{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-65pc-fj4g-8rjx", "name": "idna: GHSA-65pc-fj4g-8rjx", "shortDescription": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "fullDescription": {"text": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC107", "name": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (R", "shortDescription": {"text": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (RFC 8996). Most browsers no longer support them. Code requesting these protocols is talking to an attacker-controllable d"}, "fullDescription": {"text": "Use TLSv1.2 minimum, TLSv1.3 preferred. Java: `SSLContext.getInstance(\"TLSv1.2\")`. Python: `ssl.PROTOCOL_TLS_CLIENT` + `MinimumVersion = TLSVersion.TLSv1_2`. Go: `MinVersion: tls.VersionTLS12`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 18 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 18."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `twisted` is 1 major version(s) behind (25.5.0 -> 26.4.0)", "shortDescription": {"text": "Python package `twisted` is 1 major version(s) behind (25.5.0 -> 26.4.0)"}, "fullDescription": {"text": "`twisted==25.5.0` is 1 major version(s) behind the latest stable release on PyPI (26.4.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-5239-wwwm-4pmq", "name": "pygments: GHSA-5239-wwwm-4pmq", "shortDescription": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "fullDescription": {"text": "Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-142", "name": "urllib3: PYSEC-2026-142", "shortDescription": {"text": "urllib3: PYSEC-2026-142"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-141", "name": "urllib3: PYSEC-2026-141", "shortDescription": {"text": "urllib3: PYSEC-2026-141"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-160", "name": "twisted: PYSEC-2026-160", "shortDescription": {"text": "twisted: PYSEC-2026-160"}, "fullDescription": {"text": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2017-83", "name": "scrapy: PYSEC-2017-83", "shortDescription": {"text": "scrapy: PYSEC-2017-83"}, "fullDescription": {"text": "Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-87", "name": "lxml: PYSEC-2026-87", "shortDescription": {"text": "lxml: PYSEC-2026-87"}, "fullDescription": {"text": "lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-36", "name": "cryptography: PYSEC-2026-36", "shortDescription": {"text": "cryptography: PYSEC-2026-36"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n Flask: app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n FastAPI: use middleware to enforce request size\n Django: DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`", "shortDescription": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "fullDescription": {"text": "`uses: pypa/gh-action-pypi-publish@release/v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED121", "name": "requirements.txt installs from `sphinx-scrapy @ git+https://github.com/scrapy/sphi...` (git/URL)", "shortDescription": {"text": "requirements.txt installs from `sphinx-scrapy @ git+https://github.com/scrapy/sphi...` (git/URL)"}, "fullDescription": {"text": "Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `pip install` pulls a different package \u2014 no diff visible to reviewers."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/scrapy/sphinx-scrapy` pinned to mutable rev `0.8.6`", "shortDescription": {"text": "pre-commit hook `https://github.com/scrapy/sphinx-scrapy` pinned to mutable rev `0.8.6`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/scrapy/sphinx-scrapy` at `rev: 0.8.6`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI PATCH scrapy.settings.default_settings has no auth", "shortDescription": {"text": "FastAPI PATCH scrapy.settings.default_settings has no auth"}, "fullDescription": {"text": "Handler `test_getdict_autodegrade_basesettings` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `requests.append` inside async function `test_logic`", "shortDescription": {"text": "Blocking call `requests.append` inside async function `test_logic`"}, "fullDescription": {"text": "`requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_utf16", "shortDescription": {"text": "Phantom test coverage: test_utf16"}, "fullDescription": {"text": "Test function `test_utf16` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._beautify_newline` used but never assigned in __init__", "shortDescription": {"text": "`self._beautify_newline` used but never assigned in __init__"}, "fullDescription": {"text": "Method `finish_exporting` of class `JsonItemExporter` reads `self._beautify_newline`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `queue` used but not imported", "shortDescription": {"text": "Missing import: `queue` used but not imported"}, "fullDescription": {"text": "The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/870"}, "properties": {"repository": "scrapy/scrapy", "repoUrl": "https://github.com/scrapy/scrapy", "branch": "master"}, "results": [{"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 79604, "scanner": "osv-scanner", "fingerprint": "26f79174eb2cbf908a50820024776cc1d60966cb7fe6b93ef1d5dc158e9a16d5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|docs/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC107", "level": "warning", "message": {"text": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (RFC 8996). Most browsers no longer support them. Code requesting these protocols is talking to an attacker-controllable downgrade target."}, "properties": {"repobilityId": 79598, "scanner": "repobility-threat-engine", "fingerprint": "eb100aa60bad5fc32be19a1a2f47f8f8c6107453755d82749277711915b597de", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ssl.PROTOCOL_TLSv1", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC107", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|scrapy/utils/ssl.py|26|sec107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/ssl.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 79597, "scanner": "repobility-threat-engine", "fingerprint": "f08e9115ff294d8f75d812937d853f5e99e145e85370abc90ecd5c2a57786dd9", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "CERT_NONE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|scrapy/utils/ssl.py|51|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/ssl.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 79594, "scanner": "repobility-threat-engine", "fingerprint": "a70f40a79b64c7abb40f0f895e5a1c19a95dc2dca277c78afcdc02e7f180a82d", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.debug(\n f\"Download stopped for {req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a70f40a79b64c7abb40f0f895e5a1c19a95dc2dca277c78afcdc02e7f180a82d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/_download_handlers.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 79582, "scanner": "repobility-threat-engine", "fingerprint": "d0258ad23905d216f2db2121a2609abd66a4518c06416d37e0188a11eab5cfe7", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|44|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/extensions/spiderstate.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 79577, "scanner": "repobility-threat-engine", "fingerprint": "9dea27776abfad6d9bb76e27ec2c772bcf445029595b1cce23639acf611a862f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def cancel(self) -> None:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9dea27776abfad6d9bb76e27ec2c772bcf445029595b1cce23639acf611a862f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/resolver.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 79576, "scanner": "repobility-threat-engine", "fingerprint": "301cfc200a73fc964a4d69fd2311e98b228d1ec166824bb7f1ea0447b17d5297", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _get_mwlist_from_settings(cls, settings: Settings) -> list[Any]:\n raise NotImplementedErr", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|301cfc200a73fc964a4d69fd2311e98b228d1ec166824bb7f1ea0447b17d5297"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/middleware.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 79575, "scanner": "repobility-threat-engine", "fingerprint": "3a92161df5a4ff55bd0c4ffe6581bf61ebf35ea80e92bd897b06249bc4947865", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def download_request(self, request: Request) -> Response:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3a92161df5a4ff55bd0c4ffe6581bf61ebf35ea80e92bd897b06249bc4947865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/downloader/handlers/base.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 79565, "scanner": "repobility-threat-engine", "fingerprint": "b8a21fb8ad9b2519effd225e3e677f60304136a7348b5bfceebe3f01e01ad9df", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f'", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|123|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/genspider.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, except=1, for=1, if=4, nested_bonus=10."}, "properties": {"repobilityId": 79556, "scanner": "repobility-threat-engine", "fingerprint": "4a643982874ac1cbe08f81362ce5acf4600c53548b1d85c3d608211ab93a7012", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "for": 1, "else": 2, "except": 1, "nested_bonus": 10}, "complexity": 18, "correlation_key": "fp|4a643982874ac1cbe08f81362ce5acf4600c53548b1d85c3d608211ab93a7012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/utils/linkfix.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `twisted` is 1 major version(s) behind (25.5.0 -> 26.4.0)"}, "properties": {"repobilityId": 79544, "scanner": "repobility-dependency-currency", "fingerprint": "c3c35e1eb615bf8a22ae707ade726bfce597a3e63cef68faee5c550737c50dbd", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "twisted", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "26.4.0", "correlation_key": "fp|c3c35e1eb615bf8a22ae707ade726bfce597a3e63cef68faee5c550737c50dbd", "current_version": "25.5.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 178}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `service-identity` is 2 major version(s) behind (24.2.0 -> 26.1.0)"}, "properties": {"repobilityId": 79542, "scanner": "repobility-dependency-currency", "fingerprint": "f58445ab29801eb299a5a2659d2740ba361d08ca55aecfc2837daf4732f098f2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "service-identity", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "26.1.0", "correlation_key": "fp|f58445ab29801eb299a5a2659d2740ba361d08ca55aecfc2837daf4732f098f2", "current_version": "24.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79488, "scanner": "repobility-ast-engine", "fingerprint": "c4d2de74407029aa1ef93d53e508bb96ba88c1102720b6dfb7efe21b5ce2aa13", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4d2de74407029aa1ef93d53e508bb96ba88c1102720b6dfb7efe21b5ce2aa13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/downloader/middleware.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79487, "scanner": "repobility-ast-engine", "fingerprint": "5972b9d798210b3a8ba4503fbb876609acff3d5108f29dd22087e6366f9a5d56", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5972b9d798210b3a8ba4503fbb876609acff3d5108f29dd22087e6366f9a5d56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/downloader/__init__.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79486, "scanner": "repobility-ast-engine", "fingerprint": "70d81a5a6d86ea1d2f47291cd0286d10584f4b130def7123fb1364aab7f5fbb6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70d81a5a6d86ea1d2f47291cd0286d10584f4b130def7123fb1364aab7f5fbb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/pipelines/media.