{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j8xg-fqg3-53r7", "name": "word-wrap: GHSA-j8xg-fqg3-53r7", "shortDescription": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "fullDescription": {"text": "word-wrap vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f5x3-32g6-xq36", "name": "tar: GHSA-f5x3-32g6-xq36", "shortDescription": {"text": "tar: GHSA-f5x3-32g6-xq36"}, "fullDescription": {"text": "Denial of service while parsing a tar file due to lack of folders count validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-952p-6rrq-rcjv", "name": "micromatch: GHSA-952p-6rrq-rcjv", "shortDescription": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in micromatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxjr-mmjv-4gpg", "name": "lodash: GHSA-xxjr-mmjv-4gpg", "shortDescription": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "fullDescription": {"text": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh29-5h37-fv8m", "name": "js-yaml: GHSA-mh29-5h37-fv8m", "shortDescription": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "fullDescription": {"text": "js-yaml has prototype pollution in merge (<<)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ghr5-ch3p-vcr6", "name": "ejs: GHSA-ghr5-ch3p-vcr6", "shortDescription": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "fullDescription": {"text": "ejs lacks certain pollution protection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xx4v-prfh-6cgc", "name": "@octokit/request-error: GHSA-xx4v-prfh-6cgc", "shortDescription": {"text": "@octokit/request-error: GHSA-xx4v-prfh-6cgc"}, "fullDescription": {"text": "@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rmvr-2pp2-xj38", "name": "@octokit/request: GHSA-rmvr-2pp2-xj38", "shortDescription": {"text": "@octokit/request: GHSA-rmvr-2pp2-xj38"}, "fullDescription": {"text": "@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h5c3-5r3r-rr8q", "name": "@octokit/plugin-paginate-rest: GHSA-h5c3-5r3r-rr8q", "shortDescription": {"text": "@octokit/plugin-paginate-rest: GHSA-h5c3-5r3r-rr8q"}, "fullDescription": {"text": "@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gh4j-gqv2-49f6", "name": "fast-xml-parser: GHSA-gh4j-gqv2-49f6", "shortDescription": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "fullDescription": {"text": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8mj-m7cp-5q26", "name": "qs: GHSA-q8mj-m7cp-5q26", "shortDescription": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "fullDescription": {"text": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `ui5-tooling-transpile` is 3 major version(s) behind (0.7.18 -> 3.11.2)", "shortDescription": {"text": "npm package `ui5-tooling-transpile` is 3 major version(s) behind (0.7.18 -> 3.11.2)"}, "fullDescription": {"text": "`ui5-tooling-transpile` is pinned/resolved at 0.7.18 but the latest stable release on the npm registry is 3.11.2 (3 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GHSA-52f5-9888-hmc6", "name": "tmp: GHSA-52f5-9888-hmc6", "shortDescription": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "fullDescription": {"text": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-78xj-cgh5-2h22", "name": "ip: GHSA-78xj-cgh5-2h22", "shortDescription": {"text": "ip: GHSA-78xj-cgh5-2h22"}, "fullDescription": {"text": "NPM IP package incorrectly identifies some private IP addresses as public"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-73rr-hh4g-fpgx", "name": "diff: GHSA-73rr-hh4g-fpgx", "shortDescription": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "fullDescription": {"text": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vpq2-c234-7xj6", "name": "@tootallnate/once: GHSA-vpq2-c234-7xj6", "shortDescription": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "fullDescription": {"text": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "GHSA-vv9j-gjw2-j8wp", "name": "yeoman-environment: GHSA-vv9j-gjw2-j8wp", "shortDescription": {"text": "yeoman-environment: GHSA-vv9j-gjw2-j8wp"}, "fullDescription": {"text": "yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ph9p-34f9-6g65", "name": "tmp: GHSA-ph9p-34f9-6g65", "shortDescription": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "fullDescription": {"text": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r6q2-hw4h-h46w", "name": "tar: GHSA-r6q2-hw4h-h46w", "shortDescription": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "fullDescription": {"text": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qffp-2rhf-9h96", "name": "tar: GHSA-qffp-2rhf-9h96", "shortDescription": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "fullDescription": {"text": "tar has Hardlink Path Traversal via Drive-Relative Linkpath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9ppj-qmqm-q256", "name": "tar: GHSA-9ppj-qmqm-q256", "shortDescription": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "fullDescription": {"text": "node-tar Symlink Path Traversal via Drive-Relative Linkpath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8qq5-rm4j-mr97", "name": "tar: GHSA-8qq5-rm4j-mr97", "shortDescription": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "fullDescription": {"text": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-83g3-92jg-28cx", "name": "tar: GHSA-83g3-92jg-28cx", "shortDescription": {"text": "tar: GHSA-83g3-92jg-28cx"}, "fullDescription": {"text": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-34x7-hfp2-rc4v", "name": "tar: GHSA-34x7-hfp2-rc4v", "shortDescription": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "fullDescription": {"text": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2qf-rxjj-qqgw", "name": "semver: GHSA-c2qf-rxjj-qqgw", "shortDescription": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "fullDescription": {"text": "semver vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wv6-86v2-598j", "name": "path-to-regexp: GHSA-9wv6-86v2-598j", "shortDescription": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "fullDescription": {"text": "path-to-regexp outputs backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2p57-rm9w-gvfp", "name": "ip: GHSA-2p57-rm9w-gvfp", "shortDescription": {"text": "ip: GHSA-2p57-rm9w-gvfp"}, "fullDescription": {"text": "ip SSRF improper categorization in isPublic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5j98-mcp5-4vw2", "name": "glob: