{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-q2x7-8rv6-6q7h", "name": "jinja2: GHSA-q2x7-8rv6-6q7h", "shortDescription": {"text": "jinja2: GHSA-q2x7-8rv6-6q7h"}, "fullDescription": {"text": "Jinja has a sandbox breakout through indirect reference to format method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h75v-3vvj-5mfj", "name": "jinja2: GHSA-h75v-3vvj-5mfj", "shortDescription": {"text": "jinja2: GHSA-h75v-3vvj-5mfj"}, "fullDescription": {"text": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h5c8-rqwp-cp95", "name": "jinja2: GHSA-h5c8-rqwp-cp95", "shortDescription": {"text": "jinja2: GHSA-h5c8-rqwp-cp95"}, "fullDescription": {"text": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cpwx-vrp4-4pq7", "name": "jinja2: GHSA-cpwx-vrp4-4pq7", "shortDescription": {"text": "jinja2: GHSA-cpwx-vrp4-4pq7"}, "fullDescription": {"text": "Jinja2 vulnerable to sandbox breakout through attr filter selecting format method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)", "shortDescription": {"text": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)"}, "fullDescription": {"text": "`uses: softprops/action-gh-release@v2` is 1 major version(s) behind the latest published release v3.0.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `zope.interface` is 4 major version(s) behind (4.2.0 -> 8.5)", "shortDescription": {"text": "Python package `zope.interface` is 4 major version(s) behind (4.2.0 -> 8.5)"}, "fullDescription": {"text": "`zope.interface==4.2.0` is 4 major version(s) behind the latest stable release on PyPI (8.5). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `\u001b[4;38;2;166;226;46mhttps://github.com/pallets/click/archive/7.0.zip#egg=click\u001b[0m` has no version pi", "shortDescription": {"text": "requirements.txt: `\u001b[4;38;2;166;226;46mhttps://github.com/pallets/click/archive/7.0.zip#egg=click\u001b[0m` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-5239-wwwm-4pmq", "name": "pygments: GHSA-5239-wwwm-4pmq", "shortDescription": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "fullDescription": {"text": "Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x2qx-6953-8485", "name": "gitpython: GHSA-x2qx-6953-8485", "shortDescription": {"text": "gitpython: GHSA-x2qx-6953-8485"}, "fullDescription": {"text": "GitPython: Unsafe option check validates multi_options before shlex.split transformation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v87r-6q3f-2j67", "name": "gitpython: GHSA-v87r-6q3f-2j67", "shortDescription": {"text": "gitpython: GHSA-v87r-6q3f-2j67"}, "fullDescription": {"text": "GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mv93-w799-cj2w", "name": "gitpython: GHSA-mv93-w799-cj2w", "shortDescription": {"text": "gitpython: GHSA-mv93-w799-cj2w"}, "fullDescription": {"text": "GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7545-fcxq-7j24", "name": "gitpython: GHSA-7545-fcxq-7j24", "shortDescription": {"text": "gitpython: GHSA-7545-fcxq-7j24"}, "fullDescription": {"text": "GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2mqj-m65w-jghx", "name": "gitpython: GHSA-2mqj-m65w-jghx", "shortDescription": {"text": "gitpython: GHSA-2mqj-m65w-jghx"}, "fullDescription": {"text": "Untrusted search path under some conditions on Windows allows arbitrary code execution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-165", "name": "gitpython: PYSEC-2023-165", "shortDescription": {"text": "gitpython: PYSEC-2023-165"}, "fullDescription": {"text": " GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-161", "name": "gitpython: PYSEC-2023-161", "shortDescription": {"text": "gitpython: PYSEC-2023-161"}, "fullDescription": {"text": " GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\\\Program Files\\\\Git\\\\cmd\\\\git.EXE` (default git path installation). "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-117", "name": "pygments: PYSEC-2023-117", "shortDescription": {"text": "pygments: PYSEC-2023-117"}, "fullDescription": {"text": "A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-66", "name": "jinja2: PYSEC-2021-66", "shortDescription": {"text": "jinja2: PYSEC-2021-66"}, "fullDescription": {"text": "This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2019-217", "name": "jinja2: PYSEC-2019-217", "shortDescription": {"text": "jinja2: PYSEC-2019-217"}, "fullDescription": {"text": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0320", "name": "yaml-rust: RUSTSEC-2024-0320", "shortDescription": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "fullDescription": {"text": "yaml-rust is unmaintained."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED121", "name": "requirements.txt installs from `https://github.com/pallets/click/archive/7.0.zip#e...` (git/URL)", "shortDescription": {"text": "requirements.txt installs from `https://github.com/pallets/click/archive/7.0.zip#e...` (git/URL)"}, "fullDescription": {"text": "Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `pip install` pulls a different package \u2014 no diff visible to reviewers."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.three` used but never assigned in __init__", "shortDescription": {"text": "`self.three` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_attributes` of class `TestAttributes` reads `self.three`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_dtypeattr", "shortDescription": {"text": "Phantom test coverage: test_dtypeattr"}, "fullDescription": {"text": "Test function `test_dtypeattr` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-pr76-5cm5-w9cj", "name": "gitpython: GHSA-pr76-5cm5-w9cj", "shortDescription": {"text": "gitpython: GHSA-pr76-5cm5-w9cj"}, "fullDescription": {"text": "GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hcpj-qp55-gfph", "name": "gitpython: GHSA-hcpj-qp55-gfph", "shortDescription": {"text": "gitpython: GHSA-hcpj-qp55-gfph"}, "fullDescription": {"text": "GitPython vulnerable to Remote Code Execution due to improper user input validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.WINGET_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.WINGET_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.WINGET_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `array` used but not imported", "shortDescription": {"text": "Missing import: `array` used but not imported"}, "fullDescription": {"text": "The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/697"}, "properties": {"repository": "sharkdp/bat", "repoUrl": "https://github.com/sharkdp/bat", "branch": "master"}, "results": [{"ruleId": "GHSA-q2x7-8rv6-6q7h", "level": "warning", "message": {"text": "jinja2: GHSA-q2x7-8rv6-6q7h"}, "properties": {"repobilityId": 55215, "scanner": "osv-scanner", "fingerprint": "f1bf4f9dcd17c0f51e7f1878633e10654ffd85dd4db127c0f28c95973e2bd69c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-56326"], "package": "jinja2", "rule_id": "GHSA-q2x7-8rv6-6q7h", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-56326|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-q2x7-8rv6-6q7h"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["28abc5d081c6345d6b9603b3b2bccd0990186ef2e09ebe8233edd99d483dbaed", "f1bf4f9dcd17c0f51e7f1878633e10654ffd85dd4db127c0f28c95973e2bd69c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h75v-3vvj-5mfj", "level": "warning", "message": {"text": "jinja2: GHSA-h75v-3vvj-5mfj"}, "properties": {"repobilityId": 55214, "scanner": "osv-scanner", "fingerprint": "c5638903e049fbfa18f3084f7e9bf7a0f29e477704f54c0ed737ebf62e91d5bd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-34064"], "package": "jinja2", "rule_id": "GHSA-h75v-3vvj-5mfj", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-34064|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-h75v-3vvj-5mfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["968bc0df0e4ac66a173f429ef21c5f4ec92ae1650cd3548a7e3f78ec567f6f53", "c5638903e049fbfa18f3084f7e9bf7a0f29e477704f54c0ed737ebf62e91d5bd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h5c8-rqwp-cp95", "level": "warning", "message": {"text": "jinja2: GHSA-h5c8-rqwp-cp95"}, "properties": {"repobilityId": 55213, "scanner": "osv-scanner", "fingerprint": "aa40b086bff85830ba1961173b8168567cb455df7570d68425bc060a47eb6b3d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-22195"], "package": "jinja2", "rule_id": "GHSA-h5c8-rqwp-cp95", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-22195|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-h5c8-rqwp-cp95"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["aa40b086bff85830ba1961173b8168567cb455df7570d68425bc060a47eb6b3d", "d6e229e9f288c6c907eea9dafbb2fdacb6647d0ac3bbf4100fed129f777f6295"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cpwx-vrp4-4pq7", "level": "warning", "message": {"text": "jinja2: GHSA-cpwx-vrp4-4pq7"}, "properties": {"repobilityId": 