{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-pq67-6m6q-mj2v", "name": "urllib3: GHSA-pq67-6m6q-mj2v", "shortDescription": {"text": "urllib3: GHSA-pq67-6m6q-mj2v"}, "fullDescription": {"text": "urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-34jh-p97f-mpxf", "name": "urllib3: GHSA-34jh-p97f-mpxf", "shortDescription": {"text": "urllib3: GHSA-34jh-p97f-mpxf"}, "fullDescription": {"text": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gc5v-m9x4-r6x2", "name": "requests: GHSA-gc5v-m9x4-r6x2", "shortDescription": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "fullDescription": {"text": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wx4-h78v-vm56", "name": "requests: GHSA-9wx4-h78v-vm56", "shortDescription": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "fullDescription": {"text": "Requests `Session` object does not verify requests after making first request with verify=False"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9hjg-9r4m-mvj7", "name": "requests: GHSA-9hjg-9r4m-mvj7", "shortDescription": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "fullDescription": {"text": "Requests vulnerable to .netrc credentials leak via malicious URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `urllib3` is 1 major version(s) behind (1.26.8 -> 2.7.0)", "shortDescription": {"text": "Python package `urllib3` is 1 major version(s) behind (1.26.8 -> 2.7.0)"}, "fullDescription": {"text": "`urllib3==1.26.8` is 1 major version(s) behind the latest stable release on PyPI (2.7.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get_categories_content` has cognitive complexity 9 (SonarSource scale). C", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get_categories_content` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and r"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "GHSA-gm62-xv2j-4w53", "name": "urllib3: GHSA-gm62-xv2j-4w53", "shortDescription": {"text": "urllib3: GHSA-gm62-xv2j-4w53"}, "fullDescription": {"text": "urllib3 allows an unbounded number of links in the decompression chain"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38jv-5279-wg99", "name": "urllib3: GHSA-38jv-5279-wg99", "shortDescription": {"text": "urllib3: GHSA-38jv-5279-wg99"}, "fullDescription": {"text": "Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2xpw-w6gg-jr37", "name": "urllib3: GHSA-2xpw-w6gg-jr37", "shortDescription": {"text": "urllib3: GHSA-2xpw-w6gg-jr37"}, "fullDescription": {"text": "urllib3 streaming API improperly handles highly compressed data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-141", "name": "urllib3: PYSEC-2026-141", "shortDescription": {"text": "urllib3: PYSEC-2026-141"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-212", "name": "urllib3: PYSEC-2023-212", "shortDescription": {"text": "urllib3: PYSEC-2023-212"}, "fullDescription": {"text": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-192", "name": "urllib3: PYSEC-2023-192", "shortDescription": {"text": "urllib3: PYSEC-2023-192"}, "fullDescription": {"text": "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-74", "name": "requests: PYSEC-2023-74", "shortDescription": {"text": "requests: PYSEC-2023-74"}, "fullDescription": {"text": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-60", "name": "idna: PYSEC-2024-60", "shortDescription": {"text": "idna: PYSEC-2024-60"}, "fullDescription": {"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-230", "name": "certifi: PYSEC-2024-230", "shortDescription": {"text": "certifi: PYSEC-2024-230"}, "fullDescription": {"text": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\""}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-135", "name": "certifi: PYSEC-2023-135", "shortDescription": {"text": "certifi: PYSEC-2023-135"}, "fullDescription": {"text": "Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2022-42986", "name": "certifi: PYSEC-2022-42986", "shortDescription": {"text": "certifi: PYSEC-2022-42986"}, "fullDescription": {"text": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-python` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: actions/setup-python@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_if_fake_user_agent_has_a_str_as_return", "shortDescription": {"text": "Phantom test coverage: test_if_fake_user_agent_has_a_str_as_return"}, "fullDescription": {"text": "Test