GHSA-5j98-mcp5-4vw2", "shortDescription": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "fullDescription": {"text": "glob CLI: Command injection via -c/--cmd executes matches with shell:true"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3xgq-45jj-v275", "name": "cross-spawn: GHSA-3xgq-45jj-v275", "shortDescription": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in cross-spawn"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-grv7-fg5c-xmjg", "name": "braces: GHSA-grv7-fg5c-xmjg", "shortDescription": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "fullDescription": {"text": "Uncontrolled resource consumption in braces"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1105"}, "properties": {"repository": "SAP-samples/ui5-typescript-tutorial", "repoUrl": "https://github.com/SAP-samples/ui5-typescript-tutorial", "branch": "main"}, "results": [{"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 108902, "scanner": "osv-scanner", "fingerprint": "2089b3ccf10e7f39867f52846866dd76dae3fd364158bf732d3ea3d0aaed37d8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j8xg-fqg3-53r7", "level": "warning", "message": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "properties": {"repobilityId": 108901, "scanner": "osv-scanner", "fingerprint": "862f26160ba83d2782869dedb4c65071ecea4a2da9e81d06318071316d7a0dd5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26115"], "package": "word-wrap", "rule_id": "GHSA-j8xg-fqg3-53r7", "scanner": "osv-scanner", "correlation_key": "vuln|word-wrap|CVE-2023-26115|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f5x3-32g6-xq36", "level": "warning", "message": {"text": "tar: GHSA-f5x3-32g6-xq36"}, "properties": {"repobilityId": 108896, "scanner": "osv-scanner", "fingerprint": "bf60df049343761fbc24a654785ed081328b538f0181b4c10474e5d7fa7b3aee", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-28863"], "package": "tar", "rule_id": "GHSA-f5x3-32g6-xq36", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2024-28863|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 108889, "scanner": "osv-scanner", "fingerprint": "6f45eb20819e5b82775185f3f92dcb5b775b53df882906a1d9dd9640bd1c701a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 108884, "scanner": "osv-scanner", "fingerprint": "54910e64ca331e62e593e416a2c32cc4287d8b497845d3301163dda39e0601cf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 108883, "scanner": "osv-scanner", "fingerprint": "1e5b528b499567c9e9bdb03ef9b1ccb06623f199247bfecd70d6b7ec172735e1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 108881, "scanner": "osv-scanner", "fingerprint": "d28c088f3d52f29bd75c886d31309a8745e6ae001176fc6a9caaa152ea7c3fdf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 108880, "scanner": "osv-scanner", "fingerprint": "c9e69e40fe57195b9079b5589ed3954b72565ff47b17768da71f404620c4da6b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghr5-ch3p-vcr6", "level": "warning", "message": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "properties": {"repobilityId": 108874, "scanner": "osv-scanner", "fingerprint": "b1a2dcb3fe12f620e71173c583b7685f1dd73abdac4b403efaf4c452552d1277", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-33883"], "package": "ejs", "rule_id": "GHSA-ghr5-ch3p-vcr6", "scanner": "osv-scanner", "correlation_key": "vuln|ejs|CVE-2024-33883|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 108869, "scanner": "osv-scanner", "fingerprint": "24b5baaf170d3f73e62f2bcaf1f44f77f6acc7e1d4b8173744a599e2252ed8b3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 108868, "scanner": "osv-scanner", "fingerprint": "b94ab018ac8f78da24de4aa24f6fa897901fd915d0adbfbf064ae1c8184bbf78", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xx4v-prfh-6cgc", "level": "warning", "message": {"text": "@octokit/request-error: GHSA-xx4v-prfh-6cgc"}, "properties": {"repobilityId": 108866, "scanner": "osv-scanner", "fingerprint": "62cc5808dac71ce0c55abe6aaa59cec980d54c19d7a642d69400da84ae96f892", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-25289"], "package": "@octokit/request-error", "rule_id": "GHSA-xx4v-prfh-6cgc", "scanner": "osv-scanner", "correlation_key": "vuln|octokit/request-error|CVE-2025-25289|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rmvr-2pp2-xj38", "level": "warning", "message": {"text": "@octokit/request: GHSA-rmvr-2pp2-xj38"}, "properties": {"repobilityId": 108865, "scanner": "osv-scanner", "fingerprint": "1db07344ae3bd09be3d8f46916adea234943a0d4987dead22c037bc1f8122044", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-25290"], "package": "@octokit/request", "rule_id": "GHSA-rmvr-2pp2-xj38", "scanner": "osv-scanner", "correlation_key": "vuln|octokit/request|CVE-2025-25290|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h5c3-5r3r-rr8q", "level": "warning", "message": {"text": "@octokit/plugin-paginate-rest: GHSA-h5c3-5r3r-rr8q"}, "properties": {"repobilityId": 108864, "scanner": "osv-scanner", "fingerprint": "ff2663b6c44f26ad83752363daa4c07a56d51fd75ea10acba2c2151a7f28d66f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-25288"], "package": "@octokit/plugin-paginate-rest", "rule_id": "GHSA-h5c3-5r3r-rr8q", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2025-25288|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 108863, "scanner": "osv-scanner", "fingerprint": "d4e922edb287e651cb00fdbeff2a8cd116c184605ed6eaec57d7a6040159e02c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|token", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-gh4j-gqv2-49f6"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["033401c485e9d09904a4d118fde665a714c7cef69b63fd104ccbf2cda5e86479", "2859b7dc0282095287d8ab03f7069f2634024dec05b810b433908a8ad94d3a3a", "d4e922edb287e651cb00fdbeff2a8cd116c184605ed6eaec57d7a6040159e02c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex4/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 108855, "scanner": "osv-scanner", "fingerprint": "c0a1475b58f0500fddeb49d566cba897a6f8c21c87c464c98af0a4778cf495ef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-q8mj-m7cp-5q26"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4c416cc6e39f738862331bda228b2eb96db8573a42c4b65c3d7f609d3a7d4a18", "64f39c0080fd378e8a7110edb7c7384da5138fc6ce90c45df8cd21e6c85a30d8", "7973b42ea517e85971a09bf28b0d2f85b2174c99f1cfa1129dbc628592e67d89", "ba340a01f3e56103e3103c534d30f6d442da3cdd800a1585dc2deda65f8fea58", "c0a1475b58f0500fddeb49d566cba897a6f8c21c87c464c98af0a4778cf495ef", "f377e8a50616e4737ca139bb047568d7a8aace53637ec3f37655d9e03189bd0b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 