{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4992-7rv2-5pvq", "name": "undici: GHSA-4992-7rv2-5pvq", "shortDescription": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "fullDescription": {"text": "Undici has CRLF Injection in undici via `upgrade` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2mjp-6q6p-2qxm", "name": "undici: GHSA-2mjp-6q6p-2qxm", "shortDescription": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "fullDescription": {"text": "Undici has an HTTP Request/Response Smuggling issue"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2v4-37r5-5v8g", "name": "ip-address: GHSA-v2v4-37r5-5v8g", "shortDescription": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "fullDescription": {"text": "ip-address has XSS in Address6 HTML-emitting methods"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jp2q-39xq-3w4g", "name": "fast-xml-parser: GHSA-jp2q-39xq-3w4g", "shortDescription": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "fullDescription": {"text": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gh4j-gqv2-49f6", "name": "fast-xml-parser: GHSA-gh4j-gqv2-49f6", "shortDescription": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "fullDescription": {"text": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67mh-4wv8-2f99", "name": "esbuild: GHSA-67mh-4wv8-2f99", "shortDescription": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "fullDescription": {"text": "esbuild enables any website to send any requests to the development server and read the response"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `puppeteer-core` is 1 major version(s) behind (^24.8.0 -> 25.1.0)", "shortDescription": {"text": "npm package `puppeteer-core` is 1 major version(s) behind (^24.8.0 -> 25.1.0)"}, "fullDescription": {"text": "`puppeteer-core` is pinned/resolved at ^24.8.0 but the latest stable release on the npm registry is 25.1.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "GHSA-fj3w-jwp8-x2g3", "name": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3", "shortDescription": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "fullDescription": {"text": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 4 more): Same pattern found in 4 a", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2wj-q39q-566r", "name": "vite: GHSA-v2wj-q39q-566r", "shortDescription": {"text": "vite: GHSA-v2wj-q39q-566r"}, "fullDescription": {"text": "Vite: `server.fs.deny` bypassed with queries"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p9ff-h696-f583", "name": "vite: GHSA-p9ff-h696-f583", "shortDescription": {"text": "vite: GHSA-p9ff-h696-f583"}, "fullDescription": {"text": "Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vrm6-8vpv-qv8q", "name": "undici: GHSA-vrm6-8vpv-qv8q", "shortDescription": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "fullDescription": {"text": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v9p9-hfj2-hcw8", "name": "undici: GHSA-v9p9-hfj2-hcw8", "shortDescription": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "fullDescription": {"text": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f269-vfmq-vjvj", "name": "undici: GHSA-f269-vfmq-vjvj", "shortDescription": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "fullDescription": {"text": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r6q2-hw4h-h46w", "name": "tar: GHSA-r6q2-hw4h-h46w", "shortDescription": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "fullDescription": {"text": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qffp-2rhf-9h96", "name": "tar: GHSA-qffp-2rhf-9h96", "shortDescription": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "fullDescription": {"text": "tar has Hardlink Path Traversal via Drive-Relative Linkpath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9ppj-qmqm-q256", "name": "tar: GHSA-9ppj-qmqm-q256", "shortDescription": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "fullDescription": {"text": "node-tar Symlink Path Traversal via Drive-Relative Linkpath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8qq5-rm4j-mr97", "name": "tar: GHSA-8qq5-rm4j-mr97", "shortDescription": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "fullDescription": {"text": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-83g3-92jg-28cx", "name": "tar: GHSA-83g3-92jg-28cx", "shortDescription": {"text": "tar: GHSA-83g3-92jg-28cx"}, "fullDescription": {"text": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-34x7-hfp2-rc4v", "name": "tar: GHSA-34x7-hfp2-rc4v", "shortDescription": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "fullDescription": {"text": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8gc5-j5rx-235r", "name": "fast-xml-parser: GHSA-8gc5-j5rx-235r", "shortDescription": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "fullDescription": {"text": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37qj-frw5-hhjh", "name": "fast-xml-parser: GHSA-37qj-frw5-hhjh", "shortDescription": {"text": "fast-xml-parser: GHSA-37qj-frw5-hhjh"}, "fullDescription": {"text": "fast-xml-parser has RangeError DoS Numeric Entities Bug"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rpmf-866q-6p89", "name": "basic-ftp: GHSA-rpmf-866q-6p89", "shortDescription": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "fullDescription": {"text": "basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rp42-5vxx-qpwr", "name": "basic-ftp: GHSA-rp42-5vxx-qpwr", "shortDescription": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "fullDescription": {"text": "basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6v7q-wjvx-w8wg", "name": "basic-ftp: GHSA-6v7q-wjvx-w8wg", "shortDescription": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "fullDescription": {"text": "basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._command` used but never assigned in __init__", "shortDescription": {"text": "`self._command` used but never assigned in __init__"}, "fullDescription": {"text": "Method `create` of class `BrowsingContextModule` reads `self._command`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_events_received", "shortDescription": {"text": "Phantom test coverage: test_events_received"}, "fullDescription": {"text": "Test function `test_events_received` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-5xrq-8626-4rwp", "name": "vitest: GHSA-5xrq-8626-4rwp", "shortDescription": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "fullDescription": {"text": "When Vitest UI server is listening, arbitrary file can be read and executed"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m7jm-9gc2-mpf2", "name": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2", "shortDescription": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "fullDescription": {"text": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5rq4-664w-9x2c", "name": "basic-ftp: GHSA-5rq4-664w-9x2c", "shortDescription": {"text": "basic-ftp: GHSA-5rq4-664w-9x2c"}, "fullDescription": {"text": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `html` used but not imported", "shortDescription": {"text": "Missing import: `html` used but not imported"}, "fullDescription": {"text": "The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1013"}, "properties": {"repository": "mizchi/crater", "repoUrl": "https://github.com/mizchi/crater", "branch": "main"}, "results": [{"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 95198, "scanner": "osv-scanner", "fingerprint": "d698c0969dae25e950d4f8b65b021df28bdeb91476dcc255cdcc9ca9ba3ee73e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 95194, "scanner": "osv-scanner", "fingerprint": "a2c12e2b28152cf8b2318c26eb42f38e3894a8280e15146de8ce046c997d7d89", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4992-7rv2-5pvq", "level": "warning", "message": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "properties": {"repobilityId": 95190, "scanner": "osv-scanner", "fingerprint": "8115727bfcf9fb5c733f94951b6c76b53101eaf392c34bbf2e4981a84489f899", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1527"], "package": "undici", "rule_id": "GHSA-4992-7rv2-5pvq", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1527|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mjp-6q6p-2qxm", "level": "warning", "message": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "properties": {"repobilityId": 95189, "scanner": "osv-scanner", "fingerprint": "27feada98ab5f326c7254750f715731608e011901400f45934a064cef0424d39", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1525"], "package": "undici", "rule_id": "GHSA-2mjp-6q6p-2qxm", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1525|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 95181, "scanner": "osv-scanner", "fingerprint": "0b1dff5c952a767b7990e67b0d60cc580116a9b63b14cf0d44b920a59028efbf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 95179, "scanner": "osv-scanner", "fingerprint": "d9d26d972991fffb51a1613b08ac1e8e722be1c10191fb43cced54b770250e8d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2v4-37r5-5v8g", "level": "warning", "message": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "properties": {"repobilityId": 95175, "scanner": "osv-scanner", "fingerprint": "62020e206e8925629e9ce81503c184fb7740327a8f08e1c3e188f1738ecc7bb4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42338"], "package": "ip-address", "rule_id": "GHSA-v2v4-37r5-5v8g", "scanner": "osv-scanner", "correlation_key": "vuln|ip-address|CVE-2026-42338|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jp2q-39xq-3w4g", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "properties": {"repobilityId": 95173, "scanner": "osv-scanner", "fingerprint": "1af445e3838603a8f4b9958ec59ad4eea551242cf22c0308f89fa61103a71acd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33349"], "package": "fast-xml-parser", "rule_id": "GHSA-jp2q-39xq-3w4g", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-33349|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 95172, "scanner": "osv-scanner", "fingerprint": "55c8ddf786242f8348f0e9bc58edaf2b984907cd428c9be51381737c1db7285a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 95168, "scanner": "osv-scanner", "fingerprint": "41f281ca33e7758f3ed49d251cab103d4cb0c6de82ba0c8149194ad02717accb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 95167, "scanner": "osv-scanner", "fingerprint": "6ed3e11856b985dfd38b234bdeafe6eb9fdd6ace1789aa46a716324dba77d441", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 95163, "scanner": "osv-scanner", "fingerprint": "5fc14ab309666643cc38f3314fb80d82b12ff045b50ba59c11a0890239ebf2d3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 