31599e31c3e2b87f4f8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v2_to_v3.rs", "duplicate_line": 404, "correlation_key": "fp|f14c9ecb86c119d77e0560b17bd304a5b3d3006b2c3f31599e31c3e2b87f4f8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/mod.rs"}, "region": {"startLine": 550}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84009, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e8f543a0732f9259de9b9195908acf7d964d74d1f78af93bdbb5a63e205afb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v5_to_v6.rs", "duplicate_line": 456, "correlation_key": "fp|2e8f543a0732f9259de9b9195908acf7d964d74d1f78af93bdbb5a63e205afb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/mod.rs"}, "region": {"startLine": 424}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84008, "scanner": "repobility-ai-code-hygiene", "fingerprint": "973df7ffe3f9d1762cfa7af840aa616d27c4dc96fa1fb9100659b0b8fc7ef75f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/lib.rs", "duplicate_line": 322, "correlation_key": "fp|973df7ffe3f9d1762cfa7af840aa616d27c4dc96fa1fb9100659b0b8fc7ef75f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/mod.rs"}, "region": {"startLine": 224}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84007, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e34d811955294114422348b97b3cb38dc208921f7e229a9755ce2558cda0412", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v2_to_v3.rs", "duplicate_line": 408, "correlation_key": "fp|4e34d811955294114422348b97b3cb38dc208921f7e229a9755ce2558cda0412"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/compat/v5_to_v6.rs"}, "region": {"startLine": 468}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84006, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7eb3e1a885835d76ea0d56583a7b3dd63e0ee37540249a6d2e1085dc37259aea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v4_to_v5.rs", "duplicate_line": 385, "correlation_key": "fp|7eb3e1a885835d76ea0d56583a7b3dd63e0ee37540249a6d2e1085dc37259aea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/compat/v5_to_v6.rs"}, "region": {"startLine": 465}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84005, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2bb838d2e1141538152f3ab4855d62dc4cb94c0e03e4da2512cbf6ae4173e06", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v2_to_v3.rs", "duplicate_line": 408, "correlation_key": "fp|b2bb838d2e1141538152f3ab4855d62dc4cb94c0e03e4da2512cbf6ae4173e06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/compat/v4_to_v5.rs"}, "region": {"startLine": 388}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 84004, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a15b8ea824c80ef61b40f31fe9fea21e6ea7531c7dcc963b3eb23686052c2373", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/dump/src/reader/compat/v2_to_v3.rs", "duplicate_line": 404, "correlation_key": "fp|a15b8ea824c80ef61b40f31fe9fea21e6ea7531c7dcc963b3eb23686052c2373"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/compat/v3_to_v4.rs"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 83998, "scanner": "repobility-threat-engine", "fingerprint": "a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "aggregated_count": 1}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 83994, "scanner": "repobility-threat-engine", "fingerprint": "e6e87df05fa0fe570cd92b1a7e92f3113b03e16ac77fd1b3eef7e9c7e390350d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e6e87df05fa0fe570cd92b1a7e92f3113b03e16ac77fd1b3eef7e9c7e390350d", "aggregated_count": 12}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 83993, "scanner": "repobility-threat-engine", "fingerprint": "1c039c2bf0fd8b06f24f899ed22b79d91440f8262de09b01f58e261c642a9f6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c039c2bf0fd8b06f24f899ed22b79d91440f8262de09b01f58e261c642a9f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilitool/src/upgrade/v1_10.rs"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 83992, "scanner": "repobility-threat-engine", "fingerprint": "5511d2df291fba1b4b110abea560224f1ae0873da1fa76c916fa93cfbf317d69", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5511d2df291fba1b4b110abea560224f1ae0873da1fa76c916fa93cfbf317d69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch-types/src/document_formats.rs"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 83991, "scanner": "repobility-threat-engine", "fingerprint": "60141ada44892b4f8daa7cb07f830ae7cd90b0e6044dc513ccb42e6bb0a53193", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60141ada44892b4f8daa7cb07f830ae7cd90b0e6044dc513ccb42e6bb0a53193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/index-scheduler/src/scheduler/process_snapshot_creation.rs"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 83990, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 83986, "scanner": "repobility-threat-engine", "fingerprint": "c26626d94d139bf627eb17124c47e4d3c5bfca373a67acb1dfe59098e987ccb4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c26626d94d139bf627eb17124c47e4d3c5bfca373a67acb1dfe59098e987ccb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/http-client/src/lib.rs"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 