108853, "scanner": "osv-scanner", "fingerprint": "dd6e3692d37b95e2bdcc10ef7a70cd71f109fe1c821d8af6ec97a1d70b30536f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|token", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-f886-m6hf-6m8v"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9050b1b341e1a4082110f7e9009914f4c04c40a0c16841929d605b3aadb9b710", "d3b1ebc4c53299064aa2c815fcf5c29c04f9203120f9948d70a9d93b289fc001", "dd6e3692d37b95e2bdcc10ef7a70cd71f109fe1c821d8af6ec97a1d70b30536f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `ui5-tooling-transpile` is 3 major version(s) behind (0.7.18 -> 3.11.2)"}, "properties": {"repobilityId": 108850, "scanner": "repobility-dependency-currency", "fingerprint": "64de1fedcd3596b2cbed6c95b7e4e6e9e495155fa6cb1f674985c46b4840be7b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ui5-tooling-transpile", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.11.2", "correlation_key": "fp|64de1fedcd3596b2cbed6c95b7e4e6e9e495155fa6cb1f674985c46b4840be7b", "current_version": "0.7.18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `ui5-tooling-modules` is 3 major version(s) behind (0.9.12 -> 3.37.1)"}, "properties": {"repobilityId": 108849, "scanner": "repobility-dependency-currency", "fingerprint": "d6c258ecd86eb3e396d3552d60feeb845089e82b228a78c903724380018e9b72", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ui5-tooling-modules", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.37.1", "correlation_key": "fp|d6c258ecd86eb3e396d3552d60feeb845089e82b228a78c903724380018e9b72", "current_version": "0.9.12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `ui5-middleware-livereload` is 3 major version(s) behind (0.8.4 -> 3.3.1)"}, "properties": {"repobilityId": 108848, "scanner": "repobility-dependency-currency", "fingerprint": "6ec25257d6b9e177fd458c4565e4a2181fe7817d7074dde9bed99ab8070633c5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ui5-middleware-livereload", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.3.1", "correlation_key": "fp|6ec25257d6b9e177fd458c4565e4a2181fe7817d7074dde9bed99ab8070633c5", "current_version": "0.8.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `rimraf` is 3 major version(s) behind (3.0.2 -> 6.1.3)"}, "properties": {"repobilityId": 108847, "scanner": "repobility-dependency-currency", "fingerprint": "f460bc22ad744a14e10db65de50acc6aaa7a5a426e93ade1f609e1e1ff3fcf30", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "rimraf", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.1.3", "correlation_key": "fp|f460bc22ad744a14e10db65de50acc6aaa7a5a426e93ade1f609e1e1ff3fcf30", "current_version": "3.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `karma-ui5-transpile` is 3 major version(s) behind (0.3.23 -> 3.6.4)"}, "properties": {"repobilityId": 108846, "scanner": "repobility-dependency-currency", "fingerprint": "45e977afa6bf606d742856496e46a0255c4ff7de4cce90552c4ca9b3a8dda6c3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-ui5-transpile", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.6.4", "correlation_key": "fp|45e977afa6bf606d742856496e46a0255c4ff7de4cce90552c4ca9b3a8dda6c3", "current_version": "0.3.23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `karma-ui5` is 1 major version(s) behind (3.0.3 -> 4.1.0)"}, "properties": {"repobilityId": 108845, "scanner": "repobility-dependency-currency", "fingerprint": "c690a74d85aa0e898bfcd96e8d45789ec270c8ac6270dcfde466ea6698f5a2d4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-ui5", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.1.0", "correlation_key": "fp|c690a74d85aa0e898bfcd96e8d45789ec270c8ac6270dcfde466ea6698f5a2d4", "current_version": "3.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `yeoman-test` is 4 major version(s) behind (7.4.0 -> 11.5.2)"}, "properties": {"repobilityId": 108841, "scanner": "repobility-dependency-currency", "fingerprint": "4d201ae096709698a81c18995d80c8caf6a511bf39869480b6bd37750032d4e5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "yeoman-test", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "11.5.2", "correlation_key": "fp|4d201ae096709698a81c18995d80c8caf6a511bf39869480b6bd37750032d4e5", "current_version": "7.4.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `pretty-quick` is 1 major version(s) behind (3.1.3 -> 4.2.2)"}, "properties": {"repobilityId": 108840, "scanner": "repobility-dependency-currency", "fingerprint": "69330216d7bc4ff267afcd0b66b1208522246c6f490037b0d012f86b7798b524", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pretty-quick", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.2.2", "correlation_key": "fp|69330216d7bc4ff267afcd0b66b1208522246c6f490037b0d012f86b7798b524", "current_version": "3.1.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `prettier` is 1 major version(s) behind (2.8.8 -> 3.8.3)"}, "properties": {"repobilityId": 108838, "scanner": "repobility-dependency-currency", "fingerprint": "082e87883fa858fce72093504c7d6e453f0ae91e095d6651480bcc6e6de9f964", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prettier", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.8.3", "correlation_key": "fp|082e87883fa858fce72093504c7d6e453f0ae91e095d6651480bcc6e6de9f964", "current_version": "2.8.8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `lint-staged` is 4 major version(s) behind (13.2.2 -> 17.0.7)"}, "properties": {"repobilityId": 108837, "scanner": "repobility-dependency-currency", "fingerprint": "d7c878ba05390f9601deed050f7c020d4a562897cae4d79983b5e1dacf58a22d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "lint-staged", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.0.7", "correlation_key": "fp|d7c878ba05390f9601deed050f7c020d4a562897cae4d79983b5e1dacf58a22d", "current_version": "13.2.