55212, "scanner": "osv-scanner", "fingerprint": "768ed6d89f6d0274357e2ce4e5cf3027c7e7a97944f47ae2bf0203a916819946", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-27516"], "package": "jinja2", "rule_id": "GHSA-cpwx-vrp4-4pq7", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2025-27516|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cpwx-vrp4-4pq7"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["40135956368d547e4c1c0bcf37718a782f8e10a16dba6c76163e588ad8a4d77c", "768ed6d89f6d0274357e2ce4e5cf3027c7e7a97944f47ae2bf0203a916819946"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 55207, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 55206, "scanner": "repobility-docker", "fingerprint": "6612ff34b9b4fe4f141482c8ea5af343ed71e504d5847f54ff3a5aea9375ba9d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$architecture/centos:7", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6612ff34b9b4fe4f141482c8ea5af343ed71e504d5847f54ff3a5aea9375ba9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Dockerfile/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)"}, "properties": {"repobilityId": 55194, "scanner": "repobility-dependency-currency", "fingerprint": "a4ed5fc6b8157fd4bee50f15d7a2d4463452f185eab26e1fb3f5186e3169717d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "softprops/action-gh-release", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.0.0", "correlation_key": "fp|a4ed5fc6b8157fd4bee50f15d7a2d4463452f185eab26e1fb3f5186e3169717d", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 445}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `zope.interface` is 4 major version(s) behind (4.2.0 -> 8.5)"}, "properties": {"repobilityId": 55191, "scanner": "repobility-dependency-currency", "fingerprint": "7afe670e53c7d0fbdbfe289f4ed4daac9a24c6cc94d4e94bb098ced6f2233c7f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "zope.interface", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "8.5", "correlation_key": "fp|7afe670e53c7d0fbdbfe289f4ed4daac9a24c6cc94d4e94bb098ced6f2233c7f", "current_version": "4.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 21}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `sphinx-rtd-theme` is 3 major version(s) behind (0.1.9 -> 3.1.0)"}, "properties": {"repobilityId": 55190, "scanner": "repobility-dependency-currency", "fingerprint": "ccf328d0dac16bad6f76ae6e1dd8d47743b5f3634e27f70454a3e7166591935c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "sphinx-rtd-theme", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.0", "correlation_key": "fp|ccf328d0dac16bad6f76ae6e1dd8d47743b5f3634e27f70454a3e7166591935c", "current_version": "0.1.9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 19}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `Sphinx` is 8 major version(s) behind (1.3.3 -> 9.1.0)"}, "properties": {"repobilityId": 55189, "scanner": "repobility-dependency-currency", "fingerprint": "b704b48265439a31d06fc0fb7ee901d38632a900cea6eebda56410430fcc8564", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "8 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "Sphinx", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "9.1.0", "correlation_key": "fp|b704b48265439a31d06fc0fb7ee901d38632a900cea6eebda56410430fcc8564", "current_version": "1.3.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 18}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `snowballstemmer` is 2 major version(s) behind (1.2.0 -> 3.1.1)"}, "properties": {"repobilityId": 55188, "scanner": "repobility-dependency-currency", "fingerprint": "6b1a750055eabb519f9d0a1b76e496b08643e1d3bf0923b0caaa8e14f893a6ca", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "snowballstemmer", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.1", "correlation_key": "fp|6b1a750055eabb519f9d0a1b76e496b08643e1d3bf0923b0caaa8e14f893a6ca", "current_version": "1.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `pytz` is 11 major version(s) behind (2015.7 -> 2026.2)"}, "properties": {"repobilityId": 55186, "scanner": "repobility-dependency-currency", "fingerprint": "5869b6a7c96eec1d1d50b47cebd9921d8baf7d637454c4f54117b55c30d30eaa", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "11 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pytz", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2026.2", "correlation_key": "fp|5869b6a7c96eec1d1d50b47cebd9921d8baf7d637454c4f54117b55c30d30eaa", "current_version": "2015.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `MarkupSafe` is 3 major version(s) behind (0.23 -> 3.0.3)"}, "properties": {"repobilityId": 55184, "scanner": "repobility-dependency-currency", "fingerprint": "9bdaeff9081f0233818f7a6005bc6cf7836757858c4ee3161a93fd2b6bbc9d64", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "MarkupSafe", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.0.3", "correlation_key": "fp|9bdaeff9081f0233818f7a6005bc6cf7836757858c4ee3161a93fd2b6bbc9d64", "current_version": "0.23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `alabaster` is 1 major version(s) behind (0.7.6 -> 1.0.0)"}, "properties": {"repobilityId": 55181, "scanner": "repobility-dependency-currency", "fingerprint": "6a4e21a276d71770eab077bb2f7ab0e35111e1ddfd12fda6af1be39fb6f32f35", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "alabaster", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.0.0", "correlation_key": "fp|6a4e21a276d71770eab077bb2f7ab0e35111e1ddfd12fda6af1be39fb6f32f35", "current_version": "0.7.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[4;38;2;166;226;46mhttps://github.com/pallets/click/archive/7.0.zip#egg=click\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55152, "scanner": "repobility-supply-chain", "fingerprint": "5d381536f0bf865a6423bce873009f360be583c584a91c8f52bafe02d01724ec", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d381536f0bf865a6423bce873009f360be583c584a91c8f52bafe02d01724ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m Project or archive URL\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55151, "scanner": "repobility-supply-chain", "fingerprint": "6363e0b8dca9dde9f57434178bd4a5e1b474b7e7d2017c30e6390294904df21f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6363e0b8dca9dde9f57434178bd4a5e1b474b7e7d2017c30e6390294904df21f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;166;226;46m-e\u001b[0m\u001b[38;2;248;248;242m \u001b[0m\u001b[4;38;2;166;226;46mhg+https://hg.myproject.org/MyProject#egg=MyProject\u001b[0m\u001b[38;2;248;248;242m \u001b[0m\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m Mercurial\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55150, "scanner": "repobility-supply-chain", "fingerprint": "37b9cc80ca7d8a9e7c5086cb196be98346ece87fd0f6c26b3ce1c7fe2c14d5a9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37b9cc80ca7d8a9e7c5086cb196be98346ece87fd0f6c26b3ce1c7fe2c14d5a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;166;226;46m-e\u001b[0m\u001b[38;2;248;248;242m \u001b[0m\u001b[4;38;2;166;226;46mgit+git://git.myproject.org/MyProject#egg=MyProject\u001b[0m\u001b[38;2;248;248;242m \u001b[0m\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m Git\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55149, "scanner": "repobility-supply-chain", "fingerprint": "173f18bf0e5dc9face2483c1269589de4f61fe13b2e2cc5e144d3c912786439b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|173f18bf0e5dc9face2483c1269589de4f61fe13b2e2cc5e144d3c912786439b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m VCS repositories\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55148, "scanner": "repobility-supply-chain", "fingerprint": "ed1bc1e71c092292e004fff05a97435431c9865cb3551045c342d9cc4d81dbc2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed1bc1e71c092292e004fff05a97435431c9865cb3551045c342d9cc4d81dbc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m c.f. https://www.python.org/dev/peps/pep-0508/\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55147, "scanner": "repobility-supply-chain", "fingerprint": "bce6ba8c5d40ddb28c1fe0b794f5067fd850fa3e4ef1cdbdbf02111a27239557", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bce6ba8c5d40ddb28c1fe0b794f5067fd850fa3e4ef1cdbdbf02111a27239557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m Examples from PEP508\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55146, "scanner": "repobility-supply-chain", "fingerprint": "9402558d8c4982969b1733398bd151878eb2269f7a0607653c724906f0f4d565", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9402558d8c4982969b1733398bd151878eb2269f7a0607653c724906f0f4d565"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m Freeze