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79485, "scanner": "repobility-ast-engine", "fingerprint": "c6d034534f0c549a33cc8b52f0b923b8f9155864bfd0ff06ece3b4c017460f2f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6d034534f0c549a33cc8b52f0b923b8f9155864bfd0ff06ece3b4c017460f2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/pipelines/files.py"}, "region": {"startLine": 416}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79483, "scanner": "repobility-ast-engine", "fingerprint": "cdbeb0c6d142211f05b6ad7b621c7c0b43d5e70cfac814d1fc52c70b61555816", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdbeb0c6d142211f05b6ad7b621c7c0b43d5e70cfac814d1fc52c70b61555816"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/defer.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79482, "scanner": "repobility-ast-engine", "fingerprint": "ff925eb9a13ae1d11f89056019c644238865d2b10f1924e074745a907a59a6cd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff925eb9a13ae1d11f89056019c644238865d2b10f1924e074745a907a59a6cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/defer.py"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79481, "scanner": "repobility-ast-engine", "fingerprint": "4bd60cd4d4b2d599d03ca786684a04cfa38701a7938dc345cd67fdbdeabe5cf6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4bd60cd4d4b2d599d03ca786684a04cfa38701a7938dc345cd67fdbdeabe5cf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/defer.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79480, "scanner": "repobility-ast-engine", "fingerprint": "57e736409d13019e0f83ed9418863a58839d7b3abff11cb090649e81e2769651", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57e736409d13019e0f83ed9418863a58839d7b3abff11cb090649e81e2769651"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/defer.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79479, "scanner": "repobility-ast-engine", "fingerprint": "afe0739c856895761c003fec46cef8ed9eb05b0313868c421cba1613122d0501", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afe0739c856895761c003fec46cef8ed9eb05b0313868c421cba1613122d0501"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/engine.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79478, "scanner": "repobility-ast-engine", "fingerprint": "2c7f74b402e25ee1fff2fd2827bc54f5a672307ce2dde9276bd21a49ab93d6b4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c7f74b402e25ee1fff2fd2827bc54f5a672307ce2dde9276bd21a49ab93d6b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/deprecate.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79477, "scanner": "repobility-ast-engine", "fingerprint": "019298fdc712cbcb18dc9d3b1a3e4adcbb9f7f9fc3dfee101ba94a6d238cff7e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|019298fdc712cbcb18dc9d3b1a3e4adcbb9f7f9fc3dfee101ba94a6d238cff7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/extensions/httpcache.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79476, "scanner": "repobility-ast-engine", "fingerprint": "cbe62493d2c23587f33d257eef802a115fcf1a8d50edeb8b8b6690e938af11a0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbe62493d2c23587f33d257eef802a115fcf1a8d50edeb8b8b6690e938af11a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/spidermw.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79475, "scanner": "repobility-ast-engine", "fingerprint": "c7239d431917b2835429b763bb3b4601c02180edcc13dfa22fa4337b70d145cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7239d431917b2835429b763bb3b4601c02180edcc13dfa22fa4337b70d145cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/spidermw.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79474, "scanner": "repobility-ast-engine", "fingerprint": "f5e558d9a4105519a4959a57e5e21b583f3aa6819e4edcbeb4ad04aa85e67544", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5e558d9a4105519a4959a57e5e21b583f3aa6819e4edcbeb4ad04aa85e67544"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/spidermw.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79473, "scanner": "repobility-ast-engine", "fingerprint": "dca26574e2e0bcc0e452b69dd49f20d0a45acb6b2b47abef8d8e5d79ea62a48d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dca26574e2e0bcc0e452b69dd49f20d0a45acb6b2b47abef8d8e5d79ea62a48d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/scraper.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79472, "scanner": "repobility-ast-engine", "fingerprint": "f63809a5e6e79fc999d5ca2a95cfbe802c35155aff54be2c1a3cab5a7c445b0e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f63809a5e6e79fc999d5ca2a95cfbe802c35155aff54be2c1a3cab5a7c445b0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/scraper.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79471, "scanner": "repobility-ast-engine", "fingerprint": "cec0c42b8a517e513a01a25b814cc50cd34d21af4833e15344d9cd2867beaa8a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cec0c42b8a517e513a01a25b814cc50cd34d21af4833e15344d9cd2867beaa8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/contracts/__init__.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79470, "scanner": "repobility-ast-engine", "fingerprint": "c9e7cf1cabb44306da2851d677cbe47d608a9b0550d073a50b123c686ef18fac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9e7cf1cabb44306da2851d677cbe47d608a9b0550d073a50b123c686ef18fac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/contracts/__init__.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79469, "scanner": "repobility-ast-engine", "fingerprint": "3caea79538479bfccbe7f9b501028ad7810c0637814d59834495a2e45067c9e0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3caea79538479bfccbe7f9b501028ad7810c0637814d59834495a2e45067c9e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/contracts/__init__.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79468, "scanner": "repobility-ast-engine", "fingerprint": "c3bf32ec841b243d93120ff93bb58589d77275fd9aa50ae18a186a9444f32409", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3bf32ec841b243d93120ff93bb58589d77275fd9aa50ae18a186a9444f32409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/contracts/__init__.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 79462, "scanner": "repobility-ast-engine", "fingerprint": "9a163decd50a3b81c31d16ff3d4ad48ce6c1a890cd2b89d5aa484d4f74d25ee8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a163decd50a3b81c31d16ff3d4ad48ce6c1a890cd2b89d5aa484d4f74d25ee8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pipeline_media.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "GHSA-5239-wwwm-4pmq", "level": "note", "message": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "properties": {"repobilityId": 79606, "scanner": "osv-scanner", "fingerprint": "900986836ea5b61380919b67cf6e7d522ada8428e4f08522d24eedec52b65ae1", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4539"], "package": "pygments", "rule_id": "GHSA-5239-wwwm-4pmq", "scanner": "osv-scanner", "correlation_key": "vuln|pygments|CVE-2026-4539|docs/requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `execute` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, except=1, if=5, nested_bonus=2."}, "properties": {"repobilityId": 79558, "scanner": "repobility-threat-engine", "fingerprint": "55178d022ceaa6a64fd939a39a9433fef2bf459f5ea813fef1a522db06f6a7fb", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "execute", "breakdown": {"if": 5, "elif": 1, "else": 1, "except": 1, "nested_bonus": 2}, "complexity": 10, "correlation_key": "fp|55178d022ceaa6a64fd939a39a9433fef2bf459f5ea813fef1a522db06f6a7fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/cmdline.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `load_settings` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=4."}, "properties": {"repobilityId": 79557, "scanner": "repobility-threat-engine", "fingerprint": "2ffbcc2a41a74e28501a14baaea8cf64b9e0931282a81486c77a0f4cfbd731d4", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "load_settings", "breakdown": {"if": 2, "for": 1, "except": 1, "nested_bonus": 4}, "complexity": 8, "correlation_key": "fp|2ffbcc2a41a74e28501a14baaea8cf64b9e0931282a81486c77a0f4cfbd731d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/addons.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `zope-interface` is minor version(s) behind (8.2 -> 8.5)"}, "properties": {"repobilityId": 79546, "scanner": "repobility-dependency-currency", "fingerprint": "608333b2cd2008400f6f83261d697f4f5d7b14a6be700b9996112633ab350cc6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "zope-interface", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "8.5", "correlation_key": "fp|608333b2cd2008400f6f83261d697f4f5d7b14a6be700b9996112633ab350cc6", "current_version": "8.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 194}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `urllib3` is minor version(s) behind (2.6.3 -> 2.7.0)"}, "properties": {"repobilityId": 79545, "scanner": "repobility-dependency-currency", "fingerprint": "438ad018b72459f4b127badf44dadb1bbf7dc3ef6420ca1b461b201c32a0ec61", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "urllib3", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.7.0", "correlation_key": "fp|438ad018b72459f4b127badf44dadb1bbf7dc3ef6420ca1b461b201c32a0ec61", "current_version": "2.6.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 188}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `snowballstemmer` is minor version(s) behind (3.0.1 -> 3.1.1)"}, "properties": {"repobilityId": 79543, "scanner": "repobility-dependency-currency", "fingerprint": "028bb820ae8571209f5a668c29784dbf211f08c18b8282baa9c72a9e19479e66", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "snowballstemmer", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.1", "correlation_key": "fp|028bb820ae8571209f5a668c29784dbf211f08c18b8282baa9c72a9e19479e66", "current_version": "3.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 127}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `scrapy` is minor version(s) behind (2.14.2 -> 2.16.0)"}, "properties": {"repobilityId": 79541, "scanner": "repobility-dependency-currency", "fingerprint": "317d7bc03b9dc2cebad88f748da214d13bc060903ca9841a0285a9c1eb38a8ac", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "scrapy", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.16.0", "correlation_key": "fp|317d7bc03b9dc2cebad88f748da214d13bc060903ca9841a0285a9c1eb38a8ac", "current_version": "2.14.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 121}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `requests` is minor version(s) behind (2.33.0 -> 2.34.2)"}, "properties": {"repobilityId": 79540, "scanner": "repobility-dependency-currency", "fingerprint": "b0236c0c234c7588d291f828162f1a3448725d9127f84faad102682f5ce63214", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "requests", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.34.2", "correlation_key": "fp|b0236c0c234c7588d291f828162f1a3448725d9127f84faad102682f5ce63214", "current_version": "2.33.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 112}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `pyopenssl` is minor version(s) behind (26.0.0 -> 26.2.0)"}, "properties": {"repobilityId": 79539, "scanner": "repobility-dependency-currency", "fingerprint": "7d61fcaace18fa4d4940546dd2888b19cde971714c6255076156956af5c43df0", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pyopenssl", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "26.2.0", "correlation_key": "fp|7d61fcaace18fa4d4940546dd2888b19cde971714c6255076156956af5c43df0", "current_version": "26.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 108}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `pygments` is minor version(s) behind (2.19.2 -> 2.20.0)"}, "properties": {"repobilityId": 79538, "scanner": "repobility-dependency-currency", "fingerprint": "6b52d7355aeb5f320d57a1b53d280394852f548c2ad6183fa95a2a25b48a16cc", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pygments", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.20.0", "correlation_key": "fp|6b52d7355aeb5f320d57a1b53d280394852f548c2ad6183fa95a2a25b48a16cc", "current_version": "2.19.