function `test_if_fake_user_agent_has_a_str_as_return` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.assertEqual` used but never assigned in __init__", "shortDescription": {"text": "`self.assertEqual` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_check_title_with_markdown_syntax_incorrect` of class `TestValidadeFormat` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/125"}, "properties": {"repository": "public-apis/public-apis", "repoUrl": "https://github.com/public-apis/public-apis.git", "branch": "master"}, "results": [{"ruleId": "GHSA-pq67-6m6q-mj2v", "level": "warning", "message": {"text": "urllib3: GHSA-pq67-6m6q-mj2v"}, "properties": {"repobilityId": 52189, "scanner": "osv-scanner", "fingerprint": "46c3701c86579047c6ffba105415d9fe6aa011d209c687e7a068d4b292085cbe", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-50181"], "package": "urllib3", "rule_id": "GHSA-pq67-6m6q-mj2v", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2025-50181|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34jh-p97f-mpxf", "level": "warning", "message": {"text": "urllib3: GHSA-34jh-p97f-mpxf"}, "properties": {"repobilityId": 52186, "scanner": "osv-scanner", "fingerprint": "16b4204e6b9f6fb3170c571bae4c17090201cf914c7a5f62d00923dc0b9ed13e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37891"], "package": "urllib3", "rule_id": "GHSA-34jh-p97f-mpxf", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2024-37891|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gc5v-m9x4-r6x2", "level": "warning", "message": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "properties": {"repobilityId": 52181, "scanner": "osv-scanner", "fingerprint": "218e3c72b78f2a0f7c6a4e2581421e45b236ac2e5cd6bfdbdd3bce881ec29505", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25645"], "package": "requests", "rule_id": "GHSA-gc5v-m9x4-r6x2", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2026-25645|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wx4-h78v-vm56", "level": "warning", "message": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "properties": {"repobilityId": 52180, "scanner": "osv-scanner", "fingerprint": "619253d6103f91bf3c9dff5dc85b25dcf1748f4eac3c60179ec6841fd1d027db", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-35195"], "package": "requests", "rule_id": "GHSA-9wx4-h78v-vm56", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-35195|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9hjg-9r4m-mvj7", "level": "warning", "message": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "properties": {"repobilityId": 52179, "scanner": "osv-scanner", "fingerprint": "9a8395b50e33714d9f60db6e50d2c2a1139c80623aa64e48f0563a871f754813", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47081"], "package": "requests", "rule_id": "GHSA-9hjg-9r4m-mvj7", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-47081|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `urllib3` is 1 major version(s) behind (1.26.8 -> 2.7.0)"}, "properties": {"repobilityId": 52173, "scanner": "repobility-dependency-currency", "fingerprint": "756ae23a423411d436fa2d95014d718e6b3eba77a6d3ab9e608e083e71ce3cbd", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "urllib3", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.7.0", "correlation_key": "fp|756ae23a423411d436fa2d95014d718e6b3eba77a6d3ab9e608e083e71ce3cbd", "current_version": "1.26.8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `charset-normalizer` is 1 major version(s) behind (2.0.10 -> 3.4.7)"}, "properties": {"repobilityId": 52170, "scanner": "repobility-dependency-currency", "fingerprint": "88f1bfdb11f8aac29e47834434151b4ed77f4414e712ad2adf232ed1c1a8d18e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "charset-normalizer", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.4.7", "correlation_key": "fp|88f1bfdb11f8aac29e47834434151b4ed77f4414e712ad2adf232ed1c1a8d18e", "current_version": "2.0.10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `certifi` is 5 major version(s) behind (2021.10.8 -> 2026.5.20)"}, "properties": {"repobilityId": 52169, "scanner": "repobility-dependency-currency", "fingerprint": "aa06ab4fa66b93a698575a036b779ecfee861179a7a9ee330769ab1b10d1d685", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "5 