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `husky` is 1 major version(s) behind (8.0.3 -> 9.1.7)"}, "properties": {"repobilityId": 108836, "scanner": "repobility-dependency-currency", "fingerprint": "a18e854ef2ad6571de7fc23f945b9624ee340a421ba6cda962bb5395faca2b31", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "husky", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.1.7", "correlation_key": "fp|a18e854ef2ad6571de7fc23f945b9624ee340a421ba6cda962bb5395faca2b31", "current_version": "8.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@prettier/plugin-xml` is 1 major version(s) behind (2.2.0 -> 3.4.2)"}, "properties": {"repobilityId": 108835, "scanner": "repobility-dependency-currency", "fingerprint": "315624e7446191977bb4215873fb87eb3d000cbd63b46601ee71d7a04de12d7a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@prettier/plugin-xml", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.4.2", "correlation_key": "fp|315624e7446191977bb4215873fb87eb3d000cbd63b46601ee71d7a04de12d7a", "current_version": "2.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `yosay` is 1 major version(s) behind (2.0.2 -> 3.0.0)"}, "properties": {"repobilityId": 108834, "scanner": "repobility-dependency-currency", "fingerprint": "a14741497092b265f1b763c31d61e0cd76afa5ec66c5eb49287aeb3254172076", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "yosay", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.0.0", "correlation_key": "fp|a14741497092b265f1b763c31d61e0cd76afa5ec66c5eb49287aeb3254172076", "current_version": "2.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `yeoman-generator` is 3 major version(s) behind (5.9.0 -> 8.2.2)"}, "properties": {"repobilityId": 108833, "scanner": "repobility-dependency-currency", "fingerprint": "e41137acde261333f6a84ad201f322a0cfdb8715eba6fabce9cbcf2dda4263fc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "yeoman-generator", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.2.2", "correlation_key": "fp|e41137acde261333f6a84ad201f322a0cfdb8715eba6fabce9cbcf2dda4263fc", "current_version": "5.9.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `upath` is 1 major version(s) behind (2.0.1 -> 3.0.7)"}, "properties": {"repobilityId": 108832, "scanner": "repobility-dependency-currency", "fingerprint": "5aa706a2f60bbc313af023f11e3e577243db9f8894d3ae2a741874a4f7239608", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "upath", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.0.7", "correlation_key": "fp|5aa706a2f60bbc313af023f11e3e577243db9f8894d3ae2a741874a4f7239608", "current_version": "2.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `semver` is 2 major version(s) behind (5.7.1 -> 7.8.2)"}, "properties": {"repobilityId": 108831, "scanner": "repobility-dependency-currency", "fingerprint": "fa3426de4f918c375dabe345a10a236a5ba6ec80f0c81993cbdd5411cb3e9f2e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "semver", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.8.2", "correlation_key": "fp|fa3426de4f918c375dabe345a10a236a5ba6ec80f0c81993cbdd5411cb3e9f2e", "current_version": "5.7.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `package-json` is 2 major version(s) behind (8.1.1 -> 10.0.1)"}, "properties": {"repobilityId": 108830, "scanner": "repobility-dependency-currency", "fingerprint": "59e251b02941f9895b51c70e4e46cdac88beee6f4dcae04edf477894b87b2aea", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "package-json", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.0.1", "correlation_key": "fp|59e251b02941f9895b51c70e4e46cdac88beee6f4dcae04edf477894b87b2aea", "current_version": "8.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `glob` is 6 major version(s) behind (7.2.3 -> 13.0.6)"}, "properties": {"repobilityId": 108829, "scanner": "repobility-dependency-currency", "fingerprint": "0eed2e75fb00c7266947bee76cdd5f7bd8dc2d1ab7c65b1a5fed471135d7e9ab", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "6 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "glob", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "13.0.6", "correlation_key": "fp|0eed2e75fb00c7266947bee76cdd5f7bd8dc2d1ab7c65b1a5fed471135d7e9ab", "current_version": "7.2.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `chalk` is 3 major version(s) behind (2.4.2 -> 5.6.2)"}, "properties": {"repobilityId": 108828, "scanner": "repobility-dependency-currency", "fingerprint": "1276626034563d0fe2535e8a4980316f35c019028619011301a6cb65d1635122", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "chalk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.6.2", "correlation_key": "fp|1276626034563d0fe2535e8a4980316f35c019028619011301a6cb65d1635122", "current_version": "2.4.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 108800, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 108899, "scanner": "osv-scanner", "fingerprint": "d286c241f0a34891789d46596facd43283eaab5c20e3f66dd1f7cfdb45e625be", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-78xj-cgh5-2h22", "level": "note", "message": {"text": "ip: GHSA-78xj-cgh5-2h22"}, "properties": {"repobilityId": 108879, "scanner": "osv-scanner", "fingerprint": "05af67e62ecad3eb28ce784e44df9e9f9ab122c0619f8340c7c83ac7b0c66c5f", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-42282"], "package": "ip", "rule_id": "GHSA-78xj-cgh5-2h22", "scanner": "osv-scanner", "correlation_key": "vuln|ip|CVE-2023-42282|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 108873, "scanner": "osv-scanner", "fingerprint": "875bfe8cd4d653327627eb009eef6adf306ed4633cb95c0afd23ce7b9c4d4623", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 108870, "scanner": "osv-scanner", "fingerprint": "257e94b6b3dca4dd4fa78c5146b62fb40bdfd3c49ab0fc6a918933619dea63d0", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 108867, "scanner": "osv-scanner", "fingerprint": "cc605a9a3d3d879e4253310ebdfbfdfc6ea33592e02f3b93e2c725ec140614d3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 108854, "scanner": "osv-scanner", "fingerprint": "8d19f236940ef261085db34ecf972821f67b1745fdb8f9ee5af0c6d5900c8a58", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|token", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-v6h2-p8h4-qcjw"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["13e22216f1ff7a1d81b11df418b3a2b9e1cea3b865c17b748fb0e6477099abd4", "8d19f236940ef261085db34ecf972821f67b1745fdb8f9ee5af0c6d5900c8a58", "ad5bb8bd747aa155f81f4de8b1cd2abba26dda5be20f95f490f61f35fee7d34c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@openui5/types` is minor version(s) behind (1.142.0 -> 1.148.0)"}, "properties": {"repobilityId": 108851, "scanner": "repobility-dependency-currency", "fingerprint": "24526bfecb8a39445d820bbdbfbfc37fefca391906ba08607c56f6b2ae28e4da", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@openui5/types", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.148.0", "correlation_key": "fp|24526bfecb8a39445d820bbdbfbfc37fefca391906ba08607c56f6b2ae28e4da", "current_version": "1.142.