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 106}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `pydantic` is minor version(s) behind (2.12.5 -> 2.13.4)"}, "properties": {"repobilityId": 79537, "scanner": "repobility-dependency-currency", "fingerprint": "65e408652894ac1b481cd419a99d1ac49226fd9b4f18e5156d7e0e91817d7009", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pydantic", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.13.4", "correlation_key": "fp|65e408652894ac1b481cd419a99d1ac49226fd9b4f18e5156d7e0e91817d7009", "current_version": "2.12.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 98}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `packaging` is minor version(s) behind (26.0 -> 26.2)"}, "properties": {"repobilityId": 79536, "scanner": "repobility-dependency-currency", "fingerprint": "0e15a441de5ad30c3ef489d607f8b2cd2ca0eda93e9a1b5d63b59824c1635fc1", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "packaging", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "26.2", "correlation_key": "fp|0e15a441de5ad30c3ef489d607f8b2cd2ca0eda93e9a1b5d63b59824c1635fc1", "current_version": "26.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 76}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `idna` is minor version(s) behind (3.11 -> 3.18)"}, "properties": {"repobilityId": 79535, "scanner": "repobility-dependency-currency", "fingerprint": "c6d205da601b965410d7e8130cf11fe04eaef42a1db4a1ea56fb473e7f321916", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "idna", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.18", "correlation_key": "fp|c6d205da601b965410d7e8130cf11fe04eaef42a1db4a1ea56fb473e7f321916", "current_version": "3.11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 49}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `filelock` is minor version(s) behind (3.25.2 -> 3.29.1)"}, "properties": {"repobilityId": 79534, "scanner": "repobility-dependency-currency", "fingerprint": "f493cc965cafbe859bb9f8528a0c5009f7dfa27969d1e178ef6027b98d9694c5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "filelock", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.29.1", "correlation_key": "fp|f493cc965cafbe859bb9f8528a0c5009f7dfa27969d1e178ef6027b98d9694c5", "current_version": "3.25.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 39}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `docutils` is minor version(s) behind (0.22.4 -> 0.23)"}, "properties": {"repobilityId": 79533, "scanner": "repobility-dependency-currency", "fingerprint": "2f6cd0c99c3797564a135bc71bebb16d1d132759dcbb5b8ac2670e193d3adcdc", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "docutils", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "0.23", "correlation_key": "fp|2f6cd0c99c3797564a135bc71bebb16d1d132759dcbb5b8ac2670e193d3adcdc", "current_version": "0.22.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 34}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `certifi` is minor version(s) behind (2026.2.25 -> 2026.5.20)"}, "properties": {"repobilityId": 79531, "scanner": "repobility-dependency-currency", "fingerprint": "e12b061bc74fa62ab499f3248993054e39f0aed5951babe318600cd62b685003", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "certifi", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2026.5.20", "correlation_key": "fp|e12b061bc74fa62ab499f3248993054e39f0aed5951babe318600cd62b685003", "current_version": "2026.2.25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b1083085acb92a4abca48de60b5418ecf6bc1be5806206537a9e898f844433d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/CrawlerRunner/custom_loop_different.py", "duplicate_line": 1, "correlation_key": "fp|1b1083085acb92a4abca48de60b5418ecf6bc1be5806206537a9e898f844433d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerRunner/custom_loop_same.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "319071c435c6218ff384a6ee3d84045a08532c768ec5c56f33b1ec598513c222", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/CrawlerProcess/reactor_default_twisted_reactor_select.py", "duplicate_line": 5, "correlation_key": "fp|319071c435c6218ff384a6ee3d84045a08532c768ec5c56f33b1ec598513c222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerProcess/reactor_select_subclass_twisted_reactor_select.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34e2652fd2fb503079b60fa83b036127c428271c396f7590c648200fe70bbf6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/caching_hostname_resolver.py", "duplicate_line": 4, "correlation_key": "fp|34e2652fd2fb503079b60fa83b036127c428271c396f7590c648200fe70bbf6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerProcess/caching_hostname_resolver.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a419bb50a23d08a1458548c96803b1bc0f40cb8fb8ad7d962d8f43b21c4512e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/CrawlerProcess/asyncio_custom_loop.py", "duplicate_line": 3, "correlation_key": "fp|a419bb50a23d08a1458548c96803b1bc0f40cb8fb8ad7d962d8f43b21c4512e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerProcess/asyncio_enabled_reactor_same_loop.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79404, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9eaf3cd0e6410fc939ae9fdf67f8266c9bb12cd1a70199e10d44ec0a946b28a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/CrawlerProcess/asyncio_enabled_no_reactor.py", "duplicate_line": 8, "correlation_key": "fp|9eaf3cd0e6410fc939ae9fdf67f8266c9bb12cd1a70199e10d44ec0a946b28a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerProcess/asyncio_enabled_reactor.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79403, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b98944885919eecc68eb292b64392e6dd10e039d70bcb08ad4127386e5bdde6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_enabled_reactor.py", "duplicate_line": 3, "correlation_key": "fp|b98944885919eecc68eb292b64392e6dd10e039d70bcb08ad4127386e5bdde6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerProcess/asyncio_enabled_reactor.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79402, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed75daf6710f39ae7a63f3ad20d93040fc5c0046efa552c7c29ecd342f439bdb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_deferred_signal.py", "duplicate_line": 6, "correlation_key": "fp|ed75daf6710f39ae7a63f3ad20d93040fc5c0046efa552c7c29ecd342f439bdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/CrawlerProcess/asyncio_deferred_signal.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79401, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85017682483bc7d4221ed19d8be8beb5d3ee6d1d87b22e773129aaf5497e58e9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerRunner/multi_parallel.py", "duplicate_line": 2, "correlation_key": "fp|85017682483bc7d4221ed19d8be8beb5d3ee6d1d87b22e773129aaf5497e58e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerRunner/multi_seq.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79400, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c13a803cb98ce7115ddf5e2cac89afe2ea3b3d16c73c158f143122e5f87c05b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerRunner/custom_loop_different.py", "duplicate_line": 2, "correlation_key": "fp|3c13a803cb98ce7115ddf5e2cac89afe2ea3b3d16c73c158f143122e5f87c05b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerRunner/custom_loop_same.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79399, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9da7bd5b166027bba024f4e8f1aca137f7ab4c99cfd6067c737fcf63fc72871f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_custom_loop.py", "duplicate_line": 3, "correlation_key": "fp|9da7bd5b166027bba024f4e8f1aca137f7ab4c99cfd6067c737fcf63fc72871f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerProcess/asyncio_enabled_reactor_same_loop.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79398, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9430b5f9a3860e733200f7732626bd511e37c547784b03ddba8c7c2ecd827cf5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_enabled_reactor_different_loop.py", "duplicate_line": 8, "correlation_key": "fp|9430b5f9a3860e733200f7732626bd511e37c547784b03ddba8c7c2ecd827cf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerProcess/asyncio_enabled_reactor_same_loop.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79397, "scanner": "repobility-ai-code-hygiene", "fingerprint": "857ccca894a11a001a2ab47e4018f787427400c60e070a235975ef83a053e201", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_custom_loop.py", "duplicate_line": 3, "correlation_key": "fp|857ccca894a11a001a2ab47e4018f787427400c60e070a235975ef83a053e201"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerProcess/asyncio_enabled_reactor_different_loop.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79396, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7765f27569105cd52c8142b7b73cd6ed44eaf23063c6aad2bc427ced36b11df0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_enabled_no_reactor.py", "duplicate_line": 4, "correlation_key": "fp|7765f27569105cd52c8142b7b73cd6ed44eaf23063c6aad2bc427ced36b11df0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerProcess/asyncio_enabled_reactor.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79395, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ae40f72aad1fc1c0ae073fbb686f6eb08873126bc99062254b3957ba426d011", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AsyncCrawlerProcess/asyncio_custom_loop_custom_settings_different.py", "duplicate_line": 1, "correlation_key": "fp|7ae40f72aad1fc1c0ae073fbb686f6eb08873126bc99062254b3957ba426d011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/AsyncCrawlerProcess/asyncio_custom_loop_custom_settings_same.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79394, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54ac6480bcb62fd78aa47f646214847d39f6a09e4171364069ae2717934452cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scrapy/http/response/__init__.py", "duplicate_line": 213, "correlation_key": "fp|54ac6480bcb62fd78aa47f646214847d39f6a09e4171364069ae2717934452cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/http/response/text.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 79596, "scanner": "repobility-threat-engine", "fingerprint": "9c2b6eaab8dafb3d26b2bf63d9d9da513f127e2f79d37a107993ceeaeb91ffbb", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"match": "eval(", "reason": "Safe pattern 'test\\b' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|scrapy/utils/engine.py|35|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/engine.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 79589, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 79578, "scanner": "repobility-threat-engine", "fingerprint": "53ebc417b7afe07ee4200bf88b1474b3b12222032b82952c482f7ed06a6acecf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|53ebc417b7afe07ee4200bf88b1474b3b12222032b82952c482f7ed06a6acecf"}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 79574, "scanner": "repobility-threat-engine", "fingerprint": "77a74badfe4d8d22300e9e18bdb4c8be4a0c891249a4ac34cf2b761ed5e38945", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|77a74badfe4d8d22300e9e18bdb4c8be4a0c891249a4ac34cf2b761ed5e38945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/downloader/__init__.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 79572, "scanner": "repobility-threat-engine", "fingerprint": "64ce5cab0556595ed51d3e54ec82786e2ff2b385acb9dab17cd8b01af3d285f2", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(settings.getbool(opts.getbool)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|scrapy/commands/settings.py|5|print settings.getbool opts.getbool"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/settings.