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "certifi", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2026.5.20", "correlation_key": "fp|aa06ab4fa66b93a698575a036b779ecfee861179a7a9ee330769ab1b10d1d685", "current_version": "2021.10.8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `idna` is minor version(s) behind (3.3 -> 3.18)"}, "properties": {"repobilityId": 54271, "scanner": "repobility-dependency-currency", "fingerprint": "39cb50082349a923b9bb230c5838aeacc7f717f66ea76057821908e984245a3e", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "idna", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.18", "correlation_key": "fp|39cb50082349a923b9bb230c5838aeacc7f717f66ea76057821908e984245a3e", "current_version": "3.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `requests` is minor version(s) behind (2.27.1 -> 2.34.2)"}, "properties": {"repobilityId": 52172, "scanner": "repobility-dependency-currency", "fingerprint": "4d179e63fabc67d6534954dc3d093617a1342e87b28b2c0dd1b5484518458b46", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "requests", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.34.2", "correlation_key": "fp|4d179e63fabc67d6534954dc3d093617a1342e87b28b2c0dd1b5484518458b46", "current_version": "2.27.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `idna` is minor version(s) behind (3.3 -> 3.17)"}, "properties": {"repobilityId": 52171, "scanner": "repobility-dependency-currency", "fingerprint": "01645becd0c75f50fac891789786239a1d5cd605e8db69f188cd8ee3786450ef", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "idna", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.17", "correlation_key": "fp|01645becd0c75f50fac891789786239a1d5cd605e8db69f188cd8ee3786450ef", "current_version": "3.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_categories_content` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, for=1, if=3, nested_bonus=3."}, "properties": {"repobilityId": 43868, "scanner": "repobility-threat-engine", "fingerprint": "ded68ea9190b3c9be12808d6fe3dc2d1e387c9f490f6bba0909934b48d55d144", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_categories_content", "breakdown": {"if": 3, "for": 1, "continue": 2, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|ded68ea9190b3c9be12808d6fe3dc2d1e387c9f490f6bba0909934b48d55d144"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/validate/format.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 43870, "scanner": "repobility-threat-engine", "fingerprint": "6bfaae2d4ed02479ffac13083a591819390fd6aaecd85af1d381b68acd9305d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6bfaae2d4ed02479ffac13083a591819390fd6aaecd85af1d381b68acd9305d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/validate/links.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 43869, "scanner": "repobility-threat-engine", "fingerprint": "0b8eb7372ec67a6c9b27f556e5a7de974fe619aec9d9a1d0f71d6f627394b885", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|0b8eb7372ec67a6c9b27f556e5a7de974fe619aec9d9a1d0f71d6f627394b885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/validate/links.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "GHSA-gm62-xv2j-4w53", "level": "error", "message": {"text": "urllib3: GHSA-gm62-xv2j-4w53"}, "properties": {"repobilityId": 52188, "scanner": "osv-scanner", "fingerprint": "5efaca2d2aa14fcf746115549d0dee31c167dd6e64925f60fe31f2cfd3c96fc4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66418"], "package": "urllib3", "rule_id": "GHSA-gm62-xv2j-4w53", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2025-66418|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38jv-5279-wg99", "level": "error", "message": {"text": "urllib3: GHSA-38jv-5279-wg99"}, "properties": {"repobilityId": 52187, "scanner": "osv-scanner", "fingerprint": "c2a92ae5bb19c96e38c62728abfbac73f098697c876de71cf9682efcc161dcfe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-21441"], "package": "urllib3", "rule_id": "GHSA-38jv-5279-wg99", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-21441|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2xpw-w6gg-jr37", "level": "error", "message": {"text": "urllib3: GHSA-2xpw-w6gg-jr37"}, "properties": {"repobilityId": 