packages\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55145, "scanner": "repobility-supply-chain", "fingerprint": "9497b16ed2165cfbf8e8f30cdc9764d7f797e97bf472c7832cc7557269131762", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9497b16ed2165cfbf8e8f30cdc9764d7f797e97bf472c7832cc7557269131762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;166;226;46m--allow-unverified\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55144, "scanner": "repobility-supply-chain", "fingerprint": "9cee8f340c275fdfa798d12fffdd2490bc823feda979d279bdbc32f631914396", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9cee8f340c275fdfa798d12fffdd2490bc823feda979d279bdbc32f631914396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;166;226;46m--allow-external\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55143, "scanner": "repobility-supply-chain", "fingerprint": "8b01f613629afd2a3100e4fda5561208299da1721e1c05127b51fa00f1dedfcb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b01f613629afd2a3100e4fda5561208299da1721e1c05127b51fa00f1dedfcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `\u001b[38;2;117;113;94m#\u001b[0m\u001b[38;2;117;113;94m Options\u001b[0m` has no version pin"}, "properties": {"repobilityId": 55142, "scanner": "repobility-supply-chain", "fingerprint": "af945c2d1943fdfe64d7a3edca9ab46b767a5c71ef72a06ef4923b927f3c72e7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af945c2d1943fdfe64d7a3edca9ab46b767a5c71ef72a06ef4923b927f3c72e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/highlighted/Requirements.txt/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5239-wwwm-4pmq", "level": "note", "message": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "properties": {"repobilityId": 55217, "scanner": "osv-scanner", "fingerprint": "079b05dc12f658dc0b17eed73301479218fa49e4051e4cd466613be173086b43", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-4539"], "package": "pygments", "rule_id": "GHSA-5239-wwwm-4pmq", "scanner": "osv-scanner", "correlation_key": "vuln|pygments|CVE-2026-4539|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-5239-wwwm-4pmq"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["079b05dc12f658dc0b17eed73301479218fa49e4051e4cd466613be173086b43", "21742608d86a385ba20bd41c76c4683934b061153a78e746769c0ed3e4a22c37"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `six` is minor version(s) behind (1.10.0 -> 1.17.0)"}, "properties": {"repobilityId": 55187, "scanner": "repobility-dependency-currency", "fingerprint": "e378b780c4e124aaefb2c86c006fbabcaabb7cec8cbdfdfc5a4d607080ccafcb", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "six", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.17.0", "correlation_key": "fp|e378b780c4e124aaefb2c86c006fbabcaabb7cec8cbdfdfc5a4d607080ccafcb", "current_version": "1.10.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 16}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `Pygments` is minor version(s) behind (2.7.4 -> 2.20.0)"}, "properties": {"repobilityId": 55185, "scanner": "repobility-dependency-currency", "fingerprint": "b4d0eea23dcc1f02d38fd57327b4873d2a16a8dadb5603a1dab29cbde00579c9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "Pygments", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.20.0", "correlation_key": "fp|b4d0eea23dcc1f02d38fd57327b4873d2a16a8dadb5603a1dab29cbde00579c9", "current_version": "2.7.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `gitpython` is minor version(s) behind (3.0.7 -> 3.1.50)"}, "properties": {"repobilityId": 55183, "scanner": "repobility-dependency-currency", "fingerprint": "0327eb88ca4ffdc5770c434d6228f789c35d9678a035c663bee0a9fdde8d5f07", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "gitpython", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.50", "correlation_key": "fp|0327eb88ca4ffdc5770c434d6228f789c35d9678a035c663bee0a9fdde8d5f07", "current_version": "3.0.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 10}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `docutils` is minor version(s) behind (0.12 -> 0.23)"}, "properties": {"repobilityId": 55182, "scanner": "repobility-dependency-currency", "fingerprint": "d34e72445519b2eb8dc31abc6cb4831ebabbd859adffab76559ff72d6a74ac78", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "docutils", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "0.23", "correlation_key": "fp|d34e72445519b2eb8dc31abc6cb4831ebabbd859adffab76559ff72d6a74ac78", "current_version": "0.12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 55090, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 55205, "scanner": "repobility-docker", "fingerprint": "b8739f97956faaf25957f48d12e6360f2c0aca006f8217b2187ffc08919c153d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$architecture/centos:7", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b8739f97956faaf25957f48d12e6360f2c0aca006f8217b2187ffc08919c153d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Dockerfile/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 55204, "scanner": "repobility-threat-engine", "fingerprint": "a49417b8048a00e5d96872d0fe0b2b30e7225095962aa12b7e377bc520b20bf8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a49417b8048a00e5d96872d0fe0b2b30e7225095962aa12b7e377bc520b20bf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/less.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 55203, "scanner": "repobility-threat-engine", "fingerprint": "54c2d1afa80cb21c5d88e62704588430ff1419cc69829d6bb0447737c4a340d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54c2d1afa80cb21c5d88e62704588430ff1419cc69829d6bb0447737c4a340d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/assets/build_assets/acknowledgements.rs"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 55202, "scanner": "repobility-threat-engine", "fingerprint": "7fb1e7c7fc33ac4ca04c001d812ab93a4d99c0b56ebb4384bf34b02c532689c1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7fb1e7c7fc33ac4ca04c001d812ab93a4d99c0b56ebb4384bf34b02c532689c1", "aggregated_count": 2}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 55201, "scanner": "repobility-threat-engine", "fingerprint": "3c879bd775c3389ef491e1d2b82d440e0795be16e22b19eafe12ec0411e15840", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c879bd775c3389ef491e1d2b82d440e0795be16e22b19eafe12ec0411e15840"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/output.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 55200, "scanner": "repobility-threat-engine", "fingerprint": "760edd7a259248d3b9c6618dbb9f79a27510308df66bead18f4cae144be0e139", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|760edd7a259248d3b9c6618dbb9f79a27510308df66bead18f4cae144be0e139"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/assets/build_assets/acknowledgements.rs"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 55199, "scanner": "repobility-threat-engine", "fingerprint": "a0de8bbd618345b47dbbe98464d3d09c3baed1ad5b895e81ce7865f637a113d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a0de8bbd618345b47dbbe98464d3d09c3baed1ad5b895e81ce7865f637a113d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/assets/assets_metadata.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 55198, "scanner": "repobility-threat-engine", "fingerprint": "330e42929a5c248fc895cf635b2a2264c388d68f96eeee14bca3aae26f23cede", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|330e42929a5c248fc895cf635b2a2264c388d68f96eeee14bca3aae26f23cede", "aggregated_count": 7}}}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 55193, "scanner": "repobility-dependency-currency", "fingerprint": "67d7a71699a35e7dda02253de975fe49b7e06df65b24b8b18c1a3847aee872f8", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|67d7a71699a35e7dda02253de975fe49b7e06df65b24b8b18c1a3847aee872f8", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 55192, "scanner": "repobility-dependency-currency", "fingerprint": "f0c49929fcbf980de14b857b1eaa63cd3584df4b6a93d0e7a09beceff46f6866", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|f0c49929fcbf980de14b857b1eaa63cd3584df4b6a93d0e7a09beceff46f6866", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/require-changelog-for-PRs.