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 79571, "scanner": "repobility-threat-engine", "fingerprint": "a0769f34321ccb4a2408866410ff258332c2e3d0c176eda236c0efe5490d0026", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a0769f34321ccb4a2408866410ff258332c2e3d0c176eda236c0efe5490d0026"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 79563, "scanner": "repobility-threat-engine", "fingerprint": "bb423e21d8bdc29e6dfc844c3717d0dc4cb6b828860c7155ecb21a5fcf036249", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bb423e21d8bdc29e6dfc844c3717d0dc4cb6b828860c7155ecb21a5fcf036249", "aggregated_count": 6}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 79559, "scanner": "repobility-threat-engine", "fingerprint": "dd6be4c30a8e2803b222a057f9abf016386dbbcc8100e89a59905239b6593929", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "for": 1, "else": 2, "except": 1, "nested_bonus": 10}, "aggregated": true, "complexity": 18, "correlation_key": "fp|dd6be4c30a8e2803b222a057f9abf016386dbbcc8100e89a59905239b6593929", "aggregated_count": 52}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 79555, "scanner": "repobility-threat-engine", "fingerprint": "26bd7279a1f803199a3fc29e39b94f54d89145f218fe99e9ff2484e61d1fd0c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|26bd7279a1f803199a3fc29e39b94f54d89145f218fe99e9ff2484e61d1fd0c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/_ext/scrapydocs.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 79554, "scanner": "repobility-threat-engine", "fingerprint": "c9cae91cd733d435a9447dd8129f08031b61cb65a6612f50fe8694f62b973f93", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c9cae91cd733d435a9447dd8129f08031b61cb65a6612f50fe8694f62b973f93", "aggregated_count": 22}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 79553, "scanner": "repobility-threat-engine", "fingerprint": "d5dea169bf51252a2f0ddf618974f91ad7d81556bb9ddc8a980ef5ffa72a7235", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d5dea169bf51252a2f0ddf618974f91ad7d81556bb9ddc8a980ef5ffa72a7235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/cmdline.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 79552, "scanner": "repobility-threat-engine", "fingerprint": "e51d1554b28ce0dc2e3310095482f1564eb0083f1e2432525418812ff9a1af1b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e51d1554b28ce0dc2e3310095482f1564eb0083f1e2432525418812ff9a1af1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extras/qpsclient.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 79551, "scanner": "repobility-threat-engine", "fingerprint": "9db18b4970e40504c3e2cd5377dd8a41d82abcbb289dd16765ca6bc2552c21ba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9db18b4970e40504c3e2cd5377dd8a41d82abcbb289dd16765ca6bc2552c21ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/_ext/scrapydocs.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 79550, "scanner": "repobility-threat-engine", "fingerprint": "e973c240dbc4f89f3ed23634248c27c341c4e2b97022c76d007ae21bef62c680", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e973c240dbc4f89f3ed23634248c27c341c4e2b97022c76d007ae21bef62c680", "aggregated_count": 7}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 79549, "scanner": "repobility-threat-engine", "fingerprint": "94eff06902f5ddedc4a6a76493b0474defc188c85fa976472eb6cf9d6f2acfc1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94eff06902f5ddedc4a6a76493b0474defc188c85fa976472eb6cf9d6f2acfc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/contracts/default.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 79548, "scanner": "repobility-threat-engine", "fingerprint": "6cd66fb09d9e21c77e70df1a665f65b84d730dcebac1fe93bf08073846e26676", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cd66fb09d9e21c77e70df1a665f65b84d730dcebac1fe93bf08073846e26676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/conf.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 79547, "scanner": "repobility-threat-engine", "fingerprint": "eada5f894f0a3b284038eb5dee2438ce8c66fa5794b1e56e08c81b4622910575", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eada5f894f0a3b284038eb5dee2438ce8c66fa5794b1e56e08c81b4622910575"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/_ext/scrapydocs.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "DEPCUR-PY", "level": "none", "message": {"text": "Python package `charset-normalizer` is patch version(s) behind (3.4.6 -> 3.4.7)"}, "properties": {"repobilityId": 79532, "scanner": "repobility-dependency-currency", "fingerprint": "62666c3d098327e5b49a828dbe72cdcbc7bc90da17de1175d8da510bdf88443a", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "charset-normalizer", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.4.7", "correlation_key": "fp|62666c3d098327e5b49a828dbe72cdcbc7bc90da17de1175d8da510bdf88443a", "current_version": "3.4.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 19}}}]}, {"ruleId": "PYSEC-2026-142", "level": "error", "message": {"text": "urllib3: PYSEC-2026-142"}, "properties": {"repobilityId": 79610, "scanner": "osv-scanner", "fingerprint": "9c4ea01796734b002a10ad29d3548ba8f0137efab578678e31012483efab56f2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44432", "GHSA-mf9v-mfxr-j63j"], "package": "urllib3", "rule_id": "PYSEC-2026-142", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44432|docs/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mf9v-mfxr-j63j", "PYSEC-2026-142"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5e382dd0877d39ca809f1b87c427e925e22a5e7de0a77aedf46bbdb12ee990a5", "9c4ea01796734b002a10ad29d3548ba8f0137efab578678e31012483efab56f2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-141", "level": "error", "message": {"text": "urllib3: PYSEC-2026-141"}, "properties": {"repobilityId": 79609, "scanner": "osv-scanner", "fingerprint": "6786b624a57b6fe70100a523062df85b5b72f4d9d953acc078670e3ed7e90b99", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44431", "GHSA-qccp-gfcp-xxvc"], "package": "urllib3", "rule_id": "PYSEC-2026-141", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44431|docs/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qccp-gfcp-xxvc", "PYSEC-2026-141"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["61a5d7fd84ebb16e1b192885d55b85fbfb561e7e4a4f774304db4b008fbfc86f", "6786b624a57b6fe70100a523062df85b5b72f4d9d953acc078670e3ed7e90b99"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-160", "level": "error", "message": {"text": "twisted: PYSEC-2026-160"}, "properties": {"repobilityId": 79608, "scanner": "osv-scanner", "fingerprint": "520eb172301497057dad63189a6bfb50670803e19a6d1bbaa6517f316a4fcb06", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-42304", "GHSA-grgv-6hw6-v9g4"], "package": "twisted", "rule_id": "PYSEC-2026-160", "scanner": "osv-scanner", "correlation_key": "vuln|twisted|CVE-2026-42304|docs/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-grgv-6hw6-v9g4", "PYSEC-2026-160"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["520eb172301497057dad63189a6bfb50670803e19a6d1bbaa6517f316a4fcb06", "80608556e9a95b647988236755f7a1d5739036725a5e32a113683055a894f631"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2017-83", "level": "error", "message": {"text": "scrapy: PYSEC-2017-83"}, "properties": {"repobilityId": 79607, "scanner": "osv-scanner", "fingerprint": "357458f6eb2e808bc242f8121b85fb5429447340786b0ec073a6d940418ae139", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2017-14158", "GHSA-h7wm-ph43-c39p"], "package": "scrapy", "rule_id": "PYSEC-2017-83", "scanner": "osv-scanner", "correlation_key": "vuln|scrapy|CVE-2017-14158|docs/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-h7wm-ph43-c39p", "PYSEC-2017-83"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["357458f6eb2e808bc242f8121b85fb5429447340786b0ec073a6d940418ae139", "c37f92bd374b8a67166c1aa8eefd716ab29f6b1f22f830f78a99420847d25884"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-87", "level": "error", "message": {"text": "lxml: PYSEC-2026-87"}, "properties": {"repobilityId": 79605, "scanner": "osv-scanner", "fingerprint": "b589974b2b36e890a3da3fb813ab0ee4f905c7839516c1f7087f33ef6afd1034", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-41066", "GHSA-vfmq-68hx-4jfw"], "package": "lxml", "rule_id": "PYSEC-2026-87", "scanner": "osv-scanner", "correlation_key": "vuln|lxml|CVE-2026-41066|docs/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-vfmq-68hx-4jfw", "PYSEC-2026-87"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["b589974b2b36e890a3da3fb813ab0ee4f905c7839516c1f7087f33ef6afd1034", "ea21188881f4615fb8a9c8f7fdf388544e6d23792c5ebd8693a2393652447b11"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-36", "level": "error", "message": {"text": "cryptography: PYSEC-2026-36"}, "properties": {"repobilityId": 79603, "scanner": "osv-scanner", "fingerprint": "66a08b533d74745e94349e2ee00c0174306b61a41b804ab56d83975caf17b55b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-39892", "GHSA-p423-j2cm-9vmq"], "package": "cryptography", "rule_id": "PYSEC-2026-36", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-39892|docs/requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-p423-j2cm-9vmq", "PYSEC-2026-36"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0791963a4841d5f767121a9dd949038b9144866f3fdeb0a07f68b3470107fb7c", "66a08b533d74745e94349e2ee00c0174306b61a41b804ab56d83975caf17b55b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 79595, "scanner": "repobility-threat-engine", "fingerprint": "7031bc6ba12cf1240e9bb4abda952079a1631e4a016fe3e66e892d65400a945a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7031bc6ba12cf1240e9bb4abda952079a1631e4a016fe3e66e892d65400a945a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/console.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 79592, "scanner": "repobility-threat-engine", "fingerprint": "829194cc3e38d691460bb1c97d04afc0fbe9685293a502bf811ab64abef995de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|829194cc3e38d691460bb1c97d04afc0fbe9685293a502bf811ab64abef995de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/request.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 79591, "scanner": "repobility-threat-engine", "fingerprint": "34fa56f3d353f79e7e8ab015391e0d6dc64a59e0bca2444b61ebb871d766a5a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34fa56f3d353f79e7e8ab015391e0d6dc64a59e0bca2444b61ebb871d766a5a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/misc.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 79590, "scanner": "repobility-threat-engine", "fingerprint": "a347029a4b5f0e0f854601a4c5e2d25c98e6f590cf6e9884af929c92e596ffae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a347029a4b5f0e0f854601a4c5e2d25c98e6f590cf6e9884af929c92e596ffae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/pipelines/images.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79588, "scanner": "repobility-threat-engine", "fingerprint": "0b569ec1006ddd31103fdf987acd417dbcfbfb6f73563cc7316b87082afc10ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.__dict__.update(kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b569ec1006ddd31103fdf987acd417dbcfbfb6f73563cc7316b87082afc10ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/spiders/__init__.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79587, "scanner": "repobility-threat-engine", "fingerprint": "36b817c5ba7d20da891f901e94e9b6e99e0cffd253644b67109de636b4bc9e26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "image.save(buf, \"JPEG\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|36b817c5ba7d20da891f901e94e9b6e99e0cffd253644b67109de636b4bc9e26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/pipelines/images.