83985, "scanner": "repobility-threat-engine", "fingerprint": "95ce5dcbfe06ec371711f768a8046f387c57df2d286b0ba6440f3f6fddacc9d1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95ce5dcbfe06ec371711f768a8046f387c57df2d286b0ba6440f3f6fddacc9d1", "aggregated_count": 13}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 83984, "scanner": "repobility-threat-engine", "fingerprint": "0067075cd10c55d67ede6823af5bb0a07826fd81de40122651c7863e33412580", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0067075cd10c55d67ede6823af5bb0a07826fd81de40122651c7863e33412580"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/src/metrics.rs"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 83983, "scanner": "repobility-threat-engine", "fingerprint": "e9c48cef88b85d8bab16ca14166ee8b58fec14331d2324f6c522420021cac8f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e9c48cef88b85d8bab16ca14166ee8b58fec14331d2324f6c522420021cac8f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/build.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 83982, "scanner": "repobility-threat-engine", "fingerprint": "6397f96e7a7f0b8488e02dbd84c5cc2421390efe4d72f1a9f4d4d99d44ed1c78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6397f96e7a7f0b8488e02dbd84c5cc2421390efe4d72f1a9f4d4d99d44ed1c78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/index-scheduler/src/scheduler/process_snapshot_creation.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 83981, "scanner": "repobility-threat-engine", "fingerprint": "4cbcd31ee9feb9d707fa224ec7016ed956164a96336cb54ded430a0481b724cf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4cbcd31ee9feb9d707fa224ec7016ed956164a96336cb54ded430a0481b724cf", "aggregated_count": 9}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 83980, "scanner": "repobility-threat-engine", "fingerprint": "f1c969d01af0bec0d4d0912f2f00017f0738fcb88429781cad610e8d3bd1b0f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1c969d01af0bec0d4d0912f2f00017f0738fcb88429781cad610e8d3bd1b0f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/index-scheduler/src/scheduler/process_snapshot_creation.rs"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 83979, "scanner": "repobility-threat-engine", "fingerprint": "8c6cac8f9d76361bf5bac4d312cbd51e810c770570c9f2e0f7cdb319e5a84245", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c6cac8f9d76361bf5bac4d312cbd51e810c770570c9f2e0f7cdb319e5a84245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/http-client/src/lib.rs"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 83978, "scanner": "repobility-threat-engine", "fingerprint": "439f274baf911f6926e645315e40beec7ee599dd9c018f0c52f6af1d917aa062", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|439f274baf911f6926e645315e40beec7ee599dd9c018f0c52f6af1d917aa062"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filter-parser/fuzz/fuzz_targets/parse.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 93 more): Same pattern found in 93 additional files. Review if needed."}, "properties": {"repobilityId": 83977, "scanner": "repobility-threat-engine", "fingerprint": "9ce6e9c4d464b9f2e8f28227fead198fb1b0f6cb374755a72bb9687eade03c20", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 93 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9ce6e9c4d464b9f2e8f28227fead198fb1b0f6cb374755a72bb9687eade03c20", "aggregated_count": 93}}}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `ubuntu:22.04` unpinned: `container/services image: ubuntu:22.04` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 84068, "scanner": "repobility-supply-chain", "fingerprint": "030d60d64cff90d66ad3b59f82d1dec6e7e49d021c747f7c0e721a94245f74ed", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|030d60d64cff90d66ad3b59f82d1dec6e7e49d021c747f7c0e721a94245f74ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-apt-brew-pkg.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `ubuntu:22.04` unpinned: `container/services image: ubuntu:22.04` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 84067, "scanner": "repobility-supply-chain", "fingerprint": "08363c0fa7c8f8b4989be4f4492f8f32ddc8cbfc9a5c71c01683a19779d5d0f5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|08363c0fa7c8f8b4989be4f4492f8f32ddc8cbfc9a5c71c01683a19779d5d0f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/flaky-tests.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84066, "scanner": "repobility-supply-chain", "fingerprint": "118fc3e09e3ac5fe97f6bfffee6dd5dbfc10d48318157095841b8d9014ac13ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|118fc3e09e3ac5fe97f6bfffee6dd5dbfc10d48318157095841b8d9014ac13ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.1`: `uses: dtolnay/rust-toolchain@1.91.