95159, "scanner": "osv-scanner", "fingerprint": "51228085cbf28efba554bdf46bbe9853cfc3cd3bd59f42317d288d520e545aa2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4992-7rv2-5pvq", "level": "warning", "message": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "properties": {"repobilityId": 95155, "scanner": "osv-scanner", "fingerprint": "ff5d07fd2ecfcb01331976359ceb04b08d837992e17bb606342820c5843c8f73", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1527"], "package": "undici", "rule_id": "GHSA-4992-7rv2-5pvq", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1527|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mjp-6q6p-2qxm", "level": "warning", "message": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "properties": {"repobilityId": 95154, "scanner": "osv-scanner", "fingerprint": "96012bf84d761e0e66b86ce4046049bc2795062a075f057728a47c09b926d370", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1525"], "package": "undici", "rule_id": "GHSA-2mjp-6q6p-2qxm", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1525|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 95152, "scanner": "osv-scanner", "fingerprint": "4eb84ca74ac3b23746c21c560e8302b68c63425e39fac174c7ea21477368ca7b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 95150, "scanner": "osv-scanner", "fingerprint": "a90dc826d962c9bd3d8bf806c6c6f5adc9def24697e904b4e3eecfb2cc76c7ad", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2v4-37r5-5v8g", "level": "warning", "message": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "properties": {"repobilityId": 95146, "scanner": "osv-scanner", "fingerprint": "6874515fd6f36517beb42c6e18538c2bfda55c8110893bb4518420193f690d84", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42338"], "package": "ip-address", "rule_id": "GHSA-v2v4-37r5-5v8g", "scanner": "osv-scanner", "correlation_key": "vuln|ip-address|CVE-2026-42338|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jp2q-39xq-3w4g", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "properties": {"repobilityId": 95144, "scanner": "osv-scanner", "fingerprint": "1b959f76d7bcf79b4ab4c81fdca42f6571a1d3e4f3bf840e82fc124070348edf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33349"], "package": "fast-xml-parser", "rule_id": "GHSA-jp2q-39xq-3w4g", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-33349|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 95143, "scanner": "osv-scanner", "fingerprint": "6547af2b67e6f6cad31b5b7c10ab93213dd67cbb4079a78136749315c8b4aa78", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 95139, "scanner": "osv-scanner", "fingerprint": "c8bd050614c9408a4fb57292d55c19bf056621c559e192c59398a76135891590", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 95128, "scanner": "repobility-threat-engine", "fingerprint": "7244de75fca3ecacff42d45e32babccabe22cc53f3690d5cd8b6a2a922b4c724", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7244de75fca3ecacff42d45e32babccabe22cc53f3690d5cd8b6a2a922b4c724"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater-bidi-server.ts"}, "region": {"startLine": 186}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 95127, "scanner": "repobility-threat-engine", "fingerprint": "685edc20aa799e9b592f6c20e56deb0151cdf30312abc994a39eeac191187d27", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|685edc20aa799e9b592f6c20e56deb0151cdf30312abc994a39eeac191187d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/capture-real-world-snapshot.ts"}, "region": {"startLine": 118}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 95125, "scanner": "repobility-threat-engine", "fingerprint": "59aee27551f9282cebbd38aadb836ec31e3dbcd9b7ae40d5e006afaf8fac268a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|41|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-wpt-baselines.mjs"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 95124, "scanner": "repobility-threat-engine", "fingerprint": "b5c4975bd468397a9299dd72d642f5bec9a993ca07dcc94197dea74db26babae", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "$eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|124|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/capture-real-world-snapshot.ts"}, "region": {"startLine": 124}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 95106, "scanner": "repobility-agent-runtime", "fingerprint": "00bbd61a8389566315baa5b447da94435dde1f280bdeed062621bacd4c9fc69b", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|00bbd61a8389566315baa5b447da94435dde1f280bdeed062621bacd4c9fc69b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-webdriver-runner.ts"}, "region": {"startLine": 870}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 95105, "scanner": "repobility-agent-runtime", "fingerprint": "8e51b27c79faa1a33f284e6f333e3fd5a6ee771caeb8978a1b81057630e831dc", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|8e51b27c79faa1a33f284e6f333e3fd5a6ee771caeb8978a1b81057630e831dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-moon.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 95104, "scanner": "repobility-agent-runtime", "fingerprint": "ad00be13f924c53a877fffc5894e666ffb91771f5d2d7c4e78bc84f6ff1636c4", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|ad00be13f924c53a877fffc5894e666ffb91771f5d2d7c4e78bc84f6ff1636c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/flaker-daily.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 95103, "scanner": "repobility-agent-runtime", "fingerprint": "78172607d3e5b374ffc23e76817a8a76ddc9af33cfef81139e4e4a594aea3902", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|78172607d3e5b374ffc23e76817a8a76ddc9af33cfef81139e4e4a594aea3902"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 95102, "scanner": "repobility-agent-runtime", "fingerprint": "46b605df0a6994965320668a9c101cfca038e1b34da0cf61149e7722c08087b2", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|46b605df0a6994965320668a9c101cfca038e1b34da0cf61149e7722c08087b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/browser.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 95101, "scanner": "repobility-agent-runtime", "fingerprint": "70f2c1bb1f0934830a8b6d5684c07a18235043948928d5153c6e1c8dfb78834c", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|70f2c1bb1f0934830a8b6d5684c07a18235043948928d5153c6e1c8dfb78834c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/setup-crater/action.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `puppeteer-core` is 1 major version(s) behind (^24.8.0 -> 25.1.0)"}, "properties": {"repobilityId": 95097, "scanner": "repobility-dependency-currency", "fingerprint": "6d735a4b42fce07e1e56e90d4ce691b45cca86fc89f1ccb83ba63cb9d32838ec", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "puppeteer-core", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "25.1.0", "correlation_key": "fp|6d735a4b42fce07e1e56e90d4ce691b45cca86fc89f1ccb83ba63cb9d32838ec", "current_version": "^24.8.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 95063, "scanner": "repobility-ast-engine", "fingerprint": "91cdd1efa80b4e6a43b4c01874507b919592db3cf5ceab37bbd5cadec74e3bb3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91cdd1efa80b4e6a43b4c01874507b919592db3cf5ceab37bbd5cadec74e3bb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 522}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 95047, "scanner": "repobility-ast-engine", "fingerprint": "0a5401a8145ec1368513ddafe7bdcd9640c07e7bd117785950d593cdf3f28c2c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a5401a8145ec1368513ddafe7bdcd9640c07e7bd117785950d593cdf3f28c2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 95046, "scanner": "repobility-ast-engine", "fingerprint": "7277f137509ea25bbb78afb57ef074deac5f773b5b84382dd32e759432d68a26", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7277f137509ea25bbb78afb57ef074deac5f773b5b84382dd32e759432d68a26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 95045, "scanner": "repobility-ast-engine", "fingerprint": "e8f953f5fa759b77a5b76c04a1659618f5e292eae1a068f649665583e4f644f7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8f953f5fa759b77a5b76c04a1659618f5e292eae1a068f649665583e4f644f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 984}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 95199, "scanner": "repobility-web-presence", "fingerprint": "4043225faa3d194ec7d83eb6b506a77044cc47247819125860baa12b890ba86d", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|4043225faa3d194ec7d83eb6b506a77044cc47247819125860baa12b890ba86d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fj3w-jwp8-x2g3", "level": "note", "message": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "properties": {"repobilityId": 95171, "scanner": "osv-scanner", "fingerprint": "ff48174273c736800346c107c36df4be991b176ccdbe3297a81bbad806d6894a", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27942"], "package": "fast-xml-parser", "rule_id": "GHSA-fj3w-jwp8-x2g3", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-27942|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fj3w-jwp8-x2g3", "level": "note", "message": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "properties": {"repobilityId": 95142, "scanner": "osv-scanner", "fingerprint": "7ba62223ed27111d0b6ab14c4982848ac6f8f857b1a1ec53157b048097631f07", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27942"], "package": "fast-xml-parser", "rule_id": "GHSA-fj3w-jwp8-x2g3", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-27942|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `ws` is minor version(s) behind (^8.18.0 -> 8.21.0)"}, "properties": {"repobilityId": 95100, "scanner": "repobility-dependency-currency", "fingerprint": "82fee716476dd9d646b14842f80352d45b80f315e19799fb728fbfc38cfb9d8f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ws", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.21.0", "correlation_key": "fp|82fee716476dd9d646b14842f80352d45b80f315e19799fb728fbfc38cfb9d8f", "current_version": "^8.18.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `webdriver` is minor version(s) behind (^9.23.0 -> 9.27.2)"}, "properties": {"repobilityId": 95099, "scanner": "repobility-dependency-currency", "fingerprint": "a3938b558182e1dd18235967b8a471db074dc5d9002ea705de5181bb08751825", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "webdriver", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.27.2", "correlation_key": "fp|a3938b558182e1dd18235967b8a471db074dc5d9002ea705de5181bb08751825", "current_version": "^9.23.