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79586, "scanner": "repobility-threat-engine", "fingerprint": "56553c218d50b4f7d5ea42869ccfaae6666f2b6d50c8724b2f284ef469f62f4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "context.update(response=response)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|56553c218d50b4f7d5ea42869ccfaae6666f2b6d50c8724b2f284ef469f62f4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/loader/__init__.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 79581, "scanner": "repobility-threat-engine", "fingerprint": "98b0d45a6dde6663444d5cd82e72a25931981c2963dd85f82cf350ea4ca8399c", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|98b0d45a6dde6663444d5cd82e72a25931981c2963dd85f82cf350ea4ca8399c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/request.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 79580, "scanner": "repobility-threat-engine", "fingerprint": "8731a3a6bb9fad30cacb7ee7de3e596b002f0c2a3ce08ee4b3d0781f7b594abd", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8731a3a6bb9fad30cacb7ee7de3e596b002f0c2a3ce08ee4b3d0781f7b594abd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/pipelines/images.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 79579, "scanner": "repobility-threat-engine", "fingerprint": "a3e2aaaa834ed2b1c8159fa4c34d0574cd169b4bc70bbc69ebef566f7c350f9d", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a3e2aaaa834ed2b1c8159fa4c34d0574cd169b4bc70bbc69ebef566f7c350f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/core/http2/agent.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 79573, "scanner": "repobility-threat-engine", "fingerprint": "dfee972e2f4a49f960b2168bccaad1433b17f6cbd9408a6c6e86d556903c7f5e", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "logger.info(\"Telnet Password: \", self.password)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|scrapy/extensions/telnet.py|6|logger.info telnet password: redacted self.password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/extensions/telnet.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 79570, "scanner": "repobility-threat-engine", "fingerprint": "460e5f2db99a3da818b5e95ff172ddec7e01176a5ce3090d3872ab5bf57b9260", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|460e5f2db99a3da818b5e95ff172ddec7e01176a5ce3090d3872ab5bf57b9260"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/http/request/form.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 79569, "scanner": "repobility-threat-engine", "fingerprint": "84953c61c9958b4f29a09ca69c2c334e584f0aefd17674ee1134aae1776820bc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|84953c61c9958b4f29a09ca69c2c334e584f0aefd17674ee1134aae1776820bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/http/cookies.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 79568, "scanner": "repobility-threat-engine", "fingerprint": "965e4cf322a634af9a71371afdad3c879b4d8ab350c70ba9ad17a056a2cbcae6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|965e4cf322a634af9a71371afdad3c879b4d8ab350c70ba9ad17a056a2cbcae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/fetch.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 79567, "scanner": "repobility-threat-engine", "fingerprint": "7161ae9c4f4132a581ec8c3fb1f393d44ae13b495c4314dc544adc0e65b47005", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7161ae9c4f4132a581ec8c3fb1f393d44ae13b495c4314dc544adc0e65b47005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/genspider.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 79566, "scanner": "repobility-threat-engine", "fingerprint": "765fba496ea47179bef3c26e3282a218645830b50fc31111a0f0cc78fd90abc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|765fba496ea47179bef3c26e3282a218645830b50fc31111a0f0cc78fd90abc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/edit.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 79564, "scanner": "repobility-threat-engine", "fingerprint": "54bce5ab75e6997cd1ee535e1673e0f397683d108f93cb3f25f6b242d92d32de", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "os.system(f'", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|scrapy/commands/edit.py|48|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/edit.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 79562, "scanner": "repobility-threat-engine", "fingerprint": "f3ab44c69744c57888d55d759bd08ab1d204914e725d43cff277b179b0bc9f0d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f3ab44c69744c57888d55d759bd08ab1d204914e725d43cff277b179b0bc9f0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/downloadermiddlewares/httpcompression.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 79561, "scanner": "repobility-threat-engine", "fingerprint": "dd587544cc85b39b07d7611a795dc7f21b5030af1380a5c91c17dd659f35c623", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd587544cc85b39b07d7611a795dc7f21b5030af1380a5c91c17dd659f35c623"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/commands/genspider.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 79560, "scanner": "repobility-threat-engine", "fingerprint": "38aecaeef325df0712ba39f327c7499e18e53010db6b79c31bb70b341e87cd9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38aecaeef325df0712ba39f327c7499e18e53010db6b79c31bb70b341e87cd9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/cmdline.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 79530, "scanner": "repobility-supply-chain", "fingerprint": "4b84fb0f0d738260dde3776b2924ddeb62e53684703d1c00b1bce74b49faae3b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b84fb0f0d738260dde3776b2924ddeb62e53684703d1c00b1bce74b49faae3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79529, "scanner": "repobility-supply-chain", "fingerprint": "19efd9bb869e49e95589f8a4bfebb14a8a4cd9edbde65ef79d5cceb69fd8e1da", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|19efd9bb869e49e95589f8a4bfebb14a8a4cd9edbde65ef79d5cceb69fd8e1da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79528, "scanner": "repobility-supply-chain", "fingerprint": "ecbeca796d430b29b25b39f8f8bddd7f5b34f6ee7ccbd03c14ccc632b5353f95", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ecbeca796d430b29b25b39f8f8bddd7f5b34f6ee7ccbd03c14ccc632b5353f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 79527, "scanner": "repobility-supply-chain", "fingerprint": "4388864ac423790a41ed6ccafed80cdbc5aca717f22972e28ff20c8cbc9452ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4388864ac423790a41ed6ccafed80cdbc5aca717f22972e28ff20c8cbc9452ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-ubuntu.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 79526, "scanner": "repobility-supply-chain", "fingerprint": "4adbc64a95f59bed764f2903f1752dd54ec8806472768a5f96365de1da9d8c87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4adbc64a95f59bed764f2903f1752dd54ec8806472768a5f96365de1da9d8c87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-ubuntu.yml"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79525, "scanner": "repobility-supply-chain", "fingerprint": "f63b45aebc1e03994e886923ff9ffc86e0301603d4932a40d68ba4e8509b505e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f63b45aebc1e03994e886923ff9ffc86e0301603d4932a40d68ba4e8509b505e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-ubuntu.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79524, "scanner": "repobility-supply-chain", "fingerprint": "303c578762e29159741e21a787ee4cf0ed6639977b59c9cad5c72d7ba69754b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|303c578762e29159741e21a787ee4cf0ed6639977b59c9cad5c72d7ba69754b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-ubuntu.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 79523, "scanner": "repobility-supply-chain", "fingerprint": "73731e9e425882e162c238980a740923a86284ff10195f08d606215dda10f91d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|73731e9e425882e162c238980a740923a86284ff10195f08d606215dda10f91d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-macos.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 79522, "scanner": "repobility-supply-chain", "fingerprint": "5af8ae770ec7a563e45e6e89b0a536d5ff8858873bc419c11ffd4cfaa8ff5a70", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5af8ae770ec7a563e45e6e89b0a536d5ff8858873bc419c11ffd4cfaa8ff5a70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-macos.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79521, "scanner": "repobility-supply-chain", "fingerprint": "a6f4329f683c0fe48b2bbcf4bc93491df5fd8b2fc21db6a6583a2c7a2d04cd4f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a6f4329f683c0fe48b2bbcf4bc93491df5fd8b2fc21db6a6583a2c7a2d04cd4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-macos.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79520, "scanner": "repobility-supply-chain", "fingerprint": "2b7671ac16fb5d6e564c3d975165a7583aafa16a408458f97be58737278e0a50", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b7671ac16fb5d6e564c3d975165a7583aafa16a408458f97be58737278e0a50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-macos.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 79519, "scanner": "repobility-supply-chain", "fingerprint": "35f2d769415959feaefa75232bb170379594d1854f1a8093d1cb6391a1154ef4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35f2d769415959feaefa75232bb170379594d1854f1a8093d1cb6391a1154ef4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-windows.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 79518, "scanner": "repobility-supply-chain", "fingerprint": "02fdab6d33e1c4c2fc736f1a17e329029ebfa29411ed845c926e3921623115d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|02fdab6d33e1c4c2fc736f1a17e329029ebfa29411ed845c926e3921623115d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-windows.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79517, "scanner": "repobility-supply-chain", "fingerprint": "d8eaad4fc7d5a2ae5a311fe9c12fde1a32086c5b1ab2e8a45ec1b94c8844c6a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8eaad4fc7d5a2ae5a311fe9c12fde1a32086c5b1ab2e8a45ec1b94c8844c6a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-windows.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79516, "scanner": "repobility-supply-chain", "fingerprint": "d6747bb9718b952aface64e8679f5c3d9014c9ed4daa05284e3e3d51d38f4f05", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6747bb9718b952aface64e8679f5c3d9014c9ed4daa05284e3e3d51d38f4f05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-windows.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pre-commit/action` pinned to mutable ref `@v3.0.1`"}, "properties": {"repobilityId": 79515, "scanner": "repobility-supply-chain", "fingerprint": "887677cb622b28c31cfb2ac30d3cfcaccbbf2adede3c99047d6c6153d2a5a68b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|887677cb622b28c31cfb2ac30d3cfcaccbbf2adede3c99047d6c6153d2a5a68b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79514, "scanner": "repobility-supply-chain", "fingerprint": "e1aa7d120b72bd82c200c31a021259f039c1346c9dcc03ce95514c3382857b5b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e1aa7d120b72bd82c200c31a021259f039c1346c9dcc03ce95514c3382857b5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79513, "scanner": "repobility-supply-chain", "fingerprint": "98456ea9d6740aa66bd8008279bfddf31d9ecd3a057fb598078070d1562026b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98456ea9d6740aa66bd8008279bfddf31d9ecd3a057fb598078070d1562026b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79512, "scanner": "repobility-supply-chain", "fingerprint": "7357961fd59b630a1b0001b6600353694faf42a04e28b26d7188997cfe645e88", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7357961fd59b630a1b0001b6600353694faf42a04e28b26d7188997cfe645e88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79511, "scanner": "repobility-supply-chain", "fingerprint": "4827dd02e880b916277de93e0ea6fd7baa5d30b2e953a00bb5dc39688b958263", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4827dd02e880b916277de93e0ea6fd7baa5d30b2e953a00bb5dc39688b958263"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-close-llm-pr.