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@ui5/ts-interface-generator` is minor version(s) behind (0.7.0 -> 0.11.1)"}, "properties": {"repobilityId": 108844, "scanner": "repobility-dependency-currency", "fingerprint": "fccf5d68ee541b8a9cc96d47bbf359b408884a6f1f84a6829728e73a910d2eac", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@ui5/ts-interface-generator", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.11.1", "correlation_key": "fp|fccf5d68ee541b8a9cc96d47bbf359b408884a6f1f84a6829728e73a910d2eac", "current_version": "0.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@openui5/types` is minor version(s) behind (1.142.0 -> 1.148.0)"}, "properties": {"repobilityId": 108842, "scanner": "repobility-dependency-currency", "fingerprint": "685958c931e0bc4370e6243b4787144f744952ddfb9300538969b81b35cbb525", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@openui5/types", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.148.0", "correlation_key": "fp|685958c931e0bc4370e6243b4787144f744952ddfb9300538969b81b35cbb525", "current_version": "1.142.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `prettier-plugin-properties` is minor version(s) behind (0.2.0 -> 0.3.1)"}, "properties": {"repobilityId": 108839, "scanner": "repobility-dependency-currency", "fingerprint": "ab990f8f377323863758e8e6636cf44f9b5eebb99827e825b43e2ea12de94ee0", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prettier-plugin-properties", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.3.1", "correlation_key": "fp|ab990f8f377323863758e8e6636cf44f9b5eebb99827e825b43e2ea12de94ee0", "current_version": "0.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108827, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6c1a3b7e78e74934fe66cdb45d7f736343fa43f7bcf62d1ca6607de636939ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex3/com.myorg.myapp/webapp/controller/Main.controller.ts", "duplicate_line": 10, "correlation_key": "fp|a6c1a3b7e78e74934fe66cdb45d7f736343fa43f7bcf62d1ca6607de636939ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/webapp/controller/Main.controller.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108826, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d67c985886c9d3bfb2e3b9f99967151b663a90397d1a6cfb2fa59d26165a0ad3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex4/com.myorg.myapp/webapp/controller/Main.controller.ts", "duplicate_line": 1, "correlation_key": "fp|d67c985886c9d3bfb2e3b9f99967151b663a90397d1a6cfb2fa59d26165a0ad3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/webapp/controller/Main.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108825, "scanner": "repobility-ai-code-hygiene", "fingerprint": "803794d9481f1d43e845850c8f7e196d549d5a90b38be012b82cb69e6c489a2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/controller/BaseController.ts", "duplicate_line": 4, "correlation_key": "fp|803794d9481f1d43e845850c8f7e196d549d5a90b38be012b82cb69e6c489a2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/webapp/controller/BaseController.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108824, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7956344b9c20d3a48ef614226a4d65239bf04fd9645e690cd5c83ba4fccc9ca9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex5/com.myorg.myapp/webapp/control/WindDirection.ts", "duplicate_line": 1, "correlation_key": "fp|7956344b9c20d3a48ef614226a4d65239bf04fd9645e690cd5c83ba4fccc9ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/webapp/control/WindDirection.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108823, "scanner": "repobility-ai-code-hygiene", "fingerprint": "40a484124a2f975af63567624f06d0dd9767b473242b7612e9a11a9a44536a5b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/Component.ts", "duplicate_line": 1, "correlation_key": "fp|40a484124a2f975af63567624f06d0dd9767b473242b7612e9a11a9a44536a5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/webapp/Component.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108822, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea496107480304c9f2a64818777146c7d6ece6a4dd360b9b76beb50d1ca47252", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/karma-ci-cov.conf.js", "duplicate_line": 1, "correlation_key": "fp|ea496107480304c9f2a64818777146c7d6ece6a4dd360b9b76beb50d1ca47252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/karma-ci-cov.conf.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108821, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dad3dea14923f4a6b8ab6e326128808fffd1e0c6baacec35c3be1e90388d8496", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/.eslintrc.js", "duplicate_line": 1, "correlation_key": "fp|dad3dea14923f4a6b8ab6e326128808fffd1e0c6baacec35c3be1e90388d8496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex6/com.myorg.myapp/.eslintrc.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93d3464de7ff6c11cb9ce359016501b4b41e91a56e62505d8912490cc22f3cb0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex3/com.myorg.myapp/webapp/controller/Main.controller.ts", "duplicate_line": 10, "correlation_key": "fp|93d3464de7ff6c11cb9ce359016501b4b41e91a56e62505d8912490cc22f3cb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/webapp/controller/Main.controller.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d4aa469fe3b145e0338a942dd05066fda70d96d7c551016ec0086551d34bd1d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex4/com.myorg.myapp/webapp/controller/Main.controller.ts", "duplicate_line": 1, "correlation_key": "fp|4d4aa469fe3b145e0338a942dd05066fda70d96d7c551016ec0086551d34bd1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/webapp/controller/Main.controller.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed39a446ec8a0c519ee33de404434d8d1f219e74c67d930113aef4e481b17dd2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/controller/BaseController.ts", "duplicate_line": 4, "correlation_key": "fp|ed39a446ec8a0c519ee33de404434d8d1f219e74c67d930113aef4e481b17dd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/webapp/controller/BaseController.