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (^4.19.0 -> 4.22.4)"}, "properties": {"repobilityId": 95098, "scanner": "repobility-dependency-currency", "fingerprint": "f4f565600743630cbd2948da477ef5a33075369e37bbcb237626dfa8c471469a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|f4f565600743630cbd2948da477ef5a33075369e37bbcb237626dfa8c471469a", "current_version": "^4.19.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `pixelmatch` is minor version(s) behind (^7.1.0 -> 7.2.0)"}, "properties": {"repobilityId": 95096, "scanner": "repobility-dependency-currency", "fingerprint": "cc909e036529c3a8ae2a91466d6231e4d82862f636509315723c655bcea6ff44", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pixelmatch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.0", "correlation_key": "fp|cc909e036529c3a8ae2a91466d6231e4d82862f636509315723c655bcea6ff44", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `quickjs-emscripten` is minor version(s) behind (^0.31.0 -> 0.32.0)"}, "properties": {"repobilityId": 95095, "scanner": "repobility-dependency-currency", "fingerprint": "804df65a4242eda0d9ffdda50f5b002729d46021006b7f19d1b0fd50cd0185f8", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "quickjs-emscripten", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.32.0", "correlation_key": "fp|804df65a4242eda0d9ffdda50f5b002729d46021006b7f19d1b0fd50cd0185f8", "current_version": "^0.31.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `ws` is minor version(s) behind (^8.20.0 -> 8.21.0)"}, "properties": {"repobilityId": 95094, "scanner": "repobility-dependency-currency", "fingerprint": "f3f7fcf6a4bf91ff7f7ae5defc9b635f24648b5616416b1c1c2112b2f9151ecd", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ws", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.21.0", "correlation_key": "fp|f3f7fcf6a4bf91ff7f7ae5defc9b635f24648b5616416b1c1c2112b2f9151ecd", "current_version": "^8.20.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (^4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 95093, "scanner": "repobility-dependency-currency", "fingerprint": "7d4c0de938fa6a625d242b543e03eeafeec4b2462082cf4fd32b6aa1f808d7a4", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|7d4c0de938fa6a625d242b543e03eeafeec4b2462082cf4fd32b6aa1f808d7a4", "current_version": "^4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `pixelmatch` is minor version(s) behind (^7.1.0 -> 7.2.0)"}, "properties": {"repobilityId": 95091, "scanner": "repobility-dependency-currency", "fingerprint": "c762acb61797a27fa54cbff0dea0974000bac0bad477606bb7668d76043f291f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pixelmatch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.0", "correlation_key": "fp|c762acb61797a27fa54cbff0dea0974000bac0bad477606bb7668d76043f291f", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@bytecodealliance/jco` is minor version(s) behind (^1.17.6 -> 1.20.0)"}, "properties": {"repobilityId": 95090, "scanner": "repobility-dependency-currency", "fingerprint": "cfaac81209d6d912bdbf4f0fb3a3884594bf0238443f811978fb87a4a868b79f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@bytecodealliance/jco", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.20.0", "correlation_key": "fp|cfaac81209d6d912bdbf4f0fb3a3884594bf0238443f811978fb87a4a868b79f", "current_version": "^1.17.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95011, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e83fff156dd23ada874b4590846870a205988137fce321d7e3cab51bbb73f9e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/system-font-resolver.ts", "duplicate_line": 26, "correlation_key": "fp|2e83fff156dd23ada874b4590846870a205988137fce321d7e3cab51bbb73f9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webdriver/bidi_main/start-with-font.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95010, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0383f4ab88da11f605813de6a1b6dec893c8c72c1ff427b14191d4125c51a099", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|0383f4ab88da11f605813de6a1b6dec893c8c72c1ff427b14191d4125c51a099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-vrt-summary.ts"}, "region": {"startLine": 224}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95009, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96f1f5b9aa67afe261acddf03db5cc565b463abbb7c255d108afc7491dc85495", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/playwright-report-summary.ts", "duplicate_line": 6, "correlation_key": "fp|96f1f5b9aa67afe261acddf03db5cc565b463abbb7c255d108afc7491dc85495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-vrt-summary.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95008, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcfa2bba962bbe860dbb8b5b4242a5c591c8f56dde804ec131d226ae36d1e5ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 9, "correlation_key": "fp|bcfa2bba962bbe860dbb8b5b4242a5c591c8f56dde804ec131d226ae36d1e5ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-vrt-summary.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95007, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7737ff523fb180ddf2ae7e9a942de4715c7f67bb8347f4840fc9a0ab0b4f1919", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-upstream-inventory.ts", "duplicate_line": 1, "correlation_key": "fp|7737ff523fb180ddf2ae7e9a942de4715c7f67bb8347f4840fc9a0ab0b4f1919"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-vrt-summary.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95006, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55a0f980faf37312be4796dd31962ed5222bfea68b10cbd56640a7f9060fdc62", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/ci-timing-summary.ts", "duplicate_line": 337, "correlation_key": "fp|55a0f980faf37312be4796dd31962ed5222bfea68b10cbd56640a7f9060fdc62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-ci-summary.ts"}, "region": {"startLine": 303}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95005, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec9a2ab6723da106ea9a13bf99a5d8e3d4871b1a75083e79490087d00dcb6d26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|ec9a2ab6723da106ea9a13bf99a5d8e3d4871b1a75083e79490087d00dcb6d26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/vrt-report-summary.ts"}, "region": {"startLine": 205}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95004, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c2a93e1327167a5b825ef289c25b5267fd7abfcd07d8257212c1d58ca01e53b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/playwright-report-summary.ts", "duplicate_line": 6, "correlation_key": "fp|5c2a93e1327167a5b825ef289c25b5267fd7abfcd07d8257212c1d58ca01e53b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/vrt-report-summary.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95003, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b1d332c1a8098423f8cf907c119d4e228ff084cbe31080d51b56a02e96857be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 9, "correlation_key": "fp|8b1d332c1a8098423f8cf907c119d4e228ff084cbe31080d51b56a02e96857be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/vrt-report-summary.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95002, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19f88be3a055cc9f1b326f9475843514e46703e289435a78bb5f49181a95e2a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|19f88be3a055cc9f1b326f9475843514e46703e289435a78bb5f49181a95e2a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/playwright-report-summary.ts"}, "region": {"startLine": 123}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95001, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d65ec80fec4442329af678926a3911daea3f1bff4c286c3e8973d4111d921e02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 7, "correlation_key": "fp|d65ec80fec4442329af678926a3911daea3f1bff4c286c3e8973d4111d921e02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/playwright-report-summary.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 95000, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96ca3ed1abe8eecf3e3a2c85127a990f400fe9bd9916b2ea04cc7c8aa800bb0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/playwright-report-diff.ts", "duplicate_line": 1, "correlation_key": "fp|96ca3ed1abe8eecf3e3a2c85127a990f400fe9bd9916b2ea04cc7c8aa800bb0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/playwright-report-summary.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94999, "scanner": "repobility-ai-code-hygiene", "fingerprint": "76cb1f029e86c69749307b96e3bcaad4bd601341ab03d967524a54fd5b2b27d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|76cb1f029e86c69749307b96e3bcaad4bd601341ab03d967524a54fd5b2b27d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/playwright-report-diff.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94998, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd5339bf4439c2007023f4fbefdf1168e9902559e6eb4fd226e67eef591f94b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 7, "correlation_key": "fp|bd5339bf4439c2007023f4fbefdf1168e9902559e6eb4fd226e67eef591f94b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/playwright-report-diff.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94997, "scanner": "repobility-ai-code-hygiene", "fingerprint": "968b0b60fb1bea29b7c0e0880776719ee1f9a5346a8f60babc4eb2bbaa99fb3e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|968b0b60fb1bea29b7c0e0880776719ee1f9a5346a8f60babc4eb2bbaa99fb3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-upstream-inventory.ts"}, "region": {"startLine": 452}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94996, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ebe136d87e6c94db385404b733981ac7b3af4a061b6a610377a407c1519ca16c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 107, "correlation_key": "fp|ebe136d87e6c94db385404b733981ac7b3af4a061b6a610377a407c1519ca16c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-upstream-inventory.ts"}, "region": {"startLine": 448}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94995, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1196b1484f4cfb74a2e53beedd384e194f6897a65a66bd64b233e27949ac6e4a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|1196b1484f4cfb74a2e53beedd384e194f6897a65a66bd64b233e27949ac6e4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-task-summary.ts"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94994, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1cf38f6b2442c9ee19e6a20fd1aa6f2f189230106e4674322a161a256127e4c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 103, "correlation_key": "fp|1cf38f6b2442c9ee19e6a20fd1aa6f2f189230106e4674322a161a256127e4c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-task-summary.