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `sphinx-scrapy @ git+https://github.com/scrapy/sphi...` (git/URL)"}, "properties": {"repobilityId": 79510, "scanner": "repobility-supply-chain", "fingerprint": "9f82459e6a9dde6479c0e496583f3511dbb354a9beeeaedba4a80c53fe33b5fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f82459e6a9dde6479c0e496583f3511dbb354a9beeeaedba4a80c53fe33b5fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `sphinx-markdown-builder @ git+https://github.com/z...` (git/URL)"}, "properties": {"repobilityId": 79509, "scanner": "repobility-supply-chain", "fingerprint": "31d2efafdec918e8a79c33e7e3a1673058e4ac80611c8962da09884004e745d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31d2efafdec918e8a79c33e7e3a1673058e4ac80611c8962da09884004e745d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `sphinx-llms-txt @ git+https://github.com/zytedata/...` (git/URL)"}, "properties": {"repobilityId": 79508, "scanner": "repobility-supply-chain", "fingerprint": "0ee90f7f6fdaa2451c3a63c072d852b3c19f291f7657997c26c764125f0a27ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ee90f7f6fdaa2451c3a63c072d852b3c19f291f7657997c26c764125f0a27ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/scrapy/sphinx-scrapy` pinned to mutable rev `0.8.6`"}, "properties": {"repobilityId": 79507, "scanner": "repobility-supply-chain", "fingerprint": "47ee14ef96d41cc02b4ddfe4067c7235edbc5a86a62e112849bb04f5ac37883b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47ee14ef96d41cc02b4ddfe4067c7235edbc5a86a62e112849bb04f5ac37883b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/sphinx-contrib/sphinx-lint` pinned to mutable rev `v1.0.2`"}, "properties": {"repobilityId": 79506, "scanner": "repobility-supply-chain", "fingerprint": "57f524fc58df2554b8ada2253c8ab3890376f3b4e0a96b9079deaa83b4fd0290", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|57f524fc58df2554b8ada2253c8ab3890376f3b4e0a96b9079deaa83b4fd0290"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`"}, "properties": {"repobilityId": 79505, "scanner": "repobility-supply-chain", "fingerprint": "a579ce1202c009f2b5d47394f8ac913ccba528759513226370cf7399ff6ad065", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a579ce1202c009f2b5d47394f8ac913ccba528759513226370cf7399ff6ad065"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/adamchainz/blacken-docs` pinned to mutable rev `1.20.0`"}, "properties": {"repobilityId": 79504, "scanner": "repobility-supply-chain", "fingerprint": "ec48b40793634a43e79f8c8f4b52efd7fffcecef83e5db3fffb8893ceb973131", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec48b40793634a43e79f8c8f4b52efd7fffcecef83e5db3fffb8893ceb973131"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.2`"}, "properties": {"repobilityId": 79503, "scanner": "repobility-supply-chain", "fingerprint": "42e88d09261922c4e37036c74d3f7ac94bd896bec981509a2d9fe2123213b446", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42e88d09261922c4e37036c74d3f7ac94bd896bec981509a2d9fe2123213b446"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH scrapy.settings.default_settings has no auth"}, "properties": {"repobilityId": 79502, "scanner": "repobility-route-auth", "fingerprint": "2af9d46b23a0a40d64461a6a98e1a34d98c9848eeb6b73190a60176c24dedb08", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2af9d46b23a0a40d64461a6a98e1a34d98c9848eeb6b73190a60176c24dedb08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_settings/__init__.py"}, "region": {"startLine": 595}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH scrapy.settings.default_settings has no auth"}, "properties": {"repobilityId": 79501, "scanner": "repobility-route-auth", "fingerprint": "04f33f491d213d36d1a2d3459bd2d654d2a2041c193a20d644147b91b8fee517", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|04f33f491d213d36d1a2d3459bd2d654d2a2041c193a20d644147b91b8fee517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_settings/__init__.py"}, "region": {"startLine": 586}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH scrapy.settings.default_settings has no auth"}, "properties": {"repobilityId": 79500, "scanner": "repobility-route-auth", "fingerprint": "62186c4081192ad7f54384d2e7f610eab3fd009b2b7ab464010c94ff45df00a8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|62186c4081192ad7f54384d2e7f610eab3fd009b2b7ab464010c94ff45df00a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_settings/__init__.py"}, "region": {"startLine": 575}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH scrapy.settings.default_settings has no auth"}, "properties": {"repobilityId": 79499, "scanner": "repobility-route-auth", "fingerprint": "2f41fa5ac14a6b08aeaa7999641edca4932b737aa793da5ba13c02f9046d43a3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2f41fa5ac14a6b08aeaa7999641edca4932b737aa793da5ba13c02f9046d43a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_settings/__init__.py"}, "region": {"startLine": 563}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH scrapy.utils.misc.is_generator_with_return_value has no auth"}, "properties": {"repobilityId": 79498, "scanner": "repobility-route-auth", "fingerprint": "f5e3f1737ce806be0934543848a80f722165c37aa2eae62faceaf51074be9a24", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f5e3f1737ce806be0934543848a80f722165c37aa2eae62faceaf51074be9a24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_misc/test_return_with_argument_inside_generator.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.platform has no auth"}, "properties": {"repobilityId": 79497, "scanner": "repobility-route-auth", "fingerprint": "47336830f5cf48a850f5fe10bd617bd61e621c5365576258c856c635e12f01ce", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|47336830f5cf48a850f5fe10bd617bd61e621c5365576258c856c635e12f01ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_display.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.platform has no auth"}, "properties": {"repobilityId": 79496, "scanner": "repobility-route-auth", "fingerprint": "61dcc4bebd1fa8f9c105ad601a347db2d512c6c2a3351f150dec9d4a4d185d93", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|61dcc4bebd1fa8f9c105ad601a347db2d512c6c2a3351f150dec9d4a4d185d93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_display.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.platform has no auth"}, "properties": {"repobilityId": 79495, "scanner": "repobility-route-auth", "fingerprint": "5a63b253e197f6559af4840c9cb818f07c0b3cef2aeadae78acceb1c76c82ae8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|5a63b253e197f6559af4840c9cb818f07c0b3cef2aeadae78acceb1c76c82ae8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_display.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.platform has no auth"}, "properties": {"repobilityId": 79494, "scanner": "repobility-route-auth", "fingerprint": "a6f6f947d2b6c2b47e9304bdf41d0d962b2e2414f3c35420dcae943f1ed646ab", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a6f6f947d2b6c2b47e9304bdf41d0d962b2e2414f3c35420dcae943f1ed646ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_display.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.stdout.isatty has no auth"}, "properties": {"repobilityId": 79493, "scanner": "repobility-route-auth", "fingerprint": "ba5ced2d6c7bb7cd0e9ffea1b523867cdfcd704f7e7198dd8fa3769e78bd0d19", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ba5ced2d6c7bb7cd0e9ffea1b523867cdfcd704f7e7198dd8fa3769e78bd0d19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_display.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.platform has no auth"}, "properties": {"repobilityId": 79492, "scanner": "repobility-route-auth", "fingerprint": "9c3d88332f6ff2f9b41fabf95cd3a5c50399ec806f6edc0c2543b5e932526a05", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|9c3d88332f6ff2f9b41fabf95cd3a5c50399ec806f6edc0c2543b5e932526a05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_display.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.stdout has no auth"}, "properties": {"repobilityId": 79491, "scanner": "repobility-route-auth", "fingerprint": "e3d3695f211655158b0cc524674fb9ae9cd8df174caa253232ca504b053348c8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e3d3695f211655158b0cc524674fb9ae9cd8df174caa253232ca504b053348c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_trackref.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH sys.stdout has no auth"}, "properties": {"repobilityId": 79490, "scanner": "repobility-route-auth", "fingerprint": "a9f4aec1a5437e3a1f18d2db878439b804fe3e4bb64f0d2d4e19a0f84f999d25", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a9f4aec1a5437e3a1f18d2db878439b804fe3e4bb64f0d2d4e19a0f84f999d25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_trackref.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH scrapy.extensions.corestats.monotonic has no auth"}, "properties": {"repobilityId": 79489, "scanner": "repobility-route-auth", "fingerprint": "261e7a830fc23e602eb303debaae16a952ab8a7f842b382b373e26bafeced551", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|261e7a830fc23e602eb303debaae16a952ab8a7f842b382b373e26bafeced551"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stats.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `requests.append` inside async function `test_logic`"}, "properties": {"repobilityId": 79466, "scanner": "repobility-ast-engine", "fingerprint": "be11ce419b335d9e23ab79819932a401913358a74950ee332daf450404010a0f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be11ce419b335d9e23ab79819932a401913358a74950ee332daf450404010a0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_scheduler.py"}, "region": {"startLine": 324}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_utf16"}, "properties": {"repobilityId": 79460, "scanner": "repobility-ast-engine", "fingerprint": "957b837df48ac218ca1641c304090de1f014bbe6d33a1a9536f616c81822f246", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|957b837df48ac218ca1641c304090de1f014bbe6d33a1a9536f616c81822f246"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_http_response_text.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_auth"}, "properties": {"repobilityId": 79459, "scanner": "repobility-ast-engine", "fingerprint": "739ab36ab6bf3f7a1d61a96e66a1a69abe5c541e24c69bbb3a07a91cf2d78ba5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|739ab36ab6bf3f7a1d61a96e66a1a69abe5c541e24c69bbb3a07a91cf2d78ba5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloadermiddleware_httpauth.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_both_resp_or_url_and_response"}, "properties": {"repobilityId": 79458, "scanner": "repobility-ast-engine", "fingerprint": "ecc92e0a6b866b3b78dbceb72e3c550edd030bec4855ee161cd419d12b2bbe14", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecc92e0a6b866b3b78dbceb72e3c550edd030bec4855ee161cd419d12b2bbe14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_spidermiddleware_referer.py"}, "region": {"startLine": 1020}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_multiple_policy_tokens_all_invalid"}, "properties": {"repobilityId": 79457, "scanner": "repobility-ast-engine", "fingerprint": "b835e4d92c0e138afee5dfc15ef8d1511d38199e011d7885f52791dd0f08dbb9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b835e4d92c0e138afee5dfc15ef8d1511d38199e011d7885f52791dd0f08dbb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_spidermiddleware_referer.py"}, "region": {"startLine": 920}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_name"}, "properties": {"repobilityId": 79456, "scanner": "repobility-ast-engine", "fingerprint": "a2b08053aed0291d81ee057dcbd57436471d4a4e49026fbe8425bb82db9fb4ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2b08053aed0291d81ee057dcbd57436471d4a4e49026fbe8425bb82db9fb4ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_spidermiddleware_referer.py"}, "region": {"startLine": 887}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_selector_bad_args"}, "properties": {"repobilityId": 79454, "scanner": "repobility-ast-engine", "fingerprint": "b5ffc47ad3bd6244cc9b7af4468b2b47612097b83705df4c224797dbd5569a13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5ffc47ad3bd6244cc9b7af4468b2b47612097b83705df4c224797dbd5569a13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_selector.