52185, "scanner": "osv-scanner", "fingerprint": "be69f462a03ecddd9f415b5cff155f380d1e73d289210756e5d72d42f060d883", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66471"], "package": "urllib3", "rule_id": "GHSA-2xpw-w6gg-jr37", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2025-66471|scripts/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-141", "level": "error", "message": {"text": "urllib3: PYSEC-2026-141"}, "properties": {"repobilityId": 52184, "scanner": "osv-scanner", "fingerprint": "5fdd00d1f52f036ab5081380660e1bc5cf7ba014f1443479a0556a967a4b006b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44431", "GHSA-qccp-gfcp-xxvc"], "package": "urllib3", "rule_id": "PYSEC-2026-141", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44431|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qccp-gfcp-xxvc", "PYSEC-2026-141"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5fdd00d1f52f036ab5081380660e1bc5cf7ba014f1443479a0556a967a4b006b", "bd477922b1c5399c91c00759d37460602ab1eb527205b18c2c9eaec44b1b8ed4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-212", "level": "error", "message": {"text": "urllib3: PYSEC-2023-212"}, "properties": {"repobilityId": 52183, "scanner": "osv-scanner", "fingerprint": "22e6845d78505e5416c47e501a7d89b7dc886f8511e6626b3e5794076ede2fe6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-45803", "GHSA-g4mx-q9vg-27p4"], "package": "urllib3", "rule_id": "PYSEC-2023-212", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2023-45803|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-g4mx-q9vg-27p4", "PYSEC-2023-212"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["22e6845d78505e5416c47e501a7d89b7dc886f8511e6626b3e5794076ede2fe6", "9c9465660d1f8d60d502204f9e736859b9b31a709cdf646d1acd290a2bdf20c8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-192", "level": "error", "message": {"text": "urllib3: PYSEC-2023-192"}, "properties": {"repobilityId": 52182, "scanner": "osv-scanner", "fingerprint": "7a003fc914aa5de21d8e8ea249f1423bb09a03cf9c6a59026b0e920d722c8dce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-43804", "GHSA-v845-jxx5-vc9f"], "package": "urllib3", "rule_id": "PYSEC-2023-192", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2023-43804|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-v845-jxx5-vc9f", "PYSEC-2023-192"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7a003fc914aa5de21d8e8ea249f1423bb09a03cf9c6a59026b0e920d722c8dce", "c023ebb03c532050be8d1d14e5e5b09000d99f0697f8180f3afbeb450bdb6d78"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-74", "level": "error", "message": {"text": "requests: PYSEC-2023-74"}, "properties": {"repobilityId": 52178, "scanner": "osv-scanner", "fingerprint": "1ae6ff85d168348130ee87ebe91ef16a8caab8525532ba5686eeeb0b68a46dfa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-32681", "GHSA-j8r2-6x86-q33q"], "package": "requests", "rule_id": "PYSEC-2023-74", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2023-32681|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j8r2-6x86-q33q", "PYSEC-2023-74"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1ae6ff85d168348130ee87ebe91ef16a8caab8525532ba5686eeeb0b68a46dfa", "b1d48a5a301e129760a7aef16c4ac3cb01b82055b61c1d47452f8379f81d1aee"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-60", "level": "error", "message": {"text": "idna: PYSEC-2024-60"}, "properties": {"repobilityId": 52177, "scanner": "osv-scanner", "fingerprint": "472564202170ee5ba91df6b5126e61aa025249c705e5dcbcaf277165206dc9cc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-3651", "GHSA-jjg7-2v4v-x38h"], "package": "idna", "rule_id": "PYSEC-2024-60", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|scripts/requirements.txt", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-65pc-fj4g-8rjx", "GHSA-jjg7-2v4v-x38h", "PYSEC-2024-60"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["20a46fbfffb674f9ebeef576e8fc2afa5db07158bcb47fbe28e0cb6633aedf69", "3169ffcc012096a38b29d179dc388f844aabc3c3ef1bbda84ff0be45a854e4cd", "472564202170ee5ba91df6b5126e61aa025249c705e5dcbcaf277165206dc9cc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-230", "level": "error", "message": {"text": "certifi: PYSEC-2024-230"}, "properties": {"repobilityId": 