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94993, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d17086e902997880176e2412ae1f059595c74266f4cb4b2791a5334a47b2ceb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-task-record.ts", "duplicate_line": 251, "correlation_key": "fp|0d17086e902997880176e2412ae1f059595c74266f4cb4b2791a5334a47b2ceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-task-run.ts"}, "region": {"startLine": 112}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94992, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f68d8c816553b4637a2fd384aa90ccc4b45acbe142e71d0f72d533c253a5b71", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-summary.ts", "duplicate_line": 110, "correlation_key": "fp|6f68d8c816553b4637a2fd384aa90ccc4b45acbe142e71d0f72d533c253a5b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-quarantine.ts"}, "region": {"startLine": 138}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94991, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa3b312697af4d0abfaeef9eeab699d9a2bfb216af75e8481a9776f8d9db562c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-config.ts", "duplicate_line": 160, "correlation_key": "fp|aa3b312697af4d0abfaeef9eeab699d9a2bfb216af75e8481a9776f8d9db562c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-quarantine.ts"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94990, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e50c0f318e6b5f683e77bf51b412293f4e934b3b9bb9fe2c98f0a1cc809e332f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 8, "correlation_key": "fp|e50c0f318e6b5f683e77bf51b412293f4e934b3b9bb9fe2c98f0a1cc809e332f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-quarantine.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94989, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c0ad63bc213b1d1265a910248b9cc6aabeeb18b6fd5219517450bcd599ac4498", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 8, "correlation_key": "fp|c0ad63bc213b1d1265a910248b9cc6aabeeb18b6fd5219517450bcd599ac4498"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-config.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94988, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b97c30f2dd6ac70db39a67f615145f1d9688d72f8aa4e773802e4ed136d4f4e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/flaker-batch-plan.ts", "duplicate_line": 115, "correlation_key": "fp|6b97c30f2dd6ac70db39a67f615145f1d9688d72f8aa4e773802e4ed136d4f4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-batch-summary.ts"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC114", "level": "none", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 95133, "scanner": "repobility-threat-engine", "fingerprint": "ca7b550924ef010fa5b4944dbaf0a8b62878b41385152fd8f78f27a9cfd0e28a", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca7b550924ef010fa5b4944dbaf0a8b62878b41385152fd8f78f27a9cfd0e28a"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 95122, "scanner": "repobility-threat-engine", "fingerprint": "649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 95118, "scanner": "repobility-threat-engine", "fingerprint": "57a66d8089dbb0f16c0fbc2c99bff20835ea29c668391e3ba302d34ec078a586", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|57a66d8089dbb0f16c0fbc2c99bff20835ea29c668391e3ba302d34ec078a586", "aggregated_count": 2}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 95117, "scanner": "repobility-threat-engine", "fingerprint": "a771b254afdcdb7b71f56f4c7fac99f78991a2ba60577cd7572ed1578a6608f1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a771b254afdcdb7b71f56f4c7fac99f78991a2ba60577cd7572ed1578a6608f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/evaluate-v2.ts"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 95116, "scanner": "repobility-threat-engine", "fingerprint": "06b007932ec507df0d9e1306b78cc1560814428d83cd919109a6489391a07e49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06b007932ec507df0d9e1306b78cc1560814428d83cd919109a6489391a07e49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/debug-sample.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 95115, "scanner": "repobility-threat-engine", "fingerprint": "8095686906acc0560c757427af0bc1cfcf39b18f5861424baac4ec8611216a96", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8095686906acc0560c757427af0bc1cfcf39b18f5861424baac4ec8611216a96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/analyze-fp.ts"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 95114, "scanner": "repobility-threat-engine", "fingerprint": "3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "aggregated_count": 1}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 95113, "scanner": "repobility-threat-engine", "fingerprint": "39a0e7defcd22cf014b3a22323353807596b6bbddf9493bf9300ff5b6e46936c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|39a0e7defcd22cf014b3a22323353807596b6bbddf9493bf9300ff5b6e46936c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/wpt-config.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 95112, "scanner": "repobility-threat-engine", "fingerprint": "c4d546a17eecc128701454defb34587b84beced816418aec7ccb15aaeeeee32f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c4d546a17eecc128701454defb34587b84beced816418aec7ccb15aaeeeee32f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/init-labels.ts"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 95111, "scanner": "repobility-threat-engine", "fingerprint": "98893e15bd8bacb7d835e446e8e7bc35297f46c399b8e78b85b9fd2fffa9c0d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98893e15bd8bacb7d835e446e8e7bc35297f46c399b8e78b85b9fd2fffa9c0d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/analyze-fp.ts"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 95110, "scanner": "repobility-threat-engine", "fingerprint": "92af23c733d01113d9820522ca2cfa5d65ce72571508b92f9b7aad61dd38be34", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|92af23c733d01113d9820522ca2cfa5d65ce72571508b92f9b7aad61dd38be34", "aggregated_count": 19}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 95109, "scanner": "repobility-threat-engine", "fingerprint": "c902354cd4105a46e71a18b37fb917e8652877338c453e6172a8d921b5dd007d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c902354cd4105a46e71a18b37fb917e8652877338c453e6172a8d921b5dd007d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/debug-sample.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 95108, "scanner": "repobility-threat-engine", "fingerprint": "6e76edf2bc731c2de49efe81d8031763e8fbf6f2eacd924da41da73c34b26a66", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e76edf2bc731c2de49efe81d8031763e8fbf6f2eacd924da41da73c34b26a66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/capture-screenshots.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 95107, "scanner": "repobility-threat-engine", "fingerprint": "2ba342f97d4bdbb8bbb11bb8c416fa3676acbc982dfd1aea9909efceb6bf992e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ba342f97d4bdbb8bbb11bb8c416fa3676acbc982dfd1aea9909efceb6bf992e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/analyze-fp.ts"}, "region": {"startLine": 114}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `preact` is patch version(s) behind (^10.29.1 -> 10.29.2)"}, "properties": {"repobilityId": 95092, "scanner": "repobility-dependency-currency", "fingerprint": "787b05b009c51a6a578e31bcea832e6550a132b3e534059b005bb85b893051b0", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "preact", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.29.2", "correlation_key": "fp|787b05b009c51a6a578e31bcea832e6550a132b3e534059b005bb85b893051b0", "current_version": "^10.29.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2wj-q39q-566r", "level": "error", "message": {"text": "vite: GHSA-v2wj-q39q-566r"}, "properties": {"repobilityId": 95196, "scanner": "osv-scanner", "fingerprint": "68a0844d20f136d615ab0960bcb9f017c7f8e1b97ee41d092d4cde292e2641fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39364"], "package": "vite", "rule_id": "GHSA-v2wj-q39q-566r", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39364|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p9ff-h696-f583", "level": "error", "message": {"text": "vite: GHSA-p9ff-h696-f583"}, "properties": {"repobilityId": 95195, "scanner": "osv-scanner", "fingerprint": "e4e3f54a4dc9146916e0304c9d50318b9ef24b5c1473da2baafc759d95054cac", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39363"], "package": "vite", "rule_id": "GHSA-p9ff-h696-f583", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39363|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vrm6-8vpv-qv8q", "level": "error", "message": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "properties": {"repobilityId": 95193, "scanner": "osv-scanner", "fingerprint": "c37ac9a11b75eab8367403efcb9dec6a75ce8df6e9fdc49ad7043ccc2438ed6d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1526"], "package": "undici", "rule_id": "GHSA-vrm6-8vpv-qv8q", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1526|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9p9-hfj2-hcw8", "level": "error", "message": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "properties": {"repobilityId": 95192, "scanner": "osv-scanner", "fingerprint": "5fc7025df7e18a64b471bcd54c54cc98548e3ccc90563b6c7730d159bcc47e26", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2229"], "package": "undici", "rule_id": "GHSA-v9p9-hfj2-hcw8", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-2229|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f269-vfmq-vjvj", "level": "error", "message": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "properties": {"repobilityId": 95191, "scanner": "osv-scanner", "fingerprint": "943a2365e88418ce5122e30724dd08e18033bf6ef4e016cb3bc7e05e998b46bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1528"], "package": "undici", "rule_id": "GHSA-f269-vfmq-vjvj", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1528|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 95188, "scanner": "osv-scanner", "fingerprint": "a506cfec32bc23a52abb3358a13699dbb757b022e3c233283203353a8826b593", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 95187, "scanner": "osv-scanner", "fingerprint": "f8fa987aa9acadbb491ed96885533ab55d2a0afc9f4623918e86fa3756ca851f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 95186, "scanner": "osv-scanner", "fingerprint": "69b2c0b2d95567c9d3ec0e13212c39d24902dceb82922feb24047ba7dfb846b6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 