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_badly_encoded_body"}, "properties": {"repobilityId": 79453, "scanner": "repobility-ast-engine", "fingerprint": "402b5336f14e16b28f738d812b3c86dcd5ac76e644561917e5a3d033cd51c91c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|402b5336f14e16b28f738d812b3c86dcd5ac76e644561917e5a3d033cd51c91c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_selector.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_jmespath_not_available"}, "properties": {"repobilityId": 79452, "scanner": "repobility-ast-engine", "fingerprint": "d13ee472871f743a08b1c8015f32cdc657a4cfcd630fcd2a714486771363997f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d13ee472871f743a08b1c8015f32cdc657a4cfcd630fcd2a714486771363997f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_selector.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deprecated_spider_arg_custom_collector_subclass"}, "properties": {"repobilityId": 79451, "scanner": "repobility-ast-engine", "fingerprint": "d57e1fa82db89a29bb071797c2ffeb199b2862dc582101929f76da26d9b94d5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d57e1fa82db89a29bb071797c2ffeb199b2862dc582101929f76da26d9b94d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stats.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deprecated_spider_arg_custom_collector"}, "properties": {"repobilityId": 79450, "scanner": "repobility-ast-engine", "fingerprint": "01f455a7ed84399796da5a5c078c7e4f2c44e51606a3215b08d2958959cfd760", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01f455a7ed84399796da5a5c078c7e4f2c44e51606a3215b08d2958959cfd760"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_stats.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_http_proxy_auth_error"}, "properties": {"repobilityId": 79449, "scanner": "repobility-ast-engine", "fingerprint": "bbf428265d9fca501eee962afb56b51071d8ea3938edf6d2dccc447e87de01fb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbf428265d9fca501eee962afb56b51071d8ea3938edf6d2dccc447e87de01fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 1217}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_verify_certs"}, "properties": {"repobilityId": 79448, "scanner": "repobility-ast-engine", "fingerprint": "0b7d206e070f5a961ec64cfdaf5dcdb503ada098f0fb452c2b43697086023069", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b7d206e070f5a961ec64cfdaf5dcdb503ada098f0fb452c2b43697086023069"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 858}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_verify_certs_deprecated"}, "properties": {"repobilityId": 79447, "scanner": "repobility-ast-engine", "fingerprint": "986e0513feb09c632c8375f8c6b22c77f33290793ba3bfdc3951156160c52541", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|986e0513feb09c632c8375f8c6b22c77f33290793ba3bfdc3951156160c52541"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 835}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_conn_lost"}, "properties": {"repobilityId": 79446, "scanner": "repobility-ast-engine", "fingerprint": "d317d12b5485432dea7151e2991556f810d213cadff8accd2584070e8008ae85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d317d12b5485432dea7151e2991556f810d213cadff8accd2584070e8008ae85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 815}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_dns_error"}, "properties": {"repobilityId": 79445, "scanner": "repobility-ast-engine", "fingerprint": "754f1b4c3337a4d19f50a74db80006ad85ad71328d5766da7372e2575aefd3bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|754f1b4c3337a4d19f50a74db80006ad85ad71328d5766da7372e2575aefd3bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 753}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_conn_aborted"}, "properties": {"repobilityId": 79444, "scanner": "repobility-ast-engine", "fingerprint": "717da785c98fedc132cb798a0b61dcdecf8c0eb5696844777d8ab7ef0a4ee83e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|717da785c98fedc132cb798a0b61dcdecf8c0eb5696844777d8ab7ef0a4ee83e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 736}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_conn_lost"}, "properties": {"repobilityId": 79443, "scanner": "repobility-ast-engine", "fingerprint": "21be9d59af5e0607a4b1a2a725065f08acc148c009d231776bff97111a6c380b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21be9d59af5e0607a4b1a2a725065f08acc148c009d231776bff97111a6c380b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 728}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_conn_failed"}, "properties": {"repobilityId": 79442, "scanner": "repobility-ast-engine", "fingerprint": "05a2d25ffaf5c56ea958dc3cc6215dd9210c9995c57ea2ee16f98266d6ea72b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05a2d25ffaf5c56ea958dc3cc6215dd9210c9995c57ea2ee16f98266d6ea72b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 719}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_cause_data_loss"}, "properties": {"repobilityId": 79441, "scanner": "repobility-ast-engine", "fingerprint": "2b1cd2581a4a234183328c9bc1f07a1f1a9792d75ac10147fd0f2907ef127f11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b1cd2581a4a234183328c9bc1f07a1f1a9792d75ac10147fd0f2907ef127f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 650}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_with_small_maxsize_via_setting"}, "properties": {"repobilityId": 79440, "scanner": "repobility-ast-engine", "fingerprint": "32cbe24d7d173356aa5af08f5435e10910ffa70677e4d126ce04400fda57def0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32cbe24d7d173356aa5af08f5435e10910ffa70677e4d126ce04400fda57def0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 597}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_download_with_maxsize_per_req"}, "properties": {"repobilityId": 79439, "scanner": "repobility-ast-engine", "fingerprint": "107fe71c27e9d0a79975da6045ec09a6fb037329d6664f509c3bcc1c4110a84e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|107fe71c27e9d0a79975da6045ec09a6fb037329d6664f509c3bcc1c4110a84e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 589}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_timeout_download_from_spider_server_hangs"}, "properties": {"repobilityId": 79438, "scanner": "repobility-ast-engine", "fingerprint": "7b7f07eedc903763cd67c5da428ee6bbd9f892c1f3e92788e80a19585b8a5e80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b7f07eedc903763cd67c5da428ee6bbd9f892c1f3e92788e80a19585b8a5e80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_timeout_download_from_spider_nodata_rcvd"}, "properties": {"repobilityId": 79437, "scanner": "repobility-ast-engine", "fingerprint": "1ecc2ad5c5e5e1c5d4bdda0542a14b9853ef2a68af5609a5d55fd8dbd4f0af57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ecc2ad5c5e5e1c5d4bdda0542a14b9853ef2a68af5609a5d55fd8dbd4f0af57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 322}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unsupported_scheme"}, "properties": {"repobilityId": 79436, "scanner": "repobility-ast-engine", "fingerprint": "11a954337b4a3a232ad44e061ef3b2a0eb74f3c857f7a9dbca51d6532e33e5dc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11a954337b4a3a232ad44e061ef3b2a0eb74f3c857f7a9dbca51d6532e33e5dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers_http_base.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_guess_scheme_skipped"}, "properties": {"repobilityId": 79435, "scanner": "repobility-ast-engine", "fingerprint": "b13749436bedf32442c8d0752bf193f7a152670e60a50b62bf1c58385d0ceecb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b13749436bedf32442c8d0752bf193f7a152670e60a50b62bf1c58385d0ceecb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils_url.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._beautify_newline` used but never assigned in __init__"}, "properties": {"repobilityId": 79433, "scanner": "repobility-ast-engine", "fingerprint": "f2b7ce70ebac5f64826ad4219ca0b59822318bf4542a46446935d83525c55805", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2b7ce70ebac5f64826ad4219ca0b59822318bf4542a46446935d83525c55805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._beautify_newline` used but never assigned in __init__"}, "properties": {"repobilityId": 79432, "scanner": "repobility-ast-engine", "fingerprint": "1d7fd5efa1fd76c748ffc69d80bf30c3ffdf321f675a6953ca10ed8e20a4fcff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d7fd5efa1fd76c748ffc69d80bf30c3ffdf321f675a6953ca10ed8e20a4fcff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._beautify_newline` used but never assigned in __init__"}, "properties": {"repobilityId": 79431, "scanner": "repobility-ast-engine", "fingerprint": "a5493e34d93d1f473028254e450fb67193b01d95f706f03f583cb761a7d8d27f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5493e34d93d1f473028254e450fb67193b01d95f706f03f583cb761a7d8d27f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.indent` used but never assigned in __init__"}, "properties": {"repobilityId": 79430, "scanner": "repobility-ast-engine", "fingerprint": "24788486dbe8c5b5ea6883ef75a8e08b4243e4a4a1f566a5424a34cc7c7a9791", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24788486dbe8c5b5ea6883ef75a8e08b4243e4a4a1f566a5424a34cc7c7a9791"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoding` used but never assigned in __init__"}, "properties": {"repobilityId": 79429, "scanner": "repobility-ast-engine", "fingerprint": "482692b871ed77c01a1f3a1ce4784909925d52bb3d805aaf2aa588300e8e8355", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|482692b871ed77c01a1f3a1ce4784909925d52bb3d805aaf2aa588300e8e8355"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_serialized_fields` used but never assigned in __init__"}, "properties": {"repobilityId": 79428, "scanner": "repobility-ast-engine", "fingerprint": "3116ca38c8bd6d5b8ed67b277f8950fe49c5817940a9a6ef88eeed73d27394e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3116ca38c8bd6d5b8ed67b277f8950fe49c5817940a9a6ef88eeed73d27394e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79427, "scanner": "repobility-ast-engine", "fingerprint": "becda4791aa4ee48ed560a566d9d8bad509a25e12f7f48d1d3abb163c98d3ebd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|becda4791aa4ee48ed560a566d9d8bad509a25e12f7f48d1d3abb163c98d3ebd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79426, "scanner": "repobility-ast-engine", "fingerprint": "ae6988311098d33518e3b8d53cac27d0d478651da5a7696d51a0f4e24e01f826", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae6988311098d33518e3b8d53cac27d0d478651da5a7696d51a0f4e24e01f826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79425, "scanner": "repobility-ast-engine", "fingerprint": "29137f9fe20c151803a4a7cd5813a094c91cf688098bb90bc28eae7b97cd6487", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29137f9fe20c151803a4a7cd5813a094c91cf688098bb90bc28eae7b97cd6487"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.serialize_field` used but never assigned in __init__"}, "properties": {"repobilityId": 