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108817, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89bb103c5d6e3cbeb4c9fc80f144abf65839f8edbcca3c02fdad1e2698dedd10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/Component.ts", "duplicate_line": 1, "correlation_key": "fp|89bb103c5d6e3cbeb4c9fc80f144abf65839f8edbcca3c02fdad1e2698dedd10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/webapp/Component.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108816, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ec341baf9a1ffc5d2b743fffbb3b2a96ef1cc96daf51572056dbd2d9e5a9321", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/karma-ci-cov.conf.js", "duplicate_line": 1, "correlation_key": "fp|1ec341baf9a1ffc5d2b743fffbb3b2a96ef1cc96daf51572056dbd2d9e5a9321"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/karma-ci-cov.conf.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108815, "scanner": "repobility-ai-code-hygiene", "fingerprint": "074bf5646e1311a238ace0019810479cacd42c2d9b0f56e0117801913bcd4991", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/.eslintrc.js", "duplicate_line": 1, "correlation_key": "fp|074bf5646e1311a238ace0019810479cacd42c2d9b0f56e0117801913bcd4991"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/.eslintrc.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108814, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b17d4547a37a86f24f19ae8bc8c4d9e7322b1925392e5ae2050b9f6df36d62a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex3/com.myorg.myapp/webapp/controller/Main.controller.ts", "duplicate_line": 10, "correlation_key": "fp|8b17d4547a37a86f24f19ae8bc8c4d9e7322b1925392e5ae2050b9f6df36d62a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex4/com.myorg.myapp/webapp/controller/Main.controller.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108813, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2fa860b3648e9f83f1febf59b35badc34ed61d179dde3edaca95932177032ed5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/controller/BaseController.ts", "duplicate_line": 4, "correlation_key": "fp|2fa860b3648e9f83f1febf59b35badc34ed61d179dde3edaca95932177032ed5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex4/com.myorg.myapp/webapp/controller/BaseController.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108812, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46639067bddaeac4df4afa62135770c231ff2d3a1d5d3dd364e95dae6013f41b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/Component.ts", "duplicate_line": 1, "correlation_key": "fp|46639067bddaeac4df4afa62135770c231ff2d3a1d5d3dd364e95dae6013f41b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex4/com.myorg.myapp/webapp/Component.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108811, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1604b23c8b07e6549b64251b85c6f21c15faf28eec2e3cb1a34bad47d742a022", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/karma-ci-cov.conf.js", "duplicate_line": 1, "correlation_key": "fp|1604b23c8b07e6549b64251b85c6f21c15faf28eec2e3cb1a34bad47d742a022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex4/com.myorg.myapp/karma-ci-cov.conf.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108810, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2bdc9b021c3ec75607310d22fc86fc2d6ba8b571954ccb05688cba617f85072", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/.eslintrc.js", "duplicate_line": 1, "correlation_key": "fp|b2bdc9b021c3ec75607310d22fc86fc2d6ba8b571954ccb05688cba617f85072"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex4/com.myorg.myapp/.eslintrc.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108809, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68b94d8f104655e5928b5cef26bcf76c6538cb59a63829e4ed1dde53263cfa5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex2/com.myorg.myapp/webapp/controller/Main.controller.ts", "duplicate_line": 1, "correlation_key": "fp|68b94d8f104655e5928b5cef26bcf76c6538cb59a63829e4ed1dde53263cfa5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/webapp/controller/Main.controller.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108808, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68b2d4c88c14186ac320549d9744822116ce20376aee5bbaa866bcb6b6c80e1d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/controller/BaseController.ts", "duplicate_line": 4, "correlation_key": "fp|68b2d4c88c14186ac320549d9744822116ce20376aee5bbaa866bcb6b6c80e1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/webapp/controller/BaseController.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108807, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89cdbd990cd73e3237a7d2cea7583e3e1c7722a2219aac3a68a4b8fbf8125720", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/Component.ts", "duplicate_line": 1, "correlation_key": "fp|89cdbd990cd73e3237a7d2cea7583e3e1c7722a2219aac3a68a4b8fbf8125720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/webapp/Component.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108806, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f35f09defc4948b4b5bde6c3c6f4e9574795a9ba80b20a541d8a1016de23601a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/karma-ci-cov.conf.js", "duplicate_line": 1, "correlation_key": "fp|f35f09defc4948b4b5bde6c3c6f4e9574795a9ba80b20a541d8a1016de23601a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/karma-ci-cov.conf.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108805, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d52b4a86128ce0174a90dd49e50459fbe9e275d5eca5a9d8f07081f992eccfa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/.eslintrc.js", "duplicate_line": 1, "correlation_key": "fp|0d52b4a86128ce0174a90dd49e50459fbe9e275d5eca5a9d8f07081f992eccfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/.eslintrc.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108804, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa6014bc4b31e89a074804b9632c4f17d0b4e22f0ce45f3ccbeed0452ee51529", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/controller/BaseController.ts", "duplicate_line": 4, "correlation_key": "fp|fa6014bc4b31e89a074804b9632c4f17d0b4e22f0ce45f3ccbeed0452ee51529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex2/com.myorg.myapp/webapp/controller/BaseController.