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 55262, "scanner": "osv-scanner", "fingerprint": "ecf03719cba11dc3021f6f045a4725323caba565b5c4335f1e9e69c1239125b5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 55261, "scanner": "osv-scanner", "fingerprint": "8fbc5a1c014c8625f86693594a0d4e2d66a09e4b86712dd6d97944a8245207c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 55260, "scanner": "osv-scanner", "fingerprint": "61a3e0bc213f1a0dc35f01ef43396592bd57d52bb1c134b4f4c91818bde6a20a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 55259, "scanner": "osv-scanner", "fingerprint": "1be6ece4314d1968bd9699397d83e5ca79f9be4c829452b6dab0467567727dd7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 55258, "scanner": "osv-scanner", "fingerprint": "2a56c107b70e55391c17dbe1a166cf7616e15bc6d821b412a4211d4d2f36f706", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 55257, "scanner": "osv-scanner", "fingerprint": "d819dbd57d025229e30062d276536236d1522159a7062ebd87aab00df422f15a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 55256, "scanner": "osv-scanner", "fingerprint": "eff1a4ac19382e7aa8574f7b091f920aafcd0098f6fb9d3e43b88e2774058ddb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 55255, "scanner": "osv-scanner", "fingerprint": "32c4be876d66f592232f2e7cb018984987ec45866d06159ef47b324f8f586843", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 55254, "scanner": "osv-scanner", "fingerprint": "aa495d5310259dc654e46a74e1f4117b35d758cb5669f946774287c81da67fd3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 55253, "scanner": "osv-scanner", "fingerprint": "ad0f18fe563cafad31b6f9a44b13983197a58cc261801d4c706d4a10b0ce3e0a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 55252, "scanner": "osv-scanner", "fingerprint": "60a00a9a6093c0fd2daed13becf0346302053654f1f4d851b669732ac0f2a1ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 55251, "scanner": "osv-scanner", "fingerprint": "5046ca95bac1cbe03fb2f582dbca0dc270b215c393a0b44037aa36b2a3c5a998", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 55250, "scanner": "osv-scanner", "fingerprint": "dcc2c7331427ec35ef8e3e421fbff670a7a3f4764a3af587f2e33deb05c04ca4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 55249, "scanner": "osv-scanner", "fingerprint": "8881bb5519365720fdfd2a5c8a06532c04d8186e910fc8e37f6ee6da8bc98fa8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 55248, "scanner": "osv-scanner", "fingerprint": "e87ee912c286c918cd98f9238a36486eb1aca3b08527955e87104be4f06fd483", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 55247, "scanner": "osv-scanner", "fingerprint": "5b387e57eb81afbaa862135c331d43b530f2bcdfceb2f2e884fb1ea42017faaa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 55246, "scanner": "osv-scanner", "fingerprint": "5ffb10c14d242f84b783ff3b9de4faa4079b1ff265c3a222b054a8ed074c3164", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 55245, "scanner": "osv-scanner", "fingerprint": "79640af2ae77d241065f6b3bf7ff9bb8f55409a02c081c9df038151f1a605edb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 55244, "scanner": "osv-scanner", "fingerprint": "adb4dfb25a9126da43e44e2fda5804c23453fed394637df3a0f7350fb9baf043", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 55243, "scanner": "osv-scanner", "fingerprint": "b698aa7e56e240bd11be7290e9b1b87048ec0965dc95451e2bd0335d81715701", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 55242, "scanner": "osv-scanner", "fingerprint": "21223b653c3aa9353611199f6f802db392d229c453c76aea78aed6e0423cba3f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 55241, "scanner": "osv-scanner", "fingerprint": "958d9b109b0b5dfd450e34cae474d1eff124d754efd561e0ac9fcf4ec1a9a23f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 55240, "scanner": "osv-scanner", "fingerprint": "e31aadd790467fca05ce156d5c4c4f50e0e9f15bebb9c37b9296b5299b2dd668", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 55239, "scanner": "osv-scanner", "fingerprint": "6b4dd3d891300d3c171237c4f14469cc7ec8bcffff9534182b2b7fa2861fe418", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 55238, "scanner": "osv-scanner", "fingerprint": "22a16630d8463488e863be077afded3d9b20798e65174874bfcb99fa90ae1ad2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 55237, "scanner": "osv-scanner", "fingerprint": "c7e5e884f6c9a241e92c67fe4c987a954221d724dd76b82593fb2602aadadd22", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 55236, "scanner": "osv-scanner", "fingerprint": "2f11aa789f94c463079f9072d8432abebdf523781bbaf59c2c01234732e13ae9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 55235, "scanner": "osv-scanner", "fingerprint": "5ee5d89ae89a789ef3bb41bf242cce7c3f2ee5ebe0869cbed807b2442d63e331", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 55234, "scanner": "osv-scanner", "fingerprint": "78705055a5134e6b92a5cb405186a08fa146b57f54a364d09f5a445b18a8d864", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 55233, "scanner": "osv-scanner", "fingerprint": "76e9ba365e40532dcd008d36403786b777bff53fb3465ff67a3249953ebc2ae7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 55232, "scanner": "osv-scanner", "fingerprint": "fbc981e3ce00ea3a12c6ccd407047d199fa5683c71d6e30c5c17a16b622c80cd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 55231, "scanner": "osv-scanner", "fingerprint": "20d7eeb322bc2251e180a60f9d0de63f8b4e41a3ab0101c6667fd5122e2f6d89", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 55230, "scanner": "osv-scanner", "fingerprint": "ce2b441794c14b8e08d868dc2ec28d8c4a3e123ad2af2010f6f6eb3b6b9725a8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 55229, "scanner": "osv-scanner", "fingerprint": "028bf0be6c79caef4ea0075a82dbdf542b88391763495f0c61ead8d275bb5885", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 55228, "scanner": "osv-scanner", "fingerprint": "f39a3bdda9edfa964c4f4221a989a586f4de9c2d465182425eb587b1980164bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 55227, "scanner": "osv-scanner", "fingerprint": "bc8a006aa4f7f928d1cc885851ff3c55326123655468fdcecd3187d724cf17e7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x2qx-6953-8485", "level": "error", "message": {"text": "gitpython: GHSA-x2qx-6953-8485"}, "properties": {"repobilityId": 55226, "scanner": "osv-scanner", "fingerprint": "6672200b6de215d86c6bf637ea1ca98bece16b5a7575b53eb893354f45a5200c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-42284"], "package": "gitpython", "rule_id": "GHSA-x2qx-6953-8485", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2026-42284|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-x2qx-6953-8485"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6672200b6de215d86c6bf637ea1ca98bece16b5a7575b53eb893354f45a5200c", "f5e7c218af0adbf0199577f05d63d4cf151b7e26ad2a5292ddc8192b98c41a77"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v87r-6q3f-2j67", "level": "error", "message": {"text": "gitpython: GHSA-v87r-6q3f-2j67"}, "properties": {"repobilityId": 55225, "scanner": "osv-scanner", "fingerprint": "0db67625bab05335ffd24a4a5717b15f9312576d19a96f5bf70c1c6ee8c62223", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44244"], "package": "gitpython", "rule_id": "GHSA-v87r-6q3f-2j67", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2026-44244|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-v87r-6q3f-2j67"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0db67625bab05335ffd24a4a5717b15f9312576d19a96f5bf70c1c6ee8c62223", "a2c8a36988925c72b3fc0b026ad638c79db463a081384511510ededb26fd85e3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mv93-w799-cj2w", "level": "error", "message": {"text": "gitpython: GHSA-mv93-w799-cj2w"}, "properties": {"repobilityId": 55223, "scanner": "osv-scanner", "fingerprint": "c1577a35da67a0e8a7bc8bf26ef51eeb8d6a698cdd625c99dd1418acc3ef9809", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "package": "gitpython", "rule_id": "GHSA-mv93-w799-cj2w", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2026-42215|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mv93-w799-cj2w"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3a0c240ed7ea39c330408f67af593fb2d39b3744b551d4d7f4c22f3df6174c65", "c1577a35da67a0e8a7bc8bf26ef51eeb8d6a698cdd625c99dd1418acc3ef9809"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7545-fcxq-7j24", "level": "error", "message": {"text": "gitpython: GHSA-7545-fcxq-7j24"}, "properties": {"repobilityId": 55222, "scanner": "osv-scanner", "fingerprint": "8c2b924eb7c4ff5b48cbcda3af592d87cd9ba0afc4a3939728336cb3e8df93bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44243"], "package": "gitpython", "rule_id": "GHSA-7545-fcxq-7j24", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2026-44243|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-7545-fcxq-7j24"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2cb78b06ab53226bc2ac386a765a960118397097fe71798346f6a8aecf47a22c", "8c2b924eb7c4ff5b48cbcda3af592d87cd9ba0afc4a3939728336cb3e8df93bf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mqj-m65w-jghx", "level": "error", "message": {"text": "gitpython: GHSA-2mqj-m65w-jghx"}, "properties": {"repobilityId": 55221, "scanner": "osv-scanner", "fingerprint": "79ef052cd5390dddb7449b71a70a01f6ac5cb8324a5c2919cebe30bfac582992", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-22190", "PYSEC-2024-4"], "package": "gitpython", "rule_id": "GHSA-2mqj-m65w-jghx", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2024-22190|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-2mqj-m65w-jghx"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["01715ce42ae33db8c44c4cc97deba5edcdc325c106fcd1ca2c043067a6c2b5c1", "79ef052cd5390dddb7449b71a70a01f6ac5cb8324a5c2919cebe30bfac582992"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-165", "level": "error", "message": {"text": "gitpython: PYSEC-2023-165"}, "properties": {"repobilityId": 55220, "scanner": "osv-scanner", "fingerprint": "51512cf53190ee9f86f78b30071961119de31e0a4daa480d02262551dff8f729", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-41040", "GHSA-cwvm-v4w8-q58c"], "package": "gitpython", "rule_id": "PYSEC-2023-165", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2023-41040|token", "duplicate_count": 3, "duplicate_rule_ids": ["GHSA-cwvm-v4w8-q58c", "PYSEC-2023-165"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1963b693d1f6f5ae814e3149104715a6151a51b8f607c50f657d7106010ac233", "200032a6f5ce0170ecbd98239e88a506f71d5c73d04a988964a8c1c050747330", "51512cf53190ee9f86f78b30071961119de31e0a4daa480d02262551dff8f729", "cfc91e077dad56d0f067ea03a1af51605ca47e7b8af5c4d66fefa057d83bedf8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-161", "level": "error", "message": {"text": "gitpython: PYSEC-2023-161"}, "properties": {"repobilityId": 55219, "scanner": "osv-scanner", "fingerprint": "baea67c7c9d36cb37dff9f6f359130767c4d1c00ab6d9880f9154aff4ff5c483", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-40590", "GHSA-wfm5-v35h-vwf4"], "package": "gitpython", "rule_id": "PYSEC-2023-161", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2023-40590|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-wfm5-v35h-vwf4", "PYSEC-2023-161", "PYSEC-2024-4"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7785c6c8bfbd9eb5e7ae8e461c073c6824491121813653c3a7f5f6f703a718be", "8805db7273c64874ab355cc06117a643a7df2beb6a678f3570eb7de7f59a8e28", "b318a933b43bf1f5df5da8d93f8c69dec94b0ad7f76be0997603de5f0c347b87", "b434a9e637c629be5befb0e11dbb526143ae1b27ae1ab748cdfe4609f8d2f89b", "baea67c7c9d36cb37dff9f6f359130767c4d1c00ab6d9880f9154aff4ff5c483", "f98cbfac4a962f30081d9d5d2a46e769b7251b84f9c9953209ee3b46f084b401"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-117", "level": "error", "message": {"text": "pygments: PYSEC-2023-117"}, "properties": {"repobilityId": 55216, "scanner": "osv-scanner", "fingerprint": "1a5d6a4e39dd12e00f0426fc3b5f1c561d4b1974434ff045f6bf527ef40bebc8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2022-40896", "GHSA-mrwq-x4v8-fh7p"], "package": "pygments", "rule_id": "PYSEC-2023-117", "scanner": "osv-scanner", "correlation_key": "vuln|pygments|CVE-2022-40896|token", "duplicate_count": 3, "duplicate_rule_ids": ["GHSA-mrwq-x4v8-fh7p", "PYSEC-2023-117"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0e421aee4b6ef35ad12a6be10aa3e40929ecca232a9942edfc9ddffa2259ffee", "1a5d6a4e39dd12e00f0426fc3b5f1c561d4b1974434ff045f6bf527ef40bebc8", "5ce2125af3cf45966f9ac7b7263baca4d0d4d38ad64fd6ea63f1985c1469d427", "e467f23c205f7c6245a699fbd489c6f08adbde6dcf118eb51f7149c950fcaced"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-66", "level": "error", "message": {"text": "jinja2: PYSEC-2021-66"}, "properties": {"repobilityId": 55211, "scanner": "osv-scanner", "fingerprint": "1364bd0ab75e5b690330e944f96aa09ae1de6ed21feea03238e09b05c70d6fb8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2020-28493", "GHSA-g3rq-g295-4j3m", "SNYK-PYTHON-JINJA2-1012994"], "package": "jinja2", "rule_id": "PYSEC-2021-66", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2020-28493|token", "duplicate_count": 3, "duplicate_rule_ids": ["GHSA-g3rq-g295-4j3m", "PYSEC-2021-66"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1364bd0ab75e5b690330e944f96aa09ae1de6ed21feea03238e09b05c70d6fb8", "13a187a3f664e1779d83f5fc06dbd944b9456141a611663d9421787dceac894c", "454348c6a848c86f0ce78e8bd823980b6d303c565bb53cf161d4ad0400b0c8ea", "5ef3d8d7b370b2161fe3ea844047547df4e3c9678bfab4ca4f06ebc8589cbe86"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2019-217", "level": "error", "message": {"text": "jinja2: PYSEC-2019-217"}, "properties": {"repobilityId": 55210, "scanner": "osv-scanner", "fingerprint": "5bfcff2f31fe329982c0a85fe3111d2080dd6fb0cd4c336f4eb942d8861f644e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2019-10906", "GHSA-462w-v97r-4m45"], "package": "jinja2", "rule_id": "PYSEC-2019-217", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2019-10906|token", "duplicate_count": 3, "duplicate_rule_ids": ["GHSA-462w-v97r-4m45", "PYSEC-2019-217"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4ad1d8637a3ee945db4c5ceb6ccb3f7b0050aa1ddfd60b87b810d4f6768e5a80", "5bfcff2f31fe329982c0a85fe3111d2080dd6fb0cd4c336f4eb942d8861f644e", "e40fff4521dc4e6e7f62ac347e88feb31d4bbe21750464e35b4a072b8960f0af", "e83d38a876caba6b29572d267c54de07fde4800eb20ff86867e3bb693ef9c7ba"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0320", "level": "error", "message": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "properties": {"repobilityId": 55209, "scanner": "osv-scanner", "fingerprint": "70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "yaml-rust", "rule_id": "RUSTSEC-2024-0320", "scanner": "osv-scanner", "correlation_key": "fp|70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 55208, "scanner": "osv-scanner", "fingerprint": "634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 55197, "scanner": "repobility-threat-engine", "fingerprint": "539535a4a3e83396ac20ed1e43b2e1a80b4ab7e53dfe64a78c5aba1e7fa476a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|539535a4a3e83396ac20ed1e43b2e1a80b4ab7e53dfe64a78c5aba1e7fa476a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cat.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 55196, "scanner": "repobility-threat-engine", "fingerprint": "8eb754e4dbc06c18c78586ff4006841122b26137f11d2f3106cd3582d6a0a385", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8eb754e4dbc06c18c78586ff4006841122b26137f11d2f3106cd3582d6a0a385"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/buffer.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 55195, "scanner": "repobility-threat-engine", "fingerprint": "a3d1a1a82b6bff1f8dc35d8dc53bdeede519d23c3ce322423ab51a3eb7e51ca8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a3d1a1a82b6bff1f8dc35d8dc53bdeede519d23c3ce322423ab51a3eb7e51ca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/advanced.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 55179, "scanner": "repobility-supply-chain", "fingerprint": "a4869e8c99c0c28deabe9621c76448b62659134a52d7f7f37521c1d3f1d25b13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a4869e8c99c0c28deabe9621c76448b62659134a52d7f7f37521c1d3f1d25b13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 445}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 55178, "scanner": "repobility-supply-chain", "fingerprint": "cb426e5508344787851afc71b8bb09637f8bef0c516d292ed184704af0179b7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb426e5508344787851afc71b8bb09637f8bef0c516d292ed184704af0179b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 431}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 55177, "scanner": "repobility-supply-chain", "fingerprint": "42b456d41047d52b97cd3134e8fe5b7740656e03247f67dc06beb612e449c005", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42b456d41047d52b97cd3134e8fe5b7740656e03247f67dc06beb612e449c005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 55176, "scanner": "repobility-supply-chain", "fingerprint": "fda5dc2c29e432e8d72cf3829a05c4ede0919a241d1fbe51312bd6743286a0dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fda5dc2c29e432e8d72cf3829a05c4ede0919a241d1fbe51312bd6743286a0dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55175, "scanner": "repobility-supply-chain", "fingerprint": "af20dbe58e29e9291dbcf1e31b0b6e861604ddda13129357168f4a6f9c56f564", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af20dbe58e29e9291dbcf1e31b0b6e861604ddda13129357168f4a6f9c56f564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55174, "scanner": "repobility-supply-chain", "fingerprint": "396a8bbacdb8b2e79e6b3b592fc5f38c95f1e26a5e80805c9cf58e4af62f3b05", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|396a8bbacdb8b2e79e6b3b592fc5f38c95f1e26a5e80805c9cf58e4af62f3b05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 55173, "scanner": "repobility-supply-chain", "fingerprint": "c58092c4cd7ec85e1f3015f75e314e85f59685aa2e9f3e39e5b32bb1669872e8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c58092c4cd7ec85e1f3015f75e314e85f59685aa2e9f3e39e5b32bb1669872e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55172, "scanner": "repobility-supply-chain", "fingerprint": "2ec91862db11191b123cd12fcd822d3e0df00b57e0a05a43b8af794208e5dc11", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ec91862db11191b123cd12fcd822d3e0df00b57e0a05a43b8af794208e5dc11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 