79424, "scanner": "repobility-ast-engine", "fingerprint": "2005ab208057eac36e87dba7e1a0ed3a9c0ddd568ab894fcb38b88acb18f6440", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2005ab208057eac36e87dba7e1a0ed3a9c0ddd568ab894fcb38b88acb18f6440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79423, "scanner": "repobility-ast-engine", "fingerprint": "80865d81f8b1f5be8196efca3a0ff29af7cdb6377f833ba543b243defa4aff3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80865d81f8b1f5be8196efca3a0ff29af7cdb6377f833ba543b243defa4aff3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79422, "scanner": "repobility-ast-engine", "fingerprint": "a24246d760d3c74cd998553cf02df125e584d6c380f797478a84e64fd6aaca1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a24246d760d3c74cd998553cf02df125e584d6c380f797478a84e64fd6aaca1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79421, "scanner": "repobility-ast-engine", "fingerprint": "1a77d115b5e6b5dc23723d1e73a3ef8f78c5f63a0e00bbf607c87170204f22e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a77d115b5e6b5dc23723d1e73a3ef8f78c5f63a0e00bbf607c87170204f22e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.export_empty_fields` used but never assigned in __init__"}, "properties": {"repobilityId": 79420, "scanner": "repobility-ast-engine", "fingerprint": "044256c8bdfe5dfacafd33459dd5fea8d82cf9679a4485ab33d935cf5ec466ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|044256c8bdfe5dfacafd33459dd5fea8d82cf9679a4485ab33d935cf5ec466ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.indent` used but never assigned in __init__"}, "properties": {"repobilityId": 79419, "scanner": "repobility-ast-engine", "fingerprint": "5eeb2714929cc46ea9040ffedc1719dd52a250459f31bf2a47124b58525f8c45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5eeb2714929cc46ea9040ffedc1719dd52a250459f31bf2a47124b58525f8c45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.export_empty_fields` used but never assigned in __init__"}, "properties": {"repobilityId": 79418, "scanner": "repobility-ast-engine", "fingerprint": "f7fd91faf4ebb61b8f2bb83e0e0f61b25d9d48743ef10c2f5389ca6e8b8feb65", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7fd91faf4ebb61b8f2bb83e0e0f61b25d9d48743ef10c2f5389ca6e8b8feb65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fields_to_export` used but never assigned in __init__"}, "properties": {"repobilityId": 79417, "scanner": "repobility-ast-engine", "fingerprint": "00155de7e057b2f409db16f242762ae30d402fb079453587e0035c27feb4993a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00155de7e057b2f409db16f242762ae30d402fb079453587e0035c27feb4993a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.encoding` used but never assigned in __init__"}, "properties": {"repobilityId": 79416, "scanner": "repobility-ast-engine", "fingerprint": "afcb936350e1cee396444c9a08b0d9cf1ca494172efed59266d57b4d3d2882f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afcb936350e1cee396444c9a08b0d9cf1ca494172efed59266d57b4d3d2882f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/exporters.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._crawler` used but never assigned in __init__"}, "properties": {"repobilityId": 79415, "scanner": "repobility-ast-engine", "fingerprint": "e3e5e3a552200038029f2d56bddb2a35e798fe51d75a3c48ebe4a0333905a737", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3e5e3a552200038029f2d56bddb2a35e798fe51d75a3c48ebe4a0333905a737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/statscollectors.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._crawler` used but never assigned in __init__"}, "properties": {"repobilityId": 79414, "scanner": "repobility-ast-engine", "fingerprint": "655bad43e7fdd0c5f70b22eb935deb1f17b8cc51893d05d6827bffccab189e30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|655bad43e7fdd0c5f70b22eb935deb1f17b8cc51893d05d6827bffccab189e30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/statscollectors.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._persist_stats` used but never assigned in __init__"}, "properties": {"repobilityId": 79413, "scanner": "repobility-ast-engine", "fingerprint": "5fcac095d5d6849eec20324221c0c559fe3f636e9a83f7f7f1eaf3e83f47a824", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fcac095d5d6849eec20324221c0c559fe3f636e9a83f7f7f1eaf3e83f47a824"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/statscollectors.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._create_sender_factory` used but never assigned in __init__"}, "properties": {"repobilityId": 79412, "scanner": "repobility-ast-engine", "fingerprint": "b746a0b1a3d146d64a63b7b20dba2d0399e31ea87e1be547ad76b9bfeba5cbe1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b746a0b1a3d146d64a63b7b20dba2d0399e31ea87e1be547ad76b9bfeba5cbe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/mail.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._sent_failed` used but never assigned in __init__"}, "properties": {"repobilityId": 79411, "scanner": "repobility-ast-engine", "fingerprint": "b8f84228ecd60363bdc090df3c969d37e2b7f28167d198bb12229ceb82b05f9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8f84228ecd60363bdc090df3c969d37e2b7f28167d198bb12229ceb82b05f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/mail.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._sent_ok` used but never assigned in __init__"}, "properties": {"repobilityId": 79410, "scanner": "repobility-ast-engine", "fingerprint": "effc1523019b68c97c0187541d9d9628513f19ad24e34c48ece65ee36bac792f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|effc1523019b68c97c0187541d9d9628513f19ad24e34c48ece65ee36bac792f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/mail.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._sendmail` used but never assigned in __init__"}, "properties": {"repobilityId": 79409, "scanner": "repobility-ast-engine", "fingerprint": "4b03316516c13b2b51a791124ae7796a0da52762122dc9b4be717a4ac24d84f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b03316516c13b2b51a791124ae7796a0da52762122dc9b4be717a4ac24d84f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/mail.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79602, "scanner": "gitleaks", "fingerprint": "00cd017f5582466524742518f2917aa7344d34f010fc08cee7c3eb307a339ce8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AWS_SECRET_ACCESS_KEY\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|18|aws_secret_access_key : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloader_handlers.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 79601, "scanner": "gitleaks", "fingerprint": "e66517ea13c1e19ffe73ddedc56d3a1fec15c6c753387048676cf0597d465d6d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|tests/keys/mitmproxy-ca.pem|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/keys/mitmproxy-ca.pem"}, "region": {"startLine": 1}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 79600, "scanner": "gitleaks", "fingerprint": "47b4a85c821f27c1751ac462b5aba6dd2c2d3e355704923a9cb64fdfce84d5f5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|tests/keys/localhost.ip.key|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/keys/localhost.ip.key"}, "region": {"startLine": 1}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 79599, "scanner": "gitleaks", "fingerprint": "16baefd98090e311cee80cf8807cb401e5d6410b57187faa10133a0db1e44ace", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/keys/example-com.key.pem"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 79593, "scanner": "repobility-threat-engine", "fingerprint": "002f8bff9883177bd35481199cbb860f1773b09552665d2124d66842f2831c87", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|002f8bff9883177bd35481199cbb860f1773b09552665d2124d66842f2831c87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/squeues.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 79585, "scanner": "repobility-threat-engine", "fingerprint": "87afab95cb3a9a878ce5c49378474f0aa1b264234adefab3fbb17f0cee8bcaf3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87afab95cb3a9a878ce5c49378474f0aa1b264234adefab3fbb17f0cee8bcaf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/squeues.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 79584, "scanner": "repobility-threat-engine", "fingerprint": "7746da7398b636788dc2184e740f0cd7abebf28e800e38248d7349c09b92b49a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7746da7398b636788dc2184e740f0cd7abebf28e800e38248d7349c09b92b49a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/extensions/spiderstate.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 79583, "scanner": "repobility-threat-engine", "fingerprint": "8a490951243af916b562acfcb5e21d19176f6b57c2cdc66fe362d3978b12a061", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a490951243af916b562acfcb5e21d19176f6b57c2cdc66fe362d3978b12a061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/extensions/spiderstate.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 79484, "scanner": "repobility-ast-engine", "fingerprint": "2eb384687d42da95fd3282a0badbb7059541ba0fefa4392a1c2365fdf2cfe154", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2eb384687d42da95fd3282a0badbb7059541ba0fefa4392a1c2365fdf2cfe154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/utils/asyncio.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `copy` used but not imported"}, "properties": {"repobilityId": 79467, "scanner": "repobility-ast-engine", "fingerprint": "3906a7c142e824b9158d3a8d425f96930c74178074df3c931447ed51d6eded37", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3906a7c142e824b9158d3a8d425f96930c74178074df3c931447ed51d6eded37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_settings/__init__.py"}, "region": {"startLine": 371}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 79465, "scanner": "repobility-ast-engine", "fingerprint": "ad90baa71f013529bfebb85a8cc99d050730adca6d1e7d8c02cd16c65b7b237f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad90baa71f013529bfebb85a8cc99d050730adca6d1e7d8c02cd16c65b7b237f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_pqueues.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `re` used but not imported"}, "properties": {"repobilityId": 79464, "scanner": "repobility-ast-engine", "fingerprint": "45a59631af7507a9b5b80ba029336733ffd986c84875a920842a77817f7d7ff3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45a59631af7507a9b5b80ba029336733ffd986c84875a920842a77817f7d7ff3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_http_response.py"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 79463, "scanner": "repobility-ast-engine", "fingerprint": "c62fd7135233de6093a771297f94ad8f76d3e7a4d306c072dc51e92955c1d125", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c62fd7135233de6093a771297f94ad8f76d3e7a4d306c072dc51e92955c1d125"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_downloadermiddleware_redirect_metarefresh.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `re` used but not imported"}, "properties": {"repobilityId": 79461, "scanner": "repobility-ast-engine", "fingerprint": "4b2507e27726435be0b6dd62cd64c36890662876c20e7bc8d9313878dc5cdc24", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b2507e27726435be0b6dd62cd64c36890662876c20e7bc8d9313878dc5cdc24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_http_response_text.py"}, "region": {"startLine": 412}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 79455, "scanner": "repobility-ast-engine", "fingerprint": "ee675cfccb58c4da4c315cdc90e2ad647549f5d22fc0eee232071bd143ac0eb5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee675cfccb58c4da4c315cdc90e2ad647549f5d22fc0eee232071bd143ac0eb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_selector.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 79434, "scanner": "repobility-ast-engine", "fingerprint": "58bfcb80b8efb52cef1776e385ce888b5daeb7391c1f93da48ac4b0e5faa59e2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58bfcb80b8efb52cef1776e385ce888b5daeb7391c1f93da48ac4b0e5faa59e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scrapy/pqueues.py"}, "region": {"startLine": 404}}}]}]}]}