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108803, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc72d13dcbd90d784b94a154635441ad759cc29eb2847a547d962796a2bd218f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/webapp/Component.ts", "duplicate_line": 1, "correlation_key": "fp|dc72d13dcbd90d784b94a154635441ad759cc29eb2847a547d962796a2bd218f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex2/com.myorg.myapp/webapp/Component.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108802, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27fb510505c5a6913aeecf2a0ece6a154d5c134c79516ae8cf23bd7c2530a81c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/karma-ci-cov.conf.js", "duplicate_line": 1, "correlation_key": "fp|27fb510505c5a6913aeecf2a0ece6a154d5c134c79516ae8cf23bd7c2530a81c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex2/com.myorg.myapp/karma-ci-cov.conf.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108801, "scanner": "repobility-ai-code-hygiene", "fingerprint": "606d34c4b0f17a45697f25bc69e573ada8459bed61b45d68db3d574f54aa91e9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "exercises/ex1/com.myorg.myapp/.eslintrc.js", "duplicate_line": 1, "correlation_key": "fp|606d34c4b0f17a45697f25bc69e573ada8459bed61b45d68db3d574f54aa91e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex2/com.myorg.myapp/.eslintrc.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@ui5/cli` is patch version(s) behind (4.0.53 -> 4.0.55)"}, "properties": {"repobilityId": 108852, "scanner": "repobility-dependency-currency", "fingerprint": "748669ab9366977e228aaa35ea2f52adf00852d52aa24f03080c675faddc7778", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@ui5/cli", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.0.55", "correlation_key": "fp|748669ab9366977e228aaa35ea2f52adf00852d52aa24f03080c675faddc7778", "current_version": "4.0.53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex3/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@ui5/cli` is patch version(s) behind (4.0.53 -> 4.0.55)"}, "properties": {"repobilityId": 108843, "scanner": "repobility-dependency-currency", "fingerprint": "829cefaa862d314c427f311f3433f40f013630894eda52afb830ee77b25ad154", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@ui5/cli", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.0.55", "correlation_key": "fp|829cefaa862d314c427f311f3433f40f013630894eda52afb830ee77b25ad154", "current_version": "4.0.53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex5/com.myorg.myapp/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vv9j-gjw2-j8wp", "level": "error", "message": {"text": "yeoman-environment: GHSA-vv9j-gjw2-j8wp"}, "properties": {"repobilityId": 108903, "scanner": "osv-scanner", "fingerprint": "47bd9965265c2967dac0823a3314fe8df6ada2a8a2c84861f3268a090e32ce16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42089"], "package": "yeoman-environment", "rule_id": "GHSA-vv9j-gjw2-j8wp", "scanner": "osv-scanner", "correlation_key": "vuln|yeoman-environment|CVE-2026-42089|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 108900, "scanner": "osv-scanner", "fingerprint": "2109dce6ba6518a548440e168e8c7d2bcba560aca239c60f2507b0549c69b374", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 108898, "scanner": "osv-scanner", "fingerprint": "c92f424dfe8e13c9ecc8e95b408874282a88c3f4821ad17512d215bb821f65ed", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 108897, "scanner": "osv-scanner", "fingerprint": "7d7231015b4186c8b5119059fd709def500f0c2d0f9829dc10034180a48492bb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 108895, "scanner": "osv-scanner", "fingerprint": "bd4af3813df0949abcb29d9a02d409afbf3ea5aae264b9bd749225412e3f0c77", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 108894, "scanner": "osv-scanner", "fingerprint": "df604a4dd41c9d2b835ddec12c95824fab22254c47536fc3a00c7c2305ba9ab6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 108893, "scanner": "osv-scanner", "fingerprint": "b9933bf542fee1529b8cc7b71dfac47926d288dff6ba26957d0edf2d15346aea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 108892, "scanner": "osv-scanner", "fingerprint": "4342fdbe9c40877695030d35ca42daf0697d8761b2933634f8ab4812457c1d5b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 108891, "scanner": "osv-scanner", "fingerprint": "507faa1a911bf51770c564eefe4ce84830e249fba63d59a59a726d13b331a745", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 108890, "scanner": "osv-scanner", "fingerprint": "f895a9e2bce5d60c39d079eb90f0ddeac34a0b40ea3a795c42267a03b5c3c8c5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wv6-86v2-598j", "level": "error", "message": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "properties": {"repobilityId": 108888, "scanner": "osv-scanner", "fingerprint": "6b2799faa7e718c472f04ba71f477c586158b5b155eb95e390d900b5557e88c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45296"], "package": "path-to-regexp", "rule_id": "GHSA-9wv6-86v2-598j", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-45296|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 108887, "scanner": "osv-scanner", "fingerprint": "f430dd5d96636ae63606e63349b00b0331ed7da1ff34843b295b456162d08e98", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 108886, "scanner": "osv-scanner", "fingerprint": "2f4bcabee2a652338fc1c806be13bbfd737dca689cc06dd2e87d40c5a82b05bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 108885, "scanner": "osv-scanner", "fingerprint": "4643142e20c1cc98b7e339eceac642a2dda3ab650e46c7419b76a370ff56c19b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 108882, "scanner": "osv-scanner", "fingerprint": "590250f240bdd434dfc5b76cd413c6b351e34136f7b04b641cd73ba9dc501f4f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2p57-rm9w-gvfp", "level": "error", "message": {"text": "ip: GHSA-2p57-rm9w-gvfp"}, "properties": {"repobilityId": 108878, "scanner": "osv-scanner", "fingerprint": "b1789a6b65367a6ef9bf314c3c0f0169fb73084aee1e80ea905f962785896e39", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29415"], "package": "ip", "rule_id": "GHSA-2p57-rm9w-gvfp", "scanner": "osv-scanner", "correlation_key": "vuln|ip|CVE-2024-29415|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5j98-mcp5-4vw2", "level": "error", "message": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "properties": {"repobilityId": 