52176, "scanner": "osv-scanner", "fingerprint": "d2fc927a225b7b847b87b2b3a45c8eb1c0534eb02afdc411cb3bf874b96aaf1b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-39689", "GHSA-248v-346w-9cwc"], "package": "certifi", "rule_id": "PYSEC-2024-230", "scanner": "osv-scanner", "correlation_key": "vuln|certifi|CVE-2024-39689|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-248v-346w-9cwc", "PYSEC-2024-230"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["363df657405becf5373dd0daacb8def7511bc962565e6ec9803546b9b7ee5be3", "d2fc927a225b7b847b87b2b3a45c8eb1c0534eb02afdc411cb3bf874b96aaf1b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-135", "level": "error", "message": {"text": "certifi: PYSEC-2023-135"}, "properties": {"repobilityId": 52175, "scanner": "osv-scanner", "fingerprint": "c824e0aca0befd639491486be8b0a9e6f9928ba3e9a06179d802e4eb259db0e6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-37920", "GHSA-xqr8-7jwr-rhp7"], "package": "certifi", "rule_id": "PYSEC-2023-135", "scanner": "osv-scanner", "correlation_key": "vuln|certifi|CVE-2023-37920|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xqr8-7jwr-rhp7", "PYSEC-2023-135"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9d1ccab6e5f9a9e2d1d427a865bd5fc46c5b5fe85176626adab72753b222abb1", "c824e0aca0befd639491486be8b0a9e6f9928ba3e9a06179d802e4eb259db0e6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2022-42986", "level": "error", "message": {"text": "certifi: PYSEC-2022-42986"}, "properties": {"repobilityId": 52174, "scanner": "osv-scanner", "fingerprint": "cfceef7a94aaeb14f667363e0d7dbe704f25360bd4f5730beabd54936f294697", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2022-23491", "GHSA-43fp-rhv2-5gv8"], "package": "certifi", "rule_id": "PYSEC-2022-42986", "scanner": "osv-scanner", "correlation_key": "vuln|certifi|CVE-2022-23491|scripts/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-43fp-rhv2-5gv8", "PYSEC-2022-42986"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1a1511ac9eb577da729484c5ad2ee1ae1dd4ba4d90ed8935b8090516bdd2536e", "cfceef7a94aaeb14f667363e0d7dbe704f25360bd4f5730beabd54936f294697"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `check_file_format` has cognitive complexity 28 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, else=1, for=2, if=8, nested_bonus=14."}, "properties": {"repobilityId": 43867, "scanner": "repobility-threat-engine", "fingerprint": "c95527a2efab25acf88dcbecf067471b4be4b00b777e025490908006444b79f4", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 28 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check_file_format", "breakdown": {"if": 8, "for": 2, "else": 1, "continue": 3, "nested_bonus": 14}, "complexity": 28, "correlation_key": "fp|c95527a2efab25acf88dcbecf067471b4be4b00b777e025490908006444b79f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/validate/format.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 43866, "scanner": "repobility-supply-chain", "fingerprint": "fbdbea9d5d8490092905a09042c90084f9d191f0bab430601404fd1e7cdc17ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fbdbea9d5d8490092905a09042c90084f9d191f0bab430601404fd1e7cdc17ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_of_push_and_pull.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 43865, "scanner": "repobility-supply-chain", "fingerprint": "1807cb72de2446bac8e388124cb409434c8668450f13b77e8a594566062cc90b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1807cb72de2446bac8e388124cb409434c8668450f13b77e8a594566062cc90b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_of_push_and_pull.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 43864, "scanner": "repobility-supply-chain", "fingerprint": "962801179997211ba7aa3bf1a1bbc54d1ac650e45cb8d1253caab9451ab1da07", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|962801179997211ba7aa3bf1a1bbc54d1ac650e45cb8d1253caab9451ab1da07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_of_validate_package.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 43863, "scanner": "repobility-supply-chain", "fingerprint": "3f03e8bcfaf3966caf64995318d16bc7032404494dc8251366d976632c62ebc9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f03e8bcfaf3966caf64995318d16bc7032404494dc8251366d976632c62ebc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_of_validate_package.