{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-gc5v-m9x4-r6x2", "name": "requests: GHSA-gc5v-m9x4-r6x2", "shortDescription": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "fullDescription": {"text": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wx4-h78v-vm56", "name": "requests: GHSA-9wx4-h78v-vm56", "shortDescription": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "fullDescription": {"text": "Requests `Session` object does not verify requests after making first request with verify=False"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9hjg-9r4m-mvj7", "name": "requests: GHSA-9hjg-9r4m-mvj7", "shortDescription": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "fullDescription": {"text": "Requests vulnerable to .netrc credentials leak via malicious URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `moves` has cognitive complexity 8 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `moves` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5024", "name": "golang.org/x/sys: GO-2026-5024", "shortDescription": {"text": "golang.org/x/sys: GO-2026-5024"}, "fullDescription": {"text": "Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5030", "name": "golang.org/x/net: GO-2026-5030", "shortDescription": {"text": "golang.org/x/net: GO-2026-5030"}, "fullDescription": {"text": "Invoking duplicate attributes can cause XSS in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5029", "name": "golang.org/x/net: GO-2026-5029", "shortDescription": {"text": "golang.org/x/net: GO-2026-5029"}, "fullDescription": {"text": "Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5028", "name": "golang.org/x/net: GO-2026-5028", "shortDescription": {"text": "golang.org/x/net: GO-2026-5028"}, "fullDescription": {"text": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5027", "name": "golang.org/x/net: GO-2026-5027", "shortDescription": {"text": "golang.org/x/net: GO-2026-5027"}, "fullDescription": {"text": "Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5026", "name": "golang.org/x/net: GO-2026-5026", "shortDescription": {"text": "golang.org/x/net: GO-2026-5026"}, "fullDescription": {"text": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5025", "name": "golang.org/x/net: GO-2026-5025", "shortDescription": {"text": "golang.org/x/net: GO-2026-5025"}, "fullDescription": {"text": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4441", "name": "golang.org/x/net: GO-2026-4441", "shortDescription": {"text": "golang.org/x/net: GO-2026-4441"}, "fullDescription": {"text": "Infinite parsing loop in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4440", "name": "golang.org/x/net: GO-2026-4440", "shortDescription": {"text": "golang.org/x/net: GO-2026-4440"}, "fullDescription": {"text": "Quadratic parsing complexity in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5033", "name": "golang.org/x/crypto: GO-2026-5033", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5033"}, "fullDescription": {"text": "Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5023", "name": "golang.org/x/crypto: GO-2026-5023", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5023"}, "fullDescription": {"text": "Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5021", "name": "golang.org/x/crypto: GO-2026-5021", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5021"}, "fullDescription": {"text": "Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5020", "name": "golang.org/x/crypto: GO-2026-5020", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5020"}, "fullDescription": {"text": "Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5019", "name": "golang.org/x/crypto: GO-2026-5019", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5019"}, "fullDescription": {"text": "Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5018", "name": "golang.org/x/crypto: GO-2026-5018", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5018"}, "fullDescription": {"text": "Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5017", "name": "golang.org/x/crypto: GO-2026-5017", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5017"}, "fullDescription": {"text": "Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5016", "name": "golang.org/x/crypto: GO-2026-5016", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5016"}, "fullDescription": {"text": "Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5015", "name": "golang.org/x/crypto: GO-2026-5015", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5015"}, "fullDescription": {"text": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5014", "name": "golang.org/x/crypto: GO-2026-5014", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5014"}, "fullDescription": {"text": "Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5013", "name": "golang.org/x/crypto: GO-2026-5013", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5013"}, "fullDescription": {"text": "Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5006", "name": "golang.org/x/crypto: GO-2026-5006", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5006"}, "fullDescription": {"text": "Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5005", "name": "golang.org/x/crypto: GO-2026-5005", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5005"}, "fullDescription": {"text": "Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4135", "name": "golang.org/x/crypto: GO-2025-4135", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4135"}, "fullDescription": {"text": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4134", "name": "golang.org/x/crypto: GO-2025-4134", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4134"}, "fullDescription": {"text": "Unbounded memory consumption in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4116", "name": "golang.org/x/crypto: GO-2025-4116", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4116"}, "fullDescription": {"text": "Potential denial of service in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3922", "name": "github.com/ulikunitz/xz: GO-2025-3922", "shortDescription": {"text": "github.com/ulikunitz/xz: GO-2025-3922"}, "fullDescription": {"text": "Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-74", "name": "requests: PYSEC-2023-74", "shortDescription": {"text": "requests: PYSEC-2023-74"}, "fullDescription": {"text": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-node` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.module` used but never assigned in __init__", "shortDescription": {"text": "`self.module` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_has_resource` of class `TestTerraformModule` reads `self.module`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1348"}, "properties": {"repository": "terraform-google-modules/terraform-google-project-factory", "repoUrl": "https://github.com/terraform-google-modules/terraform-google-project-factory", "branch": "main"}, "results": [{"ruleId": "GHSA-gc5v-m9x4-r6x2", "level": "warning", "message": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "properties": {"repobilityId": 137675, "scanner": "osv-scanner", "fingerprint": "71503fd2b93c3a48ea98e8e5fde2d02f433ac987428459f9c48636287f3f745c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25645"], "package": "requests", "rule_id": "GHSA-gc5v-m9x4-r6x2", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2026-25645|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/preconditions/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wx4-h78v-vm56", "level": "warning", "message": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "properties": {"repobilityId": 137674, "scanner": "osv-scanner", "fingerprint": "afc150892208606217fb27bff51e36c1ccb120bc337b578dc6d8e00abd56320f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-35195"], "package": "requests", "rule_id": "GHSA-9wx4-h78v-vm56", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-35195|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/preconditions/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9hjg-9r4m-mvj7", "level": "warning", "message": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "properties": {"repobilityId": 137673, "scanner": "osv-scanner", "fingerprint": "491228a00d695e270c5a2ab3be1d0611a104528c3de03da915e7d62fe4f9411e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47081"], "package": "requests", "rule_id": "GHSA-9hjg-9r4m-mvj7", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-47081|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/preconditions/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `moves` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=3, nested_bonus=3."}, "properties": {"repobilityId": 137671, "scanner": "repobility-threat-engine", "fingerprint": "7f123ae4ae74cb41e3a8bfa299b6c15d486be92ccb8c99e37185bcdd13668564", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "moves", "breakdown": {"if": 3, "for": 1, "else": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|7f123ae4ae74cb41e3a8bfa299b6c15d486be92ccb8c99e37185bcdd13668564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/migrate4.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137641, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf4d2d00941c52d2e8b6cfa9585274