108877, "scanner": "osv-scanner", "fingerprint": "1cb884463788f4c1de09a9c512cc91cf6b90ffe343a75003a7fbe58ea40dd6d4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64756"], "package": "glob", "rule_id": "GHSA-5j98-mcp5-4vw2", "scanner": "osv-scanner", "correlation_key": "vuln|glob|CVE-2025-64756|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 108876, "scanner": "osv-scanner", "fingerprint": "d350054428461c2e91650e1c83f6c3217891d49d0fd1833cf42b7999cb9415a7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 108875, "scanner": "osv-scanner", "fingerprint": "6adf1d943665ec4c6ea116e2c8c87606797c4217a1fcead3d9b08cd02da14482", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 108872, "scanner": "osv-scanner", "fingerprint": "8ce070a24777a9d4027d19c9bab688e6f6df2c2d386df44f65a3f844d5125b3f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 108871, "scanner": "osv-scanner", "fingerprint": "98b3c08bf21ee5f0023c693d350698bf1e5ec8d0224115af30c814658c067d4d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|generator/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generator/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 108862, "scanner": "osv-scanner", "fingerprint": "0d824ffcba7fc60cfa6b8e29d535ed29e0d87f662208dc72f905f49629d92c37", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-ph9p-34f9-6g65"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0d824ffcba7fc60cfa6b8e29d535ed29e0d87f662208dc72f905f49629d92c37", "0e6959cba9d53c9839c22ee4dea60a8ee8e01619910d7e2142c8432b4da1ce28", "5f44ac4b6300785d730751722a7706bbf762e25f90ffe944e752615a360a0d77", "7d1541f6f395b19820c059440083a7ce33101106d0f1b9cf285bbe406dc0cd05", "d45e6f98e4de9e04e6130ce6919f33b7c9404caf45e6e734f37c852f1e8694bf", "fdd8f535d6e12889fbd639b40eb7eeb6720775b0ecc06224f191fda5eea9c908"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 108861, "scanner": "osv-scanner", "fingerprint": "1ec61ee7aaf3be35135044e4b572808252371763545305cd49305e8e6a4da03c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-r6q2-hw4h-h46w"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["00ce48f7eea61f4e04ca793d148e0dfa1e0644b7e1bb497a84fd3901b659df79", "1ec61ee7aaf3be35135044e4b572808252371763545305cd49305e8e6a4da03c", "c45e8d1857ddf0cdb60c2ee87b78e5b0c7d6b0a5b4935ccb2162df74b638f752", "c5d7436c9f8d22158f2cca806125d4d916cbc6112d0f417d42dacb112f99c176", "de121ab8d02ad1084c9c30c26fe1745d40f83e387bcf74f45fec890449e498cb", "e1be62ef85a63fef2afcc1683d764227ed000d31b94a94a66b5e2fb35c6fe3af"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 108860, "scanner": "osv-scanner", "fingerprint": "0f4725faa1d5098a6a4eb67909d359fc97bef7c4ff44f26f571596e5ac504f2c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-qffp-2rhf-9h96"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0c2f3aac3ca85ada7bad495c3d1f6457aaba684e548cce18b7bbfc2c57bf78ed", "0f4725faa1d5098a6a4eb67909d359fc97bef7c4ff44f26f571596e5ac504f2c", "5925a20794ada63e69094c5ad97b4a156a2a4e7937e6add0e6aebc15ecf021d8", "d19fdfecc27748bc4a58a56547e5ae4ed516e6f248b26b996c136561b1666fd4", "e54fce922e49336d15320e71d045dc1e212f28f8dbabbd6c3abab1405df19651", "f9aed79f7a3915a98824969577763f0d13ad0edd4e57be0b62831cd340a51d03"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 108859, "scanner": "osv-scanner", "fingerprint": "08ecba4c23378372a898e6f14f28b113dcdb8d5f1cc9080c445416117cac8323", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-9ppj-qmqm-q256"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["08ecba4c23378372a898e6f14f28b113dcdb8d5f1cc9080c445416117cac8323", "15329164b228f08662ae37237f0e673255113e7e987670e4eab98e9bb5ee4caf", "3e35c3bc3e374c3b25ef4e218eb80cef2b3e26e57965807a442238ae5ee0aff6", "62b332a04c895d74d142ddc9445472747af1cf4b161242bdc628b7ddd97706e9", "cc7537ace3527cb25099508e6c75f08e4a721cc9c6ccac4f2329df0359a5cee8", "eda11cf6820f7375186837f00b87c82cff01bfa4fd34666524164b387638c557"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 108858, "scanner": "osv-scanner", "fingerprint": "abde6043df92ac2ca755016b16639dab732b1ba3834be2d29d759b06823139e6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-8qq5-rm4j-mr97"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4faa49f1dcc55c5cde2498e9136c462311224d251edcb282e15d58a5bbf453d5", "6a73c4b5c081e8ee6e3a8e282657fd90f45335c3e0fe9e7c20d4b396453861ac", "8dd7c0b5cbd333074a6076c5129a82adfeaf897e06ed22a104dc0da483543405", "abde6043df92ac2ca755016b16639dab732b1ba3834be2d29d759b06823139e6", "d9a06e0c075ac7e281585d55a24541e8cd372334e122325794fd621a7c302505", "eb38dc04f56c7cddd519c9ecfab9d3e93d254882087f92a73a8853d0880a0305"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 108857, "scanner": "osv-scanner", "fingerprint": "447f94e7d0df944b1cf97f31e503a0bd3b4ae7d4917dbb7dab264e1c40fda6bd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-83g3-92jg-28cx"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2fc3aa36275e6a5c972583b7e7e30555fb4ca59543d99e67e03e655f68a43d90", "42eae0de50fe079a3470d9eaea1dfdeaa15601dfbc924da23e0b8faa28b4ce2c", "447f94e7d0df944b1cf97f31e503a0bd3b4ae7d4917dbb7dab264e1c40fda6bd", "4832f418d6c4ce7e870baf3f70c175f63cfa222aeeda9c10b8e3ecce9c2a849b", "ae93e6bd03b87acc690fe7dfa3d3fdb1cf1eedba0e8ea9c6b1dd51ae1fac26c8", "c10b8b83a98b21611ea52d29d06753e4a089b470cf7559c7c2d70c9a19cb79b5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 108856, "scanner": "osv-scanner", "fingerprint": "9354567eef19b50045c7a653da8fc1fea841d2a6308dd42b2bc7c48cd04323bc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-34x7-hfp2-rc4v"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0b3a8b7ae75a14d3343daf0dc28d255c978f6256a28f6377c92bc951243f9679", "3d25e52a9fe9da400e1c7fd58d79881d750e305a66634a8a22d0b4ac2f63b2a4", "5e226775475cd7ffba9ebdb97fd1efb4aa9e6c146cbe7d3e8b4b3f2997b5d57b", "65e426fee6ca890bca131143431539e78479779264d6a1b6425b252e1555d202", "9354567eef19b50045c7a653da8fc1fea841d2a6308dd42b2bc7c48cd04323bc", "f9ca47cda74d890a3f15636bc4cf94be2a026c3307cc6222e1362735af195990"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "exercises/ex1/com.myorg.myapp/package-lock.json"}, "region": {"startLine": 1}}}]}]}]}