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84065, "scanner": "repobility-supply-chain", "fingerprint": "c44ddd0cdc4726e4d13049ae154b5fd4d2c2d6d14827896baae77134b038f7e8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c44ddd0cdc4726e4d13049ae154b5fd4d2c2d6d14827896baae77134b038f7e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2.9.1`: `uses: Swatinem/rust-cache@v2.9.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84064, "scanner": "repobility-supply-chain", "fingerprint": "bd1766e8f14a47571080df488933c17d434b73c89344c0d1c2285192f41d18b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bd1766e8f14a47571080df488933c17d434b73c89344c0d1c2285192f41d18b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84063, "scanner": "repobility-supply-chain", "fingerprint": "ff728634321d5250b5550f0227042562bef9dbfbc63f0d8d30032e42402a212c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff728634321d5250b5550f0227042562bef9dbfbc63f0d8d30032e42402a212c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84062, "scanner": "repobility-supply-chain", "fingerprint": "90c1c32382a7ddfbeb30306815d9773e23f742c0aca2c4bca0b21330afd41a91", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90c1c32382a7ddfbeb30306815d9773e23f742c0aca2c4bca0b21330afd41a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84061, "scanner": "repobility-supply-chain", "fingerprint": "74d35d3e73c5d249952f0fc913cf63b0336cda8c076211a48a1cf815a9fc1610", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|74d35d3e73c5d249952f0fc913cf63b0336cda8c076211a48a1cf815a9fc1610"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.1`: `uses: dtolnay/rust-toolchain@1.91.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84060, "scanner": "repobility-supply-chain", "fingerprint": "b0aaa7883919a455e3c9c0b5154e7027b0ecbbe6c461b063bc34c63b283222cd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b0aaa7883919a455e3c9c0b5154e7027b0ecbbe6c461b063bc34c63b283222cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2.9.1`: `uses: Swatinem/rust-cache@v2.9.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84059, "scanner": "repobility-supply-chain", "fingerprint": "86f657505ffd52797bd58b96f873e1afe8e24e2e64dc91d1fec51a321fc700db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86f657505ffd52797bd58b96f873e1afe8e24e2e64dc91d1fec51a321fc700db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84058, "scanner": "repobility-supply-chain", "fingerprint": "a0133f7a1fa26f15f5a7234cdfb4fa101e1b39661d39acc47b9f07acd52204e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0133f7a1fa26f15f5a7234cdfb4fa101e1b39661d39acc47b9f07acd52204e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84057, "scanner": "repobility-supply-chain", "fingerprint": "061d74f5c05ffedec8e7dd17038c555d4744309f7a04289e104641bf225f1f37", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|061d74f5c05ffedec8e7dd17038c555d4744309f7a04289e104641bf225f1f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rs/cargo` pinned to mutable ref `@v1`: `uses: actions-rs/cargo@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84056, "scanner": "repobility-supply-chain", "fingerprint": "b5968837189c156df0d2583c08807facd6de48a80624b86de216001b21371778", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b5968837189c156df0d2583c08807facd6de48a80624b86de216001b21371778"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2.9.1`: `uses: Swatinem/rust-cache@v2.9.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84055, "scanner": "repobility-supply-chain", "fingerprint": "a68f6a7d8a31508dcefe9b4011ce7aee8a089040529a51aea2d217093f11b735", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a68f6a7d8a31508dcefe9b4011ce7aee8a089040529a51aea2d217093f11b735"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.1`: `uses: dtolnay/rust-toolchain@1.91.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84054, "scanner": "repobility-supply-chain", "fingerprint": "a55e8bd4146b1891bc1a23e59e8c21215809f56f6bbc04406af82cacc18ac7ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a55e8bd4146b1891bc1a23e59e8c21215809f56f6bbc04406af82cacc18ac7ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84053, "scanner": "repobility-supply-chain", "fingerprint": "f625a3f8871b04673ccf11b5119b542cfb5a37506fb5d9ace0166996069fc67b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f625a3f8871b04673ccf11b5119b542cfb5a37506fb5d9ace0166996069fc67b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-suite.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.1`: `uses: dtolnay/rust-toolchain@1.91.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84052, "scanner": "repobility-supply-chain", "fingerprint": "72c7382f35ca6d06cf086757eae669b97f295158d5b7976955fa7cf2379f835a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|72c7382f35ca6d06cf086757eae669b97f295158d5b7976955fa7cf2379f835a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bench-manual.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84051, "scanner": "repobility-supply-chain", "fingerprint": "9dccd45ccb39dad8f80fd25964a763e30848c58b7ac370e9c41ecef293d97a46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9dccd45ccb39dad8f80fd25964a763e30848c58b7ac370e9c41ecef293d97a46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bench-manual.