55171, "scanner": "repobility-supply-chain", "fingerprint": "86ff10b29684520c1dc417905312bc777cd4be79d6bb2f16e5e681a47047c4bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86ff10b29684520c1dc417905312bc777cd4be79d6bb2f16e5e681a47047c4bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55170, "scanner": "repobility-supply-chain", "fingerprint": "582a73bf3e85a1540d28f3dd9d8a40427b926294f9e635b64861c7ce57ea9599", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|582a73bf3e85a1540d28f3dd9d8a40427b926294f9e635b64861c7ce57ea9599"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 55169, "scanner": "repobility-supply-chain", "fingerprint": "1e70c5380dabb582b0052bc4e6fc65f0062fd7b992cebbfc261d7f7f9103025d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e70c5380dabb582b0052bc4e6fc65f0062fd7b992cebbfc261d7f7f9103025d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55168, "scanner": "repobility-supply-chain", "fingerprint": "7d2985a91570abb8408166cb8ed1a1a269ac05eed2773a4c85b75e6085432540", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d2985a91570abb8408166cb8ed1a1a269ac05eed2773a4c85b75e6085432540"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55167, "scanner": "repobility-supply-chain", "fingerprint": "d0249f4f170586e6e7bd162855da3d445311614ce584df21e2f4759c0e6f3539", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d0249f4f170586e6e7bd162855da3d445311614ce584df21e2f4759c0e6f3539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 55166, "scanner": "repobility-supply-chain", "fingerprint": "87f80297a3680aec902798cb8d64aeaed425657e6c1a69fcaf17852077a75a6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87f80297a3680aec902798cb8d64aeaed425657e6c1a69fcaf17852077a75a6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55165, "scanner": "repobility-supply-chain", "fingerprint": "074df6a7c4be1806ff29f953abdf8fe62c86b85c57f101817135be246563b19b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|074df6a7c4be1806ff29f953abdf8fe62c86b85c57f101817135be246563b19b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55164, "scanner": "repobility-supply-chain", "fingerprint": "c52c7ba32ee3a6fcdf78018e620fcd102fdac0458b2f285dd16711a7efed5de3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c52c7ba32ee3a6fcdf78018e620fcd102fdac0458b2f285dd16711a7efed5de3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 55163, "scanner": "repobility-supply-chain", "fingerprint": "74ccd7ca2afbe6bea6483517ddbe62fe5729f3d7a92e605925a9e13fb486eb4c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|74ccd7ca2afbe6bea6483517ddbe62fe5729f3d7a92e605925a9e13fb486eb4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55162, "scanner": "repobility-supply-chain", "fingerprint": "b4b8106cb56c3a6ab29afaba4cc11af851be51b9dbc9f6fc4e74b93848333829", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b4b8106cb56c3a6ab29afaba4cc11af851be51b9dbc9f6fc4e74b93848333829"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 55161, "scanner": "repobility-supply-chain", "fingerprint": "e7f421710932586011ffc7993830c6cd7ed37a18c052d24c7eb614bc5f0d5880", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e7f421710932586011ffc7993830c6cd7ed37a18c052d24c7eb614bc5f0d5880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/require-changelog-for-PRs.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `https://github.com/pallets/click/archive/7.0.zip#e...` (git/URL)"}, "properties": {"repobilityId": 55160, "scanner": "repobility-supply-chain", "fingerprint": "f4e47e9804a37685f36d74ebbbf4f5601497e3c81e4a86799a9cdac6011131c9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f4e47e9804a37685f36d74ebbbf4f5601497e3c81e4a86799a9cdac6011131c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `-e bzr+https://bzr.myproject.org/MyProject/trunk@2...` (git/URL)"}, "properties": {"repobilityId": 55159, "scanner": "repobility-supply-chain", "fingerprint": "9140e8d5152f494a92720d48c7c0469435e668ea7edad6ae9e12bb6ae40ec1c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9140e8d5152f494a92720d48c7c0469435e668ea7edad6ae9e12bb6ae40ec1c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `-e bzr+ssh://user@myproject.org/MyProject/trunk#eg...` (git/URL)"}, "properties": {"repobilityId": 55158, "scanner": "repobility-supply-chain", "fingerprint": "1339900b185dd4276c11bb726299c256af693a546f86bd97002f92be5ee28c96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1339900b185dd4276c11bb726299c256af693a546f86bd97002f92be5ee28c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `-e svn+http://svn.myproject.org/svn/MyProject/trun...` (git/URL)"}, "properties": {"repobilityId": 55157, "scanner": "repobility-supply-chain", "fingerprint": "cacb17a7ed00627311305fb90655e69b5f6041fc7e51b13e54c066c4e073bbc5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cacb17a7ed00627311305fb90655e69b5f6041fc7e51b13e54c066c4e073bbc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `-e hg+http://hg.myproject.org/MyProject@da39a3ee5e...` (git/URL)"}, "properties": {"repobilityId": 55156, "scanner": "repobility-supply-chain", "fingerprint": "6e825a52133ad613624c993bde19f79f801d2d9b7b16d5433ec918598bde241e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e825a52133ad613624c993bde19f79f801d2d9b7b16d5433ec918598bde241e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `-e hg+https://hg.myproject.org/MyProject#egg=MyPro...` (git/URL)"}, "properties": {"repobilityId": 55155, "scanner": "repobility-supply-chain", "fingerprint": "76746554c213454a0f9e856292819d397bb803f67478c17e8f67eb3130e7d455", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76746554c213454a0f9e856292819d397bb803f67478c17e8f67eb3130e7d455"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `-e git+git://git.myproject.org/MyProject#egg=MyPro...` (git/URL)"}, "properties": {"repobilityId": 55154, "scanner": "repobility-supply-chain", "fingerprint": "90245e25ae40c93ca99309d6261f4bdec7d556e66336bbda6762cccf3c035380", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90245e25ae40c93ca99309d6261f4bdec7d556e66336bbda6762cccf3c035380"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `pip @ https://github.com/pypa/pip/archive/1.3.1.zi...` (git/URL)"}, "properties": {"repobilityId": 55153, "scanner": "repobility-supply-chain", "fingerprint": "4119114663290ba72637555ce8623cf3ab40309a8fb8229f295bb87147987761", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4119114663290ba72637555ce8623cf3ab40309a8fb8229f295bb87147987761"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/syntax-tests/source/Requirements.txt/requirements.txt"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.three` used but never assigned in __init__"}, "properties": {"repobilityId": 55141, "scanner": "repobility-ast-engine", "fingerprint": "9d95a4a7cc831c03c132a335ed70fc9585defd4eacb45352b70463d8aae0bd16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d95a4a7cc831c03c132a335ed70fc9585defd4eacb45352b70463d8aae0bd16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.three` used but never assigned in __init__"}, "properties": {"repobilityId": 55140, "scanner": "repobility-ast-engine", "fingerprint": "2a8ed96b4b30a3c21f2231596eb7e90237db226200383f6415fed7578c285726", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a8ed96b4b30a3c21f2231596eb7e90237db226200383f6415fed7578c285726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.two` used but never assigned in __init__"}, "properties": {"repobilityId": 55139, "scanner": "repobility-ast-engine", "fingerprint": "4984445a379fed14c9cca7d4f3b6be63bfc828ba8e4fe045815c994b2a84df65", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4984445a379fed14c9cca7d4f3b6be63bfc828ba8e4fe045815c994b2a84df65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.one` used but never assigned in __init__"}, "properties": {"repobilityId": 