95185, "scanner": "osv-scanner", "fingerprint": "4f89d9b810881688457b80c49ab868f006943a84374041c9ede83f89d8996e2f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 95184, "scanner": "osv-scanner", "fingerprint": "f024e3a8dade0f899aad4e013def341d786ed8b27d0ff31b6c56f7767e17e900", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 95183, "scanner": "osv-scanner", "fingerprint": "b6245b99f855ef4f5327cea1040dc6abd2e19916475c6aa3696f274c7c921329", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 95182, "scanner": "osv-scanner", "fingerprint": "0425e8b734fe5759a8789ed8ef46f76963f44ca5145876702e82443bdd19a5ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 95180, "scanner": "osv-scanner", "fingerprint": "a3dd2390244022d96de63689cdd673fb906d1165f495d6a42a0980e956db632d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 95178, "scanner": "osv-scanner", "fingerprint": "c3482c8b051b710219b686b962c8edfcc83babb0e1e54a2b470ae7782dd0b574", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 95177, "scanner": "osv-scanner", "fingerprint": "2fd5e24a94dfd2116cfc5d9aeb4e4f584669c9b76d1795010331a7b69b3682a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 95176, "scanner": "osv-scanner", "fingerprint": "af7663e4c51288986bfb4927d06e33aa650fed364bb14d31804c3d4da5638193", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8gc5-j5rx-235r", "level": "error", "message": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "properties": {"repobilityId": 95170, "scanner": "osv-scanner", "fingerprint": "b98108478d87351d5dbad95b8011fa0339688e7d60bb1041d7f7381fffd10707", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33036"], "package": "fast-xml-parser", "rule_id": "GHSA-8gc5-j5rx-235r", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-26278|pnpm-lock.yaml", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8gc5-j5rx-235r", "GHSA-jmr7-xgp7-cmfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4f434800ae6dd79184330958e8997d2c750ee9a89dfa1b34dfc89541eb93c10a", "b98108478d87351d5dbad95b8011fa0339688e7d60bb1041d7f7381fffd10707"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37qj-frw5-hhjh", "level": "error", "message": {"text": "fast-xml-parser: GHSA-37qj-frw5-hhjh"}, "properties": {"repobilityId": 95169, "scanner": "osv-scanner", "fingerprint": "491ac3dec51f93ea5c3188199542fe4268656e7415276a13e7deaa295f47959c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25128"], "package": "fast-xml-parser", "rule_id": "GHSA-37qj-frw5-hhjh", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25128|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rpmf-866q-6p89", "level": "error", "message": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "properties": {"repobilityId": 95166, "scanner": "osv-scanner", "fingerprint": "00d54780ae1aadca9668e0b09ab830929b7233a8631253574acc8966ea91ba6c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44240"], "package": "basic-ftp", "rule_id": "GHSA-rpmf-866q-6p89", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-44240|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp42-5vxx-qpwr", "level": "error", "message": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "properties": {"repobilityId": 95165, "scanner": "osv-scanner", "fingerprint": "8c15d25540a56104043e4c51e051c88465b6075807dc6df7f189ece6d69e1c69", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41324"], "package": "basic-ftp", "rule_id": "GHSA-rp42-5vxx-qpwr", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-41324|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6v7q-wjvx-w8wg", "level": "error", "message": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "properties": {"repobilityId": 95164, "scanner": "osv-scanner", "fingerprint": "b4b18580b828a1b31a17e15abdc4bb1d8ebbe6472a753cbf11c8bf3416888589", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "basic-ftp", "rule_id": "GHSA-6v7q-wjvx-w8wg", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|GHSA-6V7Q-WJVX-W8WG|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2wj-q39q-566r", "level": "error", "message": {"text": "vite: GHSA-v2wj-q39q-566r"}, "properties": {"repobilityId": 95161, "scanner": "osv-scanner", "fingerprint": "93aaff6fa0ad12d82d9361db12ff2f385336f3830b3277a69b69c5864e9963cf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39364"], "package": "vite", "rule_id": "GHSA-v2wj-q39q-566r", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39364|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p9ff-h696-f583", "level": "error", "message": {"text": "vite: GHSA-p9ff-h696-f583"}, "properties": {"repobilityId": 95160, "scanner": "osv-scanner", "fingerprint": "5724800435a5a12ea86b7380ea338ad55681eae36fe2f6bf4c2d28c868ecdd21", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39363"], "package": "vite", "rule_id": "GHSA-p9ff-h696-f583", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39363|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vrm6-8vpv-qv8q", "level": "error", "message": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "properties": {"repobilityId": 95158, "scanner": "osv-scanner", "fingerprint": "19cc4517621e23962268856d006d44aa4a7a2f14165094eee147fff641aa8dde", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1526"], "package": "undici", "rule_id": "GHSA-vrm6-8vpv-qv8q", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1526|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9p9-hfj2-hcw8", "level": "error", "message": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "properties": {"repobilityId": 95157, "scanner": "osv-scanner", "fingerprint": "20f7fc07762e959b89bbfe7fe87e3a5ed7f908ae5ea5eb6bfca7f592d0a42083", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2229"], "package": "undici", "rule_id": "GHSA-v9p9-hfj2-hcw8", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-2229|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f269-vfmq-vjvj", "level": "error", "message": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "properties": {"repobilityId": 95156, "scanner": "osv-scanner", "fingerprint": "ffb779e6cf925d839cf4ff643ac996faa9b20401460b057c147e21ec8bebdee4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1528"], "package": "undici", "rule_id": "GHSA-f269-vfmq-vjvj", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1528|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 95153, "scanner": "osv-scanner", "fingerprint": "681971e633d076bd116218984bb4f109b9c4af8d8fd7920ed196d021246f192b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 95151, "scanner": "osv-scanner", "fingerprint": "a5c4529ce19bc9892707be1ba2961ce62b3f4cf09c7dc6ec5aa0b1c7f58d3489", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 95149, "scanner": "osv-scanner", "fingerprint": "0505948d2a2f81fc5842b772fc34cbd04254c289fe3395158ebe0920d35422a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 95148, "scanner": "osv-scanner", "fingerprint": "590e552641669cf3102b54676508565dcb1c60d50d3466371733902138ea2d9b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 95147, "scanner": "osv-scanner", "fingerprint": "8ee0234ae6d1a4d5dd3e3913bdf8a230bbfd1da6192069f9af5dd21444cfeada", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8gc5-j5rx-235r", "level": "error", "message": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "properties": {"repobilityId": 95141, "scanner": "osv-scanner", "fingerprint": "330d110313767eacec361da075ea6a16c63dcc04b9895b4d4024d55543b9f4ae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33036"], "package": "fast-xml-parser", "rule_id": "GHSA-8gc5-j5rx-235r", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-26278|browser/pnpm-lock.yaml", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8gc5-j5rx-235r", "GHSA-jmr7-xgp7-cmfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["330d110313767eacec361da075ea6a16c63dcc04b9895b4d4024d55543b9f4ae", "ee6e7689b8bbbe6116bb8985c2edb078409b365b364a93d4d666d9611b3b78df"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37qj-frw5-hhjh", "level": "error", "message": {"text": "fast-xml-parser: GHSA-37qj-frw5-hhjh"}, "properties": {"repobilityId": 95140, "scanner": "osv-scanner", "fingerprint": "7bb5dc9216e635d98fa50cd88ec8bb2015b52cd022ea321a83b2363ba9f2a50d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25128"], "package": "fast-xml-parser", "rule_id": "GHSA-37qj-frw5-hhjh", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25128|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rpmf-866q-6p89", "level": "error", "message": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "properties": {"repobilityId": 95138, "scanner": "osv-scanner", "fingerprint": "94f61ab9b5d83c3fc952e1ef014589e45d6099ee20405add97448f9e8f5e6af7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44240"], "package": "basic-ftp", "rule_id": "GHSA-rpmf-866q-6p89", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-44240|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp42-5vxx-qpwr", "level": "error", "message": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "properties": {"repobilityId": 95137, "scanner": "osv-scanner", "fingerprint": "199636cce106555e92535cd868fb380d8fd05d8a9a3a8a7ffdb4c635ec1ad51e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41324"], "package": "basic-ftp", "rule_id": "GHSA-rp42-5vxx-qpwr", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-41324|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6v7q-wjvx-w8wg", "level": "error", "message": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "properties": {"repobilityId": 95136, "scanner": "osv-scanner", "fingerprint": "73a79b3a8c5817eea43e05c098ba8bd5c4ac8a005e6b048ab1d3220cf6f71b35", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "basic-ftp", "rule_id": "GHSA-6v7q-wjvx-w8wg", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|GHSA-6V7Q-WJVX-W8WG|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 95134, "scanner": "repobility-threat-engine", "fingerprint": "e711aa41aaeb463d09963b668cdad05a3506ae65da82b4c1f87c2673e4df85a8", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((entry) => `${testsDir}/${entry.name}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e711aa41aaeb463d09963b668cdad05a3506ae65da82b4c1f87c2673e4df85a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-config-summary.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 95132, "scanner": "repobility-threat-engine", "fingerprint": "35fbaf579948a2adfb452c5ecccb429decaf67635c8280be468cfdd0673e5bb9", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(repoRoot, options?.input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|145|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-task-record-artifacts.