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 43862, "scanner": "repobility-supply-chain", "fingerprint": "5ba14b428dc2f239fdd700dd24344b9d3dee0ea1441209d62c62fbfe8d712277", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ba14b428dc2f239fdd700dd24344b9d3dee0ea1441209d62c62fbfe8d712277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_links.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 43861, "scanner": "repobility-supply-chain", "fingerprint": "fc79d421bb23790d53a9358e2c1c7fce288c1d1e4296b9597c4d361841d3e53b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fc79d421bb23790d53a9358e2c1c7fce288c1d1e4296b9597c4d361841d3e53b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_links.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_if_fake_user_agent_has_a_str_as_return"}, "properties": {"repobilityId": 43860, "scanner": "repobility-ast-engine", "fingerprint": "c3036eb3f36a09cb4562e6fe935665114a466be024cd3a16595246181032b076", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3036eb3f36a09cb4562e6fe935665114a466be024cd3a16595246181032b076"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_links.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43859, "scanner": "repobility-ast-engine", "fingerprint": "47bd1cbb1e984baf52b44eec372aec7ea7beaf25848d20ee40728140590ef73d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47bd1cbb1e984baf52b44eec372aec7ea7beaf25848d20ee40728140590ef73d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43858, "scanner": "repobility-ast-engine", "fingerprint": "cdc1488f7ab768b73d05070cc6bff9406891bf41cd73b22fa0d41834e38c7cf5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdc1488f7ab768b73d05070cc6bff9406891bf41cd73b22fa0d41834e38c7cf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43857, "scanner": "repobility-ast-engine", "fingerprint": "42e7044c17c21b3a15f083dddbac1ce161d7279846485493e57b841e0c45b064", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42e7044c17c21b3a15f083dddbac1ce161d7279846485493e57b841e0c45b064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43856, "scanner": "repobility-ast-engine", "fingerprint": "caeda8376bf7ae07f0aa4678b3cfb847acbc06ae05db36b3c2ca859ac36df5ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|caeda8376bf7ae07f0aa4678b3cfb847acbc06ae05db36b3c2ca859ac36df5ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43855, "scanner": "repobility-ast-engine", "fingerprint": "60840bc38b992079b41cd9ff06445c6ef2f29092d8a859fcb27c987b56207699", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60840bc38b992079b41cd9ff06445c6ef2f29092d8a859fcb27c987b56207699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43854, "scanner": "repobility-ast-engine", "fingerprint": "324efd8b5622b12d1e08a0d33d340338e270ffa72b11ef0c8a867ac8d8fdfcc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|324efd8b5622b12d1e08a0d33d340338e270ffa72b11ef0c8a867ac8d8fdfcc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43853, "scanner": "repobility-ast-engine", "fingerprint": "42eb244a0427a1148c643a7905b36dc393317f8159e099fdfc625f0591af64a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42eb244a0427a1148c643a7905b36dc393317f8159e099fdfc625f0591af64a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.subTest` used but never assigned in __init__"}, "properties": {"repobilityId": 43852, "scanner": "repobility-ast-engine", "fingerprint": "4f47ab84765bd1450c5a96f9bc9bf1cdb612d3d81f3ea708e8a10ab131e9f97b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f47ab84765bd1450c5a96f9bc9bf1cdb612d3d81f3ea708e8a10ab131e9f97b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43851, "scanner": "repobility-ast-engine", "fingerprint": "ae9cfbc387e616dce6f836f591e553242d2901a091f34c75652cbefdebb6e161", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae9cfbc387e616dce6f836f591e553242d2901a091f34c75652cbefdebb6e161"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43850, "scanner": "repobility-ast-engine", "fingerprint": "fa5045566a83a362470c502cd0bcfda6e8218e60804fb7f67dcfaab126cf6276", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa5045566a83a362470c502cd0bcfda6e8218e60804fb7f67dcfaab126cf6276"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43849, "scanner": "repobility-ast-engine", "fingerprint": "dcb4e88992e070b29907a0593db64452b319d1ef8fa9967988b7925042b97ab1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcb4e88992e070b29907a0593db64452b319d1ef8fa9967988b7925042b97ab1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43848, "scanner": "repobility-ast-engine", "fingerprint": "98bf305a5a4cf74703523ad7dd6c7045682ecffa4ebe5ca473444ac4fea91bcd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98bf305a5a4cf74703523ad7dd6c7045682ecffa4ebe5ca473444ac4fea91bcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43847, "scanner": "repobility-ast-engine", "fingerprint": "2367ba7d18db7c34f2985219e91ecc3cca7e15a8d0ab73754fb491c30c6681c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2367ba7d18db7c34f2985219e91ecc3cca7e15a8d0ab73754fb491c30c6681c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.subTest` used