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84050, "scanner": "repobility-supply-chain", "fingerprint": "8531b6cb8d2791639597e1f6bdfd92fd75e817d9a7836b6b62b576dff10dc639", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8531b6cb8d2791639597e1f6bdfd92fd75e817d9a7836b6b62b576dff10dc639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/db-change-missing.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84049, "scanner": "repobility-supply-chain", "fingerprint": "4c1f75aa6ba1e84b23ea151bac79818bf4937b497e48a1abf40db50bf0bd5acd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c1f75aa6ba1e84b23ea151bac79818bf4937b497e48a1abf40db50bf0bd5acd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/db-change-comments.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84048, "scanner": "repobility-supply-chain", "fingerprint": "23da140d571b1ddc32714b135fa24e0d9daffb36347d668ffe622a32695bde58", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23da140d571b1ddc32714b135fa24e0d9daffb36347d668ffe622a32695bde58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-openapi-file.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2.9.1`: `uses: Swatinem/rust-cache@v2.9.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84047, "scanner": "repobility-supply-chain", "fingerprint": "7168ada1b88a47f088fb5826bb5c1d56121f32cba1f0901fba546df8afe66f65", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7168ada1b88a47f088fb5826bb5c1d56121f32cba1f0901fba546df8afe66f65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-openapi-file.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.1`: `uses: dtolnay/rust-toolchain@1.91.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84046, "scanner": "repobility-supply-chain", "fingerprint": "11bcdee1de6b092e86dbdc8ca08998d2af653cef17f088ffbc46e1f562b9f982", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11bcdee1de6b092e86dbdc8ca08998d2af653cef17f088ffbc46e1f562b9f982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-openapi-file.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84045, "scanner": "repobility-supply-chain", "fingerprint": "b43b9b9d8bbf46dd17e4e16b0fa052d692a918f54df4b3884c4f217cbf92c4cf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b43b9b9d8bbf46dd17e4e16b0fa052d692a918f54df4b3884c4f217cbf92c4cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-openapi-file.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `EndBug/add-and-commit` pinned to mutable ref `@v9`: `uses: EndBug/add-and-commit@v9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84044, "scanner": "repobility-supply-chain", "fingerprint": "8d0a8a63ce323f67e973b4e3951991813b12738419ce88a678901a08b6ca45ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d0a8a63ce323f67e973b4e3951991813b12738419ce88a678901a08b6ca45ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-cargo-toml-version.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.1`: `uses: dtolnay/rust-toolchain@1.91.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84043, "scanner": "repobility-supply-chain", "fingerprint": "c4795f1861977cbe598b71d5bd064ebe5d48fb79dca263ac05343d07422f9e54", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c4795f1861977cbe598b71d5bd064ebe5d48fb79dca263ac05343d07422f9e54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-cargo-toml-version.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 84042, "scanner": "repobility-supply-chain", "fingerprint": "4d0628926431d34c9f2c13fd8be812097dea055d587b4a534fa09ffaa0e45e19", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d0628926431d34c9f2c13fd8be812097dea055d587b4a534fa09ffaa0e45e19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-cargo-toml-version.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.22` not pinned by digest: `FROM alpine:3.22` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 84041, "scanner": "repobility-supply-chain", "fingerprint": "401a9b8ff6ba8fdb9f83ff4aaac58bd257b8c4854f373e447edc773848f4fbf4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|401a9b8ff6ba8fdb9f83ff4aaac58bd257b8c4854f373e447edc773848f4fbf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `rust:1.89-alpine3.22` not pinned by digest: `FROM rust:1.89-alpine3.22` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 84040, "scanner": "repobility-supply-chain", "fingerprint": "ced026c8c45e580cbf8cc976b56e391cdb324c8a17b51ce2d3523f67f6930343", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ced026c8c45e580cbf8cc976b56e391cdb324c8a17b51ce2d3523f67f6930343"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 84002, "scanner": "repobility-threat-engine", "fingerprint": "eeafd17b056eb818d9c7a8818fcdd3046d90a22feea00d1be9bc631b61513e11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eeafd17b056eb818d9c7a8818fcdd3046d90a22feea00d1be9bc631b61513e11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/milli/src/documents/mod.rs"}, "region": {"startLine": 