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 95131, "scanner": "repobility-threat-engine", "fingerprint": "24c9a12ce05aa7402f32f5862023d51a50419472f749c2f127a73f11fe0f1c01", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(cwd, input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|14|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-config-selection.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 95130, "scanner": "repobility-threat-engine", "fingerprint": "69b6a76d0dae290ea29a79c9f4fc3e7c1959b6e4a88165f9f6f3d9fdb76dd534", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(cwd, parsed.input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|94|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/flaker-batch-summary.ts"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 95129, "scanner": "repobility-threat-engine", "fingerprint": "e36d42d9f037959ad6c752fa0e8cebf530f36be6cc89a8af1199a053e1f7f279", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(line", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e36d42d9f037959ad6c752fa0e8cebf530f36be6cc89a8af1199a053e1f7f279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-wpt-baselines.mjs"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 95123, "scanner": "repobility-threat-engine", "fingerprint": "6cb3181ba32d7e5bd4c14704b91d322c243cd9aceb50819b57adbd419751da26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ctx.save();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6cb3181ba32d7e5bd4c14704b91d322c243cd9aceb50819b57adbd419751da26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/playground/main.js"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 95121, "scanner": "repobility-threat-engine", "fingerprint": "f7031f86eb107a75263286720d5e2dbd6b673e349f1071cb883b5b7b3fa1514b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n  c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f7031f86eb107a75263286720d5e2dbd6b673e349f1071cb883b5b7b3fa1514b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/bidi-build-paths.mjs"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 95120, "scanner": "repobility-threat-engine", "fingerprint": "2799ba79a5d1cc52893b2e0bce11bbde4f41e1889b8f552bdd9e3793c0db20dc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2799ba79a5d1cc52893b2e0bce11bbde4f41e1889b8f552bdd9e3793c0db20dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/select-samples.ts"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 95119, "scanner": "repobility-threat-engine", "fingerprint": "dd3d9fd980634ceb48aa8bb63e1e99af3a68845ca22ad28cb73c08998b4af5fc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(l", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dd3d9fd980634ceb48aa8bb63e1e99af3a68845ca22ad28cb73c08998b4af5fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/nav-extraction/scripts/evaluate.ts"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95089, "scanner": "repobility-supply-chain", "fingerprint": "ad80e07f6559bd96aaddb00af5bac0486da79dc827a739cf4d28680eef19b920", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad80e07f6559bd96aaddb00af5bac0486da79dc827a739cf4d28680eef19b920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 630}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 95088, "scanner": "repobility-supply-chain", "fingerprint": "f1e74bcfd5e50f30a00540fb4a9d9937874e9a4d14b26a50d53fe134f7e90c59", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1e74bcfd5e50f30a00540fb4a9d9937874e9a4d14b26a50d53fe134f7e90c59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 569}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95087, "scanner": "repobility-supply-chain", "fingerprint": "bfc819d94558cdb43901d78a3da65fa592fe3b0c8678da61a853ba19c28c9971", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bfc819d94558cdb43901d78a3da65fa592fe3b0c8678da61a853ba19c28c9971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 555}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95086, "scanner": "repobility-supply-chain", "fingerprint": "41fa9baf4c7adaeea0c10b6e4a11cc15b9c05085b4d2251bde5be6fc95a49a66", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41fa9baf4c7adaeea0c10b6e4a11cc15b9c05085b4d2251bde5be6fc95a49a66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 543}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95085, "scanner": "repobility-supply-chain", "fingerprint": "8c7cffd0b0d8ca46981275e172183f7d886dd4e4d81574c095b820da1849ed6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c7cffd0b0d8ca46981275e172183f7d886dd4e4d81574c095b820da1849ed6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 535}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95084, "scanner": "repobility-supply-chain", "fingerprint": "efaaf6e07ddf02269f4717b1b957d4029b83a7ed9c9d79f00ceb65278e700912", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|efaaf6e07ddf02269f4717b1b957d4029b83a7ed9c9d79f00ceb65278e700912"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 479}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95083, "scanner": "repobility-supply-chain", "fingerprint": "97532d753113b9ec3b02874ff29d58461b9e36c4457d31775704dbdd33509669", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97532d753113b9ec3b02874ff29d58461b9e36c4457d31775704dbdd33509669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 462}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 95082, "scanner": "repobility-supply-chain", "fingerprint": "f3d8ebbd1100bd1d35c9d99a9cc2344589a4b0a3b935e675599ae79378337abf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f3d8ebbd1100bd1d35c9d99a9cc2344589a4b0a3b935e675599ae79378337abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 95081, "scanner": "repobility-supply-chain", "fingerprint": "65ec1994da30b4fd1165fc6848ac4a2ded13d365af7b0f4018eabd42e633f1e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65ec1994da30b4fd1165fc6848ac4a2ded13d365af7b0f4018eabd42e633f1e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 438}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95080, "scanner": "repobility-supply-chain", "fingerprint": "2eb21191376884f6666a387cc429da98f09ee4c290da223a2c95400fb49aae51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2eb21191376884f6666a387cc429da98f09ee4c290da223a2c95400fb49aae51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 433}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95079, "scanner": "repobility-supply-chain", "fingerprint": "ea86ce11c4254155d8c68cd035c439f90263a380088f4abd95ba368ffde34e00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ea86ce11c4254155d8c68cd035c439f90263a380088f4abd95ba368ffde34e00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 428}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95078, "scanner": "repobility-supply-chain", "fingerprint": "b32db7968ea96a6759b64c1d6272d8e42f5cda9774d120043d1206066318b142", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b32db7968ea96a6759b64c1d6272d8e42f5cda9774d120043d1206066318b142"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 406}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95077, "scanner": "repobility-supply-chain", "fingerprint": "d4e5950543c47bcc6bca01dad1c366c38d5278392718fe77730ec0a7f6114c06", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4e5950543c47bcc6bca01dad1c366c38d5278392718fe77730ec0a7f6114c06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95076, "scanner": "repobility-supply-chain", "fingerprint": "ac347ec66dc26bff8de912c6a1a7f1ff4b1f34e82305316ac82c6fe4420a9492", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac347ec66dc26bff8de912c6a1a7f1ff4b1f34e82305316ac82c6fe4420a9492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 95075, "scanner": "repobility-supply-chain", "fingerprint": "3f89d9bca41af3440c2289fe7e21ad49c6bdab430895a200de728273d4b77e2d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f89d9bca41af3440c2289fe7e21ad49c6bdab430895a200de728273d4b77e2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95074, "scanner": "repobility-supply-chain", "fingerprint": "32feab1ada7dd036587fdb5062fb37b3040ef153c7f897ee1eebd6333e0fd23a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32feab1ada7dd036587fdb5062fb37b3040ef153c7f897ee1eebd6333e0fd23a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95073, "scanner": "repobility-supply-chain", "fingerprint": "d6d185d093fbb3b0169a33761321648aba81099ea9e2ec03e88e51a3f59cb8eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6d185d093fbb3b0169a33761321648aba81099ea9e2ec03e88e51a3f59cb8eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95072, "scanner": "repobility-supply-chain", "fingerprint": "222dc93fd5f4946493185468713643f31691abe19f5ab3ebbab193c677fdcf63", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|222dc93fd5f4946493185468713643f31691abe19f5ab3ebbab193c677fdcf63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95071, "scanner": "repobility-supply-chain", "fingerprint": "d022f2c6c42a6d2eed90806927845481e237eac17ee83316f3cca7e3dbf4c573", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d022f2c6c42a6d2eed90806927845481e237eac17ee83316f3cca7e3dbf4c573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95070, "scanner": "repobility-supply-chain", "fingerprint": "9fd499b59ef3b2fe511c6a4cdcd095ef425f9e76a7de54aaff38a4bd1b07d29f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9fd499b59ef3b2fe511c6a4cdcd095ef425f9e76a7de54aaff38a4bd1b07d29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 95069, "scanner": "repobility-supply-chain", "fingerprint": "7bf8488801ad5e43271c391d59d545156187dc1762ee918440e4400c720d95fb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7bf8488801ad5e43271c391d59d545156187dc1762ee918440e4400c720d95fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v27`"}, "properties": {"repobilityId": 95068, "scanner": "repobility-supply-chain", "fingerprint": "5630a79959129e4be296a92961608780530f98379407353e6c15c0b10c45c673", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5630a79959129e4be296a92961608780530f98379407353e6c15c0b10c45c673"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95067, "scanner": "repobility-supply-chain", "fingerprint": "64742acbc78c2697a1d4c53267dffbe3c5e37061a545dd329d4c682052b5f80c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|64742acbc78c2697a1d4c53267dffbe3c5e37061a545dd329d4c682052b5f80c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95066, "scanner": "repobility-supply-chain", "fingerprint": "0798ffee3edc3bb20898a9917edd4c3d0634f677b4702eaf02951b9b5e27978d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0798ffee3edc3bb20898a9917edd4c3d0634f677b4702eaf02951b9b5e27978d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 95065, "scanner": "repobility-supply-chain", "fingerprint": "c5396ab0122d63423297e4226ee31221e10fb5c737bc527921f4b098f5e46d53", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c5396ab0122d63423297e4226ee31221e10fb5c737bc527921f4b098f5e46d53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._command` used but never assigned in __init__"}, "properties": {"repobilityId": 95064, "scanner": "repobility-ast-engine", "fingerprint": "fec9ba654457b5559ef90e746015621b62759c563e1bc2c80957c07fdca973d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fec9ba654457b5559ef90e746015621b62759c563e1bc2c80957c07fdca973d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_modules.