but never assigned in __init__"}, "properties": {"repobilityId": 43846, "scanner": "repobility-ast-engine", "fingerprint": "6f898e1be91fef99987331c224ab4b4d25800b2204954bf22d3702bd811b13a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f898e1be91fef99987331c224ab4b4d25800b2204954bf22d3702bd811b13a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43845, "scanner": "repobility-ast-engine", "fingerprint": "aedb4d5fd6362fb013d87be85df6c847fc930a82d02216cbb749c202e0ecf7b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aedb4d5fd6362fb013d87be85df6c847fc930a82d02216cbb749c202e0ecf7b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43844, "scanner": "repobility-ast-engine", "fingerprint": "cfefb20cbc69981463c7f47ea3c80323495be8e5b502911c6ff95a3bb2cafa36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfefb20cbc69981463c7f47ea3c80323495be8e5b502911c6ff95a3bb2cafa36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43843, "scanner": "repobility-ast-engine", "fingerprint": "68a60d46e0ea880a4a3bd73568912485fd209587a073fcba1108bad78427c661", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68a60d46e0ea880a4a3bd73568912485fd209587a073fcba1108bad78427c661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43842, "scanner": "repobility-ast-engine", "fingerprint": "9d34328f0fa4c2af561db2fac051a655bcb8acc99d359698dd558011a95a9e6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d34328f0fa4c2af561db2fac051a655bcb8acc99d359698dd558011a95a9e6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43841, "scanner": "repobility-ast-engine", "fingerprint": "cc7dafd3d9de434197910102b9c48988c6177d70d55f2f9c97dc6adf875dd76a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc7dafd3d9de434197910102b9c48988c6177d70d55f2f9c97dc6adf875dd76a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43840, "scanner": "repobility-ast-engine", "fingerprint": "9d9dfe5d0bc6e8a5e63501e474be6cbf4976ada3607611f807e24901a1a26c2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d9dfe5d0bc6e8a5e63501e474be6cbf4976ada3607611f807e24901a1a26c2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 43839, "scanner": "repobility-ast-engine", "fingerprint": "6254d97b6995c24b4b11e913f306134790091e08d9ca59f3265fba26bcfc95b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6254d97b6995c24b4b11e913f306134790091e08d9ca59f3265fba26bcfc95b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43838, "scanner": "repobility-ast-engine", "fingerprint": "7061f13a50bd110d1bc40e48d3e9e1617ecb56ea79b4ac0ceb9f1ad09a51bbd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7061f13a50bd110d1bc40e48d3e9e1617ecb56ea79b4ac0ceb9f1ad09a51bbd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43837, "scanner": "repobility-ast-engine", "fingerprint": "ecb3648c1aab11978c3d443ab4674f91b40aa68b9af96f02ba65c153ea9f865c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecb3648c1aab11978c3d443ab4674f91b40aa68b9af96f02ba65c153ea9f865c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43836, "scanner": "repobility-ast-engine", "fingerprint": "9ef48535eb21f67e785cf98a53facb39ffb4d8c5e3e33fda6fb3cb5614258c9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ef48535eb21f67e785cf98a53facb39ffb4d8c5e3e33fda6fb3cb5614258c9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIsInstance` used but never assigned in __init__"}, "properties": {"repobilityId": 43835, "scanner": "repobility-ast-engine", "fingerprint": "9a3fa58751dd5d03c1d4ecf9b22ae61286bb0f7018a3e4eaf9b2cf87a720d347", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a3fa58751dd5d03c1d4ecf9b22ae61286bb0f7018a3e4eaf9b2cf87a720d347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tests/test_validate_format.py"}, "region": {"startLine": 32}}}]}]}]}