55138, "scanner": "repobility-ast-engine", "fingerprint": "3e8b6c09324ac141fcc4bd43e0bdaf4be8558c42682339300bf30d6106041f9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e8b6c09324ac141fcc4bd43e0bdaf4be8558c42682339300bf30d6106041f9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55137, "scanner": "repobility-ast-engine", "fingerprint": "94db25680a31e928f1074d2dae4fae5795e2ba10e8aedb18321c182cf54ca422", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94db25680a31e928f1074d2dae4fae5795e2ba10e8aedb18321c182cf54ca422"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55136, "scanner": "repobility-ast-engine", "fingerprint": "7533df95f78fc0b1a7cda092dcad6b6dc6eb0072762954b9b4e8f520abe427b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7533df95f78fc0b1a7cda092dcad6b6dc6eb0072762954b9b4e8f520abe427b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55135, "scanner": "repobility-ast-engine", "fingerprint": "82cffb5429d292ac755e362efb984618a78c70d8d8c5e9a707aad79015314787", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82cffb5429d292ac755e362efb984618a78c70d8d8c5e9a707aad79015314787"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55134, "scanner": "repobility-ast-engine", "fingerprint": "47155b8c6fe13d476f4d3d68dfc4c24cd4d449edbd8a402a816b3c3aa4e3ce05", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47155b8c6fe13d476f4d3d68dfc4c24cd4d449edbd8a402a816b3c3aa4e3ce05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55133, "scanner": "repobility-ast-engine", "fingerprint": "d33387ebafe274f9e9149128974134fb1c50fcd6a5c4bdf16cb431c6412be14e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d33387ebafe274f9e9149128974134fb1c50fcd6a5c4bdf16cb431c6412be14e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55132, "scanner": "repobility-ast-engine", "fingerprint": "07d03962b92233ee6a9172abc82ff706e87ea65065ebcc33329c68a9b944b9c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07d03962b92233ee6a9172abc82ff706e87ea65065ebcc33329c68a9b944b9c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55131, "scanner": "repobility-ast-engine", "fingerprint": "737c0e735029345bacca316536594d8e79bbd16b5baa08df0a97861a24362bcc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|737c0e735029345bacca316536594d8e79bbd16b5baa08df0a97861a24362bcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55130, "scanner": "repobility-ast-engine", "fingerprint": "f2665c28b46209897c007187017a1d3172fd724ee0f24b111b6b3e2dd82ddbcb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2665c28b46209897c007187017a1d3172fd724ee0f24b111b6b3e2dd82ddbcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55129, "scanner": "repobility-ast-engine", "fingerprint": "a7406bce3a62c182e4b3019da86fd8a3daf49c4a6220eb5be83e0dd51564926b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7406bce3a62c182e4b3019da86fd8a3daf49c4a6220eb5be83e0dd51564926b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55128, "scanner": "repobility-ast-engine", "fingerprint": "5d5d59ebc7a16bf907b906a4b7fb0f9e6bec5bed05752d20d75ea04e0e072b51", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d5d59ebc7a16bf907b906a4b7fb0f9e6bec5bed05752d20d75ea04e0e072b51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55127, "scanner": "repobility-ast-engine", "fingerprint": "92d927b2fe6927ca1447455264bc67a7093cdca5aa12529a7e9bbc69b016c01c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|92d927b2fe6927ca1447455264bc67a7093cdca5aa12529a7e9bbc69b016c01c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55126, "scanner": "repobility-ast-engine", "fingerprint": "9a531f233e175c1e8b7b93302452b879cd14514b019e1dd2ad68bd4689b0c44f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a531f233e175c1e8b7b93302452b879cd14514b019e1dd2ad68bd4689b0c44f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55125, "scanner": "repobility-ast-engine", "fingerprint": "1cfecf8596354131c8c29a29e2bb319810f97f8a8923e86ca47ccf472be2eb05", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1cfecf8596354131c8c29a29e2bb319810f97f8a8923e86ca47ccf472be2eb05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55124, "scanner": "repobility-ast-engine", "fingerprint": "f05de752da538b1ea4d6ef1438cd442d889dd218e0459db46c3b7a6fba4b6f08", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f05de752da538b1ea4d6ef1438cd442d889dd218e0459db46c3b7a6fba4b6f08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55123, "scanner": "repobility-ast-engine", "fingerprint": "731c90246d6e577d74f3277e22c28a9441e6ef3f4f2f74b8aa80d15074346731", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|731c90246d6e577d74f3277e22c28a9441e6ef3f4f2f74b8aa80d15074346731"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.arr` used but never assigned in __init__"}, "properties": {"repobilityId": 55122, "scanner": "repobility-ast-engine", "fingerprint": "b2cdcb93b7e0581b40d0fca78f3cee887f923ef51a37102140a16f88f05a28ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2cdcb93b7e0581b40d0fca78f3cee887f923ef51a37102140a16f88f05a28ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55121, "scanner": "repobility-ast-engine", "fingerprint": "01c9de5e0a143dd9522c2d6a19d9cb8545f979d800e093a41b481ca517877512", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01c9de5e0a143dd9522c2d6a19d9cb8545f979d800e093a41b481ca517877512"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55120, "scanner": "repobility-ast-engine", "fingerprint": "8aeeafeddb9d9e55f55fa56bd44b946967676436e1aa7220734f329fd5e213f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aeeafeddb9d9e55f55fa56bd44b946967676436e1aa7220734f329fd5e213f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55119, "scanner": "repobility-ast-engine", "fingerprint": "32d2be74eb769b16c0a703f1fcc57d7d47d00d9c38b9dca6b205f7942b928ff0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32d2be74eb769b16c0a703f1fcc57d7d47d00d9c38b9dca6b205f7942b928ff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55118, "scanner": "repobility-ast-engine", "fingerprint": "15dab3d39dcae747d60b5c5ea73c2efc8567ef4bd248e378259b87a857db5876", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15dab3d39dcae747d60b5c5ea73c2efc8567ef4bd248e378259b87a857db5876"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.a` used but never assigned in __init__"}, "properties": {"repobilityId": 55117, "scanner": "repobility-ast-engine", "fingerprint": "fca34a51224da32f18341976e17116b62e75b2d28dd9622fffd36709a050649b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fca34a51224da32f18341976e17116b62e75b2d28dd9622fffd36709a050649b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dtypeattr"}, "properties": {"repobilityId": 55115, "scanner": "repobility-ast-engine", "fingerprint": "e78b43526cef03e506027bb72ae9fa0872fd4ea9c4db42a2f523cdc4e322b254", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e78b43526cef03e506027bb72ae9fa0872fd4ea9c4db42a2f523cdc4e322b254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_attributes"}, "properties": {"repobilityId": 55114, "scanner": "repobility-ast-engine", "fingerprint": "e7b781ab70a0e75ac168d18087b1a7c738d7ca7c8d403d99d7f43018819965cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7b781ab70a0e75ac168d18087b1a7c738d7ca7c8d403d99d7f43018819965cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_int"}, "properties": {"repobilityId": 55113, "scanner": "repobility-ast-engine", "fingerprint": "bed8b514f16c5e6ce90b740564c11251f0c768095225dcd92ddcf3fbd7864413", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bed8b514f16c5e6ce90b740564c11251f0c768095225dcd92ddcf3fbd7864413"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_void_align"}, "properties": {"repobilityId": 55112, "scanner": "repobility-ast-engine", "fingerprint": "1c9235dd759a6cb68964f4dc20af3deaab1ef24ab2fed48e4d45bb2678de288e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c9235dd759a6cb68964f4dc20af3deaab1ef24ab2fed48e4d45bb2678de288e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_string_align"}, "properties": {"repobilityId": 55111, "scanner": "repobility-ast-engine", "fingerprint": "99e5c67545065e12aef2084575edbfeb4797997b34e0f91aea6252cd70258a7c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99e5c67545065e12aef2084575edbfeb4797997b34e0f91aea6252cd70258a7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_otherflags"}, "properties": {"repobilityId": 55110, "scanner": "repobility-ast-engine", "fingerprint": "07dc4e7750f22d8ae40825890a674aeb2c181808d2517e5cc1b077f9cc8fc12b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07dc4e7750f22d8ae40825890a674aeb2c181808d2517e5cc1b077f9cc8fc12b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_warnonwrite"}, "properties": {"repobilityId": 55109, "scanner": "repobility-ast-engine", "fingerprint": "74257573368de6f82c31579c534496b9513197167da96d0d9e11ee0a21c902e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74257573368de6f82c31579c534496b9513197167da96d0d9e11ee0a21c902e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_writeable_pickle"}, "properties": {"repobilityId": 55108, "scanner": "repobility-ast-engine", "fingerprint": "d837129de92dd4679f1eaecffb4b00d8477d36f91f45d56cc9bf7b5565a34694", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d837129de92dd4679f1eaecffb4b00d8477d36f91f45d56cc9bf7b5565a34694"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_writeable_from_buffer"}, "properties": {"repobilityId": 55107, "scanner": "repobility-ast-engine", "fingerprint": "4d97c8871a55584cafcdf5a21b12a986c1ce6e159f1091e557eb419de3e5c0a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d97c8871a55584cafcdf5a21b12a986c1ce6e159f1091e557eb419de3e5c0a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_writeable_from_readonly"}, "properties": {"repobilityId": 