171}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 84000, "scanner": "repobility-threat-engine", "fingerprint": "8295236cb22272b829d07a655fd1605ed6fad4998606300b7cb50eb05c30ae45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "file_hash.update(&bytes);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8295236cb22272b829d07a655fd1605ed6fad4998606300b7cb50eb05c30ae45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/xtask/src/common/assets.rs"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 83999, "scanner": "repobility-threat-engine", "fingerprint": "a8775bfdda61939f2a89eafb049f526661ad9eb8740ebfecf9c99369ffd0121a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(&dashboard_assets_bytes);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a8775bfdda61939f2a89eafb049f526661ad9eb8740ebfecf9c99369ffd0121a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/build.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 83997, "scanner": "repobility-threat-engine", "fingerprint": "3c0cf4fe844c06e016d0a94a76ac3793b80f1d499fa6a5c4ce1f01820253449f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c0cf4fe844c06e016d0a94a76ac3793b80f1d499fa6a5c4ce1f01820253449f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/xtask/src/bench/dashboard.rs"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 83996, "scanner": "repobility-threat-engine", "fingerprint": "b72f6384238eea83a77f3abffe54409bbae864088ef6191b43c968954ca425c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b72f6384238eea83a77f3abffe54409bbae864088ef6191b43c968954ca425c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/build.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 83995, "scanner": "repobility-threat-engine", "fingerprint": "234588de3fd99f5a5d84f65e05282cac03f9dcb18d7bf45f8f0377e8e583cdf4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|234588de3fd99f5a5d84f65e05282cac03f9dcb18d7bf45f8f0377e8e583cdf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meili-snap/src/lib.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 83989, "scanner": "repobility-threat-engine", "fingerprint": "875909fb396ffd5e32c42530be1cfd2713cbc8c35ccbdb2d26351faa91c23da3", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|875909fb396ffd5e32c42530be1cfd2713cbc8c35ccbdb2d26351faa91c23da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/src/routes/chats/config.rs"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 83988, "scanner": "repobility-threat-engine", "fingerprint": "64c2ec6f6a39e5b35b53b00c6b5fcf3c35533e3371da9627c2e72454cc321729", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|64c2ec6f6a39e5b35b53b00c6b5fcf3c35533e3371da9627c2e72454cc321729"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/src/proxy/error.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 83987, "scanner": "repobility-threat-engine", "fingerprint": "359679cc477b13bcdc28a836b1430c3e9174b1625d6623892188eff1ef0387ea", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|359679cc477b13bcdc28a836b1430c3e9174b1625d6623892188eff1ef0387ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/http-client/src/reqwest/error.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 83976, "scanner": "repobility-threat-engine", "fingerprint": "f2d25191e2c34da96bc9e0d889abe92c84bc51166b58604f4d34024ed4627f43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f2d25191e2c34da96bc9e0d889abe92c84bc51166b58604f4d34024ed4627f43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v2/settings.rs"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 83975, "scanner": "repobility-threat-engine", "fingerprint": "8ac421f3d352015d58e29b35d125453889a48ad3514a5ede6024e91aba7d58c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8ac421f3d352015d58e29b35d125453889a48ad3514a5ede6024e91aba7d58c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v1/settings.rs"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 83974, "scanner": "repobility-threat-engine", "fingerprint": "349d96301246e610e365420123d3d0d04bce57cac71cd819c8be79c8427a0d3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|349d96301246e610e365420123d3d0d04bce57cac71cd819c8be79c8427a0d3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/dump/src/reader/v1/mod.rs"}, "region": {"startLine": 189}}}]}, {"ruleId": "SEC019", "level": "error", "message": {"text": "[SEC019] Raw Authorization Token in Example: A real-looking API token appears in an Authorization-style header or service-key example. Use placeholders in docs and CI snippets; never paste live tokens into source, comments, or README files."}, "properties": {"repobilityId": 84001, "scanner": "repobility-threat-engine", "fingerprint": "10e8a63d565738e8c6891ed660f7ce456ea4670e318966ba8e4c649b43307aa2", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Authorization: Bearer <redacted>", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC019", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/meilisearch/src/routes/open_api_utils.rs"}, "region": {"startLine": 17}}}]}]}]}