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_events_received"}, "properties": {"repobilityId": 95061, "scanner": "repobility-ast-engine", "fingerprint": "0bf61306f85d45dbe9f263d93815c88fc16218057bd6b2e9469a3b55b886847a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0bf61306f85d45dbe9f263d93815c88fc16218057bd6b2e9469a3b55b886847a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 456}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_network_module"}, "properties": {"repobilityId": 95060, "scanner": "repobility-ast-engine", "fingerprint": "726ae554924dd94d03e9c9208d1ae8f85967715026dcc764bc20854b1d66fb39", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|726ae554924dd94d03e9c9208d1ae8f85967715026dcc764bc20854b1d66fb39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_input_module"}, "properties": {"repobilityId": 95059, "scanner": "repobility-ast-engine", "fingerprint": "82c7197c85b20d001b33fba10e0620c9c3cc44d9c3945bc60941d3dbb11e739d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82c7197c85b20d001b33fba10e0620c9c3cc44d9c3945bc60941d3dbb11e739d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 414}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_log_module"}, "properties": {"repobilityId": 95058, "scanner": "repobility-ast-engine", "fingerprint": "6a7d9d06b055c20ca2c22a03f0d98980975552ce2e7edca2374e626ddc9a332d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a7d9d06b055c20ca2c22a03f0d98980975552ce2e7edca2374e626ddc9a332d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_call_function_validation"}, "properties": {"repobilityId": 95057, "scanner": "repobility-ast-engine", "fingerprint": "19478e964fb1f614b2fac5b1191857f1393807d9415c16ca5b1f5d886db43c5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19478e964fb1f614b2fac5b1191857f1393807d9415c16ca5b1f5d886db43c5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_event_subscription"}, "properties": {"repobilityId": 95056, "scanner": "repobility-ast-engine", "fingerprint": "5b0ba8c0ffee71976372b1ab95eb8d6a6d6ae6b58bdbfe71c8a405f7ef3b086c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b0ba8c0ffee71976372b1ab95eb8d6a6d6ae6b58bdbfe71c8a405f7ef3b086c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_script_validation"}, "properties": {"repobilityId": 95055, "scanner": "repobility-ast-engine", "fingerprint": "db15d0c8e86081e24164add46be0d0bb790ec20ec0b59fb3edf390dd477d604f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db15d0c8e86081e24164add46be0d0bb790ec20ec0b59fb3edf390dd477d604f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_navigation"}, "properties": {"repobilityId": 95054, "scanner": "repobility-ast-engine", "fingerprint": "1399f2282a5f69892c179ba379f86be66a76cf8d26754c43a5876d2fe6c74ade", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1399f2282a5f69892c179ba379f86be66a76cf8d26754c43a5876d2fe6c74ade"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validation_errors"}, "properties": {"repobilityId": 95053, "scanner": "repobility-ast-engine", "fingerprint": "1564b50dce9a265bf0ab7a072e6a2ecb989d1880a324f9d2c9bfea500ca0c212", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1564b50dce9a265bf0ab7a072e6a2ecb989d1880a324f9d2c9bfea500ca0c212"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_script_call_function"}, "properties": {"repobilityId": 95052, "scanner": "repobility-ast-engine", "fingerprint": "f9382e22aee9c1738486063b2916de163cccaa950479479f020315b6f51f92e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9382e22aee9c1738486063b2916de163cccaa950479479f020315b6f51f92e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_script_evaluate"}, "properties": {"repobilityId": 95051, "scanner": "repobility-ast-engine", "fingerprint": "0e001d5de8eb46acae5bd97e566e2bd800a6871b9e5c361ebee0124205cfa627", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e001d5de8eb46acae5bd97e566e2bd800a6871b9e5c361ebee0124205cfa627"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_browsing_context_get_tree"}, "properties": {"repobilityId": 95050, "scanner": "repobility-ast-engine", "fingerprint": "a2d0676632509f9d461b56d98e1e9b7587ce48a8d38aed76ff52d8d4bd39b8e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2d0676632509f9d461b56d98e1e9b7587ce48a8d38aed76ff52d8d4bd39b8e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_browsing_context_create"}, "properties": {"repobilityId": 95049, "scanner": "repobility-ast-engine", "fingerprint": "a4c4f2493103c9ca6f5c599b898e9f9b6c82b1edd7a25d61817a53cc02f42ee7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4c4f2493103c9ca6f5c599b898e9f9b6c82b1edd7a25d61817a53cc02f42ee7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_session_status"}, "properties": {"repobilityId": 95048, "scanner": "repobility-ast-engine", "fingerprint": "f73376a1ec06af6e985a17b940dd51a87360978107ae5051068e0eda03f1f8b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f73376a1ec06af6e985a17b940dd51a87360978107ae5051068e0eda03f1f8b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_command` used but never assigned in __init__"}, "properties": {"repobilityId": 95044, "scanner": "repobility-ast-engine", "fingerprint": "cc12df4f68f9a0c74adf09fb0d0efa27c09ce18fcd4c74a9b450dbf97d17762e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc12df4f68f9a0c74adf09fb0d0efa27c09ce18fcd4c74a9b450dbf97d17762e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 361}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.command` used but never assigned in __init__"}, "properties": {"repobilityId": 95043, "scanner": "repobility-ast-engine", "fingerprint": "2efd9b5b59d97dfd293a495909e7b3c14ce75ecfbf2eb284a6a2357b2717d254", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2efd9b5b59d97dfd293a495909e7b3c14ce75ecfbf2eb284a6a2357b2717d254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 352}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.command` used but never assigned in __init__"}, "properties": {"repobilityId": 95042, "scanner": "repobility-ast-engine", "fingerprint": "137a0126c72121710a25bdef7354d290e67858ca0565994b575cb70aa2a4e498", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|137a0126c72121710a25bdef7354d290e67858ca0565994b575cb70aa2a4e498"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 342}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_params` used but never assigned in __init__"}, "properties": {"repobilityId": 95041, "scanner": "repobility-ast-engine", "fingerprint": "7be6925a71befa3d7d7828617323904fc17f97b2fbaa6de2d6b1607b35a9399c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7be6925a71befa3d7d7828617323904fc17f97b2fbaa6de2d6b1607b35a9399c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._is_undefined` used but never assigned in __init__"}, "properties": {"repobilityId": 95040, "scanner": "repobility-ast-engine", "fingerprint": "9dfcbb233746f2ff84248cca2213ceea8dc6fdede3f98b7cdf0a309bcd051484", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9dfcbb233746f2ff84248cca2213ceea8dc6fdede3f98b7cdf0a309bcd051484"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_params` used but never assigned in __init__"}, "properties": {"repobilityId": 95039, "scanner": "repobility-ast-engine", "fingerprint": "dfb9534642d6cb2d5eae9aae77980586231793503f642978f4328e5acd9d7b6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dfb9534642d6cb2d5eae9aae77980586231793503f642978f4328e5acd9d7b6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._is_undefined` used but never assigned in __init__"}, "properties": {"repobilityId": 95038, "scanner": "repobility-ast-engine", "fingerprint": "e832a78822ea97aba013c95d04884d4d2ccd688a7347b64a7771cc704c38d852", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e832a78822ea97aba013c95d04884d4d2ccd688a7347b64a7771cc704c38d852"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_params` used but never assigned in __init__"}, "properties": {"repobilityId": 95037, "scanner": "repobility-ast-engine", "fingerprint": "414c0670633e96b6b9956ec1f5cee6113b6f6bd8fba47731ddeca5e760572083", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|414c0670633e96b6b9956ec1f5cee6113b6f6bd8fba47731ddeca5e760572083"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_params` used but never assigned in __init__"}, "properties": {"repobilityId": 95036, "scanner": "repobility-ast-engine", "fingerprint": "d1442abd8cdde343d44f3ca8da8079e0b7c57da746be087923d225fdc556e483", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1442abd8cdde343d44f3ca8da8079e0b7c57da746be087923d225fdc556e483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_params` used but never assigned in __init__"}, "properties": {"repobilityId": 95035, "scanner": "repobility-ast-engine", "fingerprint": "4e0b3d51b6c3379ad31e234e2f9a82747e83c0e073bd6d412f434d7f8e98abdd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e0b3d51b6c3379ad31e234e2f9a82747e83c0e073bd6d412f434d7f8e98abdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.add_event_listener` used but never assigned in __init__"}, "properties": {"repobilityId": 95034, "scanner": "repobility-ast-engine", "fingerprint": "6d3e58cd0dd516ddc50a2d532de917f099d4a8ee9aa415e73291b67274cc43d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d3e58cd0dd516ddc50a2d532de917f099d4a8ee9aa415e73291b67274cc43d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.consume_latest_event_backlog` used but never assigned in __init__"}, "properties": {"repobilityId": 95033, "scanner": "repobility-ast-engine", "fingerprint": "9e89d3a41a786f30a83acda80ae9f3b53b7b185788dd55cde1e1859293b6e692", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e89d3a41a786f30a83acda80ae9f3b53b7b185788dd55cde1e1859293b6e692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.add_event_listener` used but never assigned in __init__"}, "properties": {"repobilityId": 95032, "scanner": "repobility-ast-engine", "fingerprint": "c36791cfe045fc77f6f8026bb11d2ace394f234426e53f0d8baaf63bc7df63a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c36791cfe045fc77f6f8026bb11d2ace394f234426e53f0d8baaf63bc7df63a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.clear_event_backlog` used but never assigned in __init__"}, "properties": {"repobilityId": 95031, "scanner": "repobility-ast-engine", "fingerprint": "89bef1eb3563560a7c199238969c01de511b358c9dfe5542c6675e3c1f6bb725", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89bef1eb3563560a7c199238969c01de511b358c9dfe5542c6675e3c1f6bb725"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_command` used but never assigned in __init__"}, "properties": {"repobilityId": 95030, "scanner": "repobility-ast-engine", "fingerprint": "4339cfad64cd72b1d66763970c00575d4350fac3d207315c3238f2f272ecf76f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4339cfad64cd72b1d66763970c00575d4350fac3d207315c3238f2f272ecf76f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95029, "scanner": "repobility-ast-engine", "fingerprint": "4ab8e1c1f7475a7f714b93836717a85f4c75dec94c1e77d45f18ac145b256406", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ab8e1c1f7475a7f714b93836717a85f4c75dec94c1e77d45f18ac145b256406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_params` used but never assigned in __init__"}, "properties": {"repobilityId": 95028, "scanner": "repobility-ast-engine", "fingerprint": "ea7c28fd47a1f09a4c390fe859fe5d561d5606443039df7e2ade8c8b5eeb112f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea7c28fd47a1f09a4c390fe859fe5d561d5606443039df7e2ade8c8b5eeb112f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95027, "scanner": "repobility-ast-engine", "fingerprint": "234d43fddaed48be7130f578650522137bd7e1805dfb89b7b63348dc53c9e213", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|234d43fddaed48be7130f578650522137bd7e1805dfb89b7b63348dc53c9e213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95026, "scanner": "repobility-ast-engine", "fingerprint": "b24899aed2fe43b262f8c2aa87eed10de1457645b0c7b81f571e158b6d953089", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b24899aed2fe43b262f8c2aa87eed10de1457645b0c7b81f571e158b6d953089"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95025, "scanner": "repobility-ast-engine", "fingerprint": "0ebff4b7672c858c0c6c934a5467f2d9bf1e77af3d4132304a28412f21fb706d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ebff4b7672c858c0c6c934a5467f2d9bf1e77af3d4132304a28412f21fb706d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95024, "scanner": "repobility-ast-engine", "fingerprint": "838256998c91314fa2b4e8fe7caf5d82fe51ca919a659790cb252d0aa0983163", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|838256998c91314fa2b4e8fe7caf5d82fe51ca919a659790cb252d0aa0983163"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95023, "scanner": "repobility-ast-engine", "fingerprint": "67b2174eafa55c9b767d99adadf9e25cf190eac90c338647b7a71cdf4a2869a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67b2174eafa55c9b767d99adadf9e25cf190eac90c338647b7a71cdf4a2869a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._trace` used but never assigned in __init__"}, "properties": {"repobilityId": 95022, "scanner": "repobility-ast-engine", "fingerprint": "4bca088a57ef77dd4473ac5cff30ada920d5420707cee77e185b3359f85c7f87", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4bca088a57ef77dd4473ac5cff30ada920d5420707cee77e185b3359f85c7f87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._receive_messages` used but never assigned in __init__"}, "properties": {"repobilityId": 95021, "scanner": "repobility-ast-engine", "fingerprint": "9eede61888d34e1be2ba5487ba4e1eaae8fb3d7290e75371a1a639fb8f071a84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9eede61888d34e1be2ba5487ba4e1eaae8fb3d7290e75371a1a639fb8f071a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page_same_origin_frame"}, "properties": {"repobilityId": 95020, "scanner": "repobility-ast-engine", "fingerprint": "9ed7e9cfff913abd544fec8f7ae9b462dabb900320205d94f376861f122070ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ed7e9cfff913abd544fec8f7ae9b462dabb900320205d94f376861f122070ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1471}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page_cross_origin_frame"}, "properties": {"repobilityId": 95019, "scanner": "repobility-ast-engine", "fingerprint": "6e16a18f403dff8bf1e429e982913d239d73a6b22f6cf3e5c8c589491fab39fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e16a18f403dff8bf1e429e982913d239d73a6b22f6cf3e5c8c589491fab39fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1466}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page_nested_frames"}, "properties": {"repobilityId": 95018, "scanner": "repobility-ast-engine", "fingerprint": "afbd72c5af93197a85f047ed8fec56cce5229157c44ea0167c99105b5ef0ce7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afbd72c5af93197a85f047ed8fec56cce5229157c44ea0167c99105b5ef0ce7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1461}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page_multiple_frames"}, "properties": {"repobilityId": 95017, "scanner": "repobility-ast-engine", "fingerprint": "578b1e21a90a640d4ce3d2460fffaf3f5bfee770230e5d16a37b061ba759f04f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|578b1e21a90a640d4ce3d2460fffaf3f5bfee770230e5d16a37b061ba759f04f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1456}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page_cross_origin"}, "properties": {"repobilityId": 95016, "scanner": "repobility-ast-engine", "fingerprint": "5e71de98ad3df53dde21b002eed0e7010cf5209533c1667b79f91cf386fca071", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e71de98ad3df53dde21b002eed0e7010cf5209533c1667b79f91cf386fca071"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1451}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page2"}, "properties": {"repobilityId": 95015, "scanner": "repobility-ast-engine", "fingerprint": "33746231be5f8dd7e7b568c33e2a795a0cc19c3e28b72e28a57d7c1fb1cf5710", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33746231be5f8dd7e7b568c33e2a795a0cc19c3e28b72e28a57d7c1fb1cf5710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1446}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_alt_origin"}, "properties": {"repobilityId": 95014, "scanner": "repobility-ast-engine", "fingerprint": "1b1bf90b3d8d5bcf345cee4dc95398ee9563a141cea62c63e5c9ca1c8c7f2b35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b1bf90b3d8d5bcf345cee4dc95398ee9563a141cea62c63e5c9ca1c8c7f2b35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1441}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_origin"}, "properties": {"repobilityId": 95013, "scanner": "repobility-ast-engine", "fingerprint": "a5aad715612317db5e597835bb23ecdb1d776a926c90ce94f40e8ed945597810", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5aad715612317db5e597835bb23ecdb1d776a926c90ce94f40e8ed945597810"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 1436}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_page"}, "properties": {"repobilityId": 95012, "scanner": "repobility-ast-engine", "fingerprint": "aaf38eb55356137b575e8616ee0b0c7074cbc4502cca9d1597d5604e04ac3e7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aaf38eb55356137b575e8616ee0b0c7074cbc4502cca9d1597d5604e04ac3e7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/crater_bidi_adapter.py"}, "region": {"startLine": 935}}}]}, {"ruleId": "GHSA-5xrq-8626-4rwp", "level": "error", "message": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "properties": {"repobilityId": 95197, "scanner": "osv-scanner", "fingerprint": "0806fec4420135fab4b0c94dfe4a59c4faf5e0da4ecef5e379ff15a3f669b383", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47429"], "package": "vitest", "rule_id": "GHSA-5xrq-8626-4rwp", "scanner": "osv-scanner", "correlation_key": "vuln|vitest|CVE-2026-47429|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7jm-9gc2-mpf2", "level": "error", "message": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "properties": {"repobilityId": 95174, "scanner": "osv-scanner", "fingerprint": "db7f5f593c3bbed98a3a8dce2d9856dbd244753df9302fd82faea9143a830ac4", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25896"], "package": "fast-xml-parser", "rule_id": "GHSA-m7jm-9gc2-mpf2", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25896|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5xrq-8626-4rwp", "level": "error", "message": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "properties": {"repobilityId": 95162, "scanner": "osv-scanner", "fingerprint": "63354b58456da3b4c2cf65dba7f42a30428ef893e47e371a076546b5a7a64ec1", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47429"], "package": "vitest", "rule_id": "GHSA-5xrq-8626-4rwp", "scanner": "osv-scanner", "correlation_key": "vuln|vitest|CVE-2026-47429|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7jm-9gc2-mpf2", "level": "error", "message": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "properties": {"repobilityId": 95145, "scanner": "osv-scanner", "fingerprint": "d780819a483955739b7ee45d3cfeb95ebaad6742697184b2fea4aa689f0bcf06", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25896"], "package": "fast-xml-parser", "rule_id": "GHSA-m7jm-9gc2-mpf2", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25896|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5rq4-664w-9x2c", "level": "error", "message": {"text": "basic-ftp: GHSA-5rq4-664w-9x2c"}, "properties": {"repobilityId": 95135, "scanner": "osv-scanner", "fingerprint": "771dd39af751f4da5fc3d4fa9ca821ec6c0b3bb37d3ba3910209489800cc9efc", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27699"], "package": "basic-ftp", "rule_id": "GHSA-5rq4-664w-9x2c", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-27699|browser/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "browser/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 95126, "scanner": "repobility-threat-engine", "fingerprint": "7f12f340ece27348e2f71ea8eb1acff458fb1c0891e84377d851898fb829a3a4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f12f340ece27348e2f71ea8eb1acff458fb1c0891e84377d851898fb829a3a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/capture-real-world-snapshot.ts"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 95062, "scanner": "repobility-ast-engine", "fingerprint": "832518ec99307990c85e1bd6d51cdbae4323a44df8ae4aad8e444fc88aec852f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|832518ec99307990c85e1bd6d51cdbae4323a44df8ae4aad8e444fc88aec852f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test-bidi-manual.py"}, "region": {"startLine": 220}}}]}]}]}