55106, "scanner": "repobility-ast-engine", "fingerprint": "a03aff0f65452541d3b7575091068726f336718eb5d11be81fe8efb3479d0ba0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a03aff0f65452541d3b7575091068726f336718eb5d11be81fe8efb3479d0ba0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_writeable_any_base"}, "properties": {"repobilityId": 55105, "scanner": "repobility-ast-engine", "fingerprint": "2fba30a52c25f08332e8362068e7d04d2d43b4a24bfa07ed008d7f92e871888b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fba30a52c25f08332e8362068e7d04d2d43b4a24bfa07ed008d7f92e871888b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_writeable"}, "properties": {"repobilityId": 55104, "scanner": "repobility-ast-engine", "fingerprint": "e2263e58bea056ba8868e40250be9515ee096073b909f88957b0802d3664f8a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2263e58bea056ba8868e40250be9515ee096073b909f88957b0802d3664f8a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_getfield"}, "properties": {"repobilityId": 55103, "scanner": "repobility-ast-engine", "fingerprint": "e75ffb1e1a4cc9253d5c2cbd29d9deb327af2b6f435b2a6700179407fb96a6ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e75ffb1e1a4cc9253d5c2cbd29d9deb327af2b6f435b2a6700179407fb96a6ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 8457}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_uintalignment_and_alignment"}, "properties": {"repobilityId": 55102, "scanner": "repobility-ast-engine", "fingerprint": "1ec27b9451df1802a51a177736134284aabaf205c9e2e6d519fd37705fb11a42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ec27b9451df1802a51a177736134284aabaf205c9e2e6d519fd37705fb11a42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 8350}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_npymath_real"}, "properties": {"repobilityId": 55101, "scanner": "repobility-ast-engine", "fingerprint": "239003b6aa3f29449e50f552381aaaeef1ae48089351f065b2f343ccf4c9ed16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|239003b6aa3f29449e50f552381aaaeef1ae48089351f065b2f343ccf4c9ed16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 8329}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_npymath_complex"}, "properties": {"repobilityId": 55100, "scanner": "repobility-ast-engine", "fingerprint": "b991030268cfdeebdbb384cbcf90700412c80a70339a34f4a3f8b6379a323649", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b991030268cfdeebdbb384cbcf90700412c80a70339a34f4a3f8b6379a323649"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 8310}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_equal_override"}, "properties": {"repobilityId": 55099, "scanner": "repobility-ast-engine", "fingerprint": "daf949c7636c99e9b6b7e82fc1dae87f7d8af3afc0638f1df33a1db68a9f9a39", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|daf949c7636c99e9b6b7e82fc1dae87f7d8af3afc0638f1df33a1db68a9f9a39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 8284}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_orderconverter_with_nonASCII_unicode_ordering"}, "properties": {"repobilityId": 55098, "scanner": "repobility-ast-engine", "fingerprint": "3a1f95f87d2a03bf82dac09aa3299604ff8e6a6bd8e9f39069dbf17fab0c5d68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a1f95f87d2a03bf82dac09aa3299604ff8e6a6bd8e9f39069dbf17fab0c5d68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 8278}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_scalar_element_deletion"}, "properties": {"repobilityId": 55097, "scanner": "repobility-ast-engine", "fingerprint": "995285650acf12ca865611d7ef38d7dda1faef45f1517eab70e33e721b9a34da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|995285650acf12ca865611d7ef38d7dda1faef45f1517eab70e33e721b9a34da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7461}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_flat_element_deletion"}, "properties": {"repobilityId": 55096, "scanner": "repobility-ast-engine", "fingerprint": "e3d4913d190381d6c9cd1593bbfba0247db451653796443c64f7b72e284a9c3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3d4913d190381d6c9cd1593bbfba0247db451653796443c64f7b72e284a9c3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7450}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_array_interface_offset"}, "properties": {"repobilityId": 55095, "scanner": "repobility-ast-engine", "fingerprint": "fdaab3d97d6294d9393f28162e6b6953c22220b6c324353737112a6b24a9b585", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fdaab3d97d6294d9393f28162e6b6953c22220b6c324353737112a6b24a9b585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7436}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_array_interface_empty_shape"}, "properties": {"repobilityId": 55094, "scanner": "repobility-ast-engine", "fingerprint": "dfab784be3200ca4261ebb4e3b8dc15c771d5d0268ab7a5a11839442d5b889ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dfab784be3200ca4261ebb4e3b8dc15c771d5d0268ab7a5a11839442d5b889ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7411}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_array_interface_itemsize"}, "properties": {"repobilityId": 55093, "scanner": "repobility-ast-engine", "fingerprint": "d81ccad4f9558842f25fe8f77c86c1f8ad5894c8f00c0771c5ae462ceb00c6b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d81ccad4f9558842f25fe8f77c86c1f8ad5894c8f00c0771c5ae462ceb00c6b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7401}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_interface_no_shape"}, "properties": {"repobilityId": 55092, "scanner": "repobility-ast-engine", "fingerprint": "2cf37b515ba40328d6f4835928e1b3fedf6c69ac68e13e2fb5883aba3d0be82b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2cf37b515ba40328d6f4835928e1b3fedf6c69ac68e13e2fb5883aba3d0be82b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7394}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_matmul_inplace"}, "properties": {"repobilityId": 55091, "scanner": "repobility-ast-engine", "fingerprint": "8472a5ffad5c448cfb11c1d00e7653cbb2d02a4da92ee925d5293e700d4a019e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8472a5ffad5c448cfb11c1d00e7653cbb2d02a4da92ee925d5293e700d4a019e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 6329}}}]}, {"ruleId": "GHSA-pr76-5cm5-w9cj", "level": "error", "message": {"text": "gitpython: GHSA-pr76-5cm5-w9cj"}, "properties": {"repobilityId": 55224, "scanner": "osv-scanner", "fingerprint": "c88519dc7e4f399d69249c0b4a2deb3a1c6ce014e19561c83639d345f50681b4", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-40267", "PYSEC-2023-137"], "package": "gitpython", "rule_id": "GHSA-pr76-5cm5-w9cj", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2023-40267|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pr76-5cm5-w9cj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["c88519dc7e4f399d69249c0b4a2deb3a1c6ce014e19561c83639d345f50681b4", "eddddea883b6117335c595d80c3e98765c4008ee83b4de065a28b24732895191"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hcpj-qp55-gfph", "level": "error", "message": {"text": "gitpython: GHSA-hcpj-qp55-gfph"}, "properties": {"repobilityId": 55218, "scanner": "osv-scanner", "fingerprint": "ee80c4e0ac3c6715bda24d3eeb4b046997a7c86a956566e8432be74eaa177449", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2022-24439", "PYSEC-2022-42992"], "package": "gitpython", "rule_id": "GHSA-hcpj-qp55-gfph", "scanner": "osv-scanner", "correlation_key": "vuln|gitpython|CVE-2022-24439|token", "duplicate_count": 5, "duplicate_rule_ids": ["GHSA-hcpj-qp55-gfph", "PYSEC-2022-42992", "PYSEC-2023-137"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["16f3bbc0cb5e1986d2a0b3d3e9f67156e018e30df6fc533e57a5835bc47042cb", "4173a8f29c843a23084a52d4e5ac7fa303fc9ac54bbbaa18b2c94b4e1d85ef4e", "77a4de913656adddd6bac675ad74393985ea1ded5a58064b8668aa565ce035aa", "b41ba34ee25685f8b72bc5d8102d5143cac1202187b00d8b5c8e7d14224c96ec", "e68f4c5f9335bce6309e0b8feb6b9ed797baed193265824b38e9aab6ace4c3fd", "ee80c4e0ac3c6715bda24d3eeb4b046997a7c86a956566e8432be74eaa177449"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "assets/syntaxes/02_Extra/syntax_test_requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.WINGET_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 55180, "scanner": "repobility-supply-chain", "fingerprint": "467b495f107d87540ca6c16608df8db387aacaf8ea95e8a6307e20218413eb8c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|467b495f107d87540ca6c16608df8db387aacaf8ea95e8a6307e20218413eb8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/CICD.yml"}, "region": {"startLine": 464}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 55116, "scanner": "repobility-ast-engine", "fingerprint": "8f8230dc73f01734ed420defc4dca2630b24a73659eecaf61d78578a8a096c55", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f8230dc73f01734ed420defc4dca2630b24a73659eecaf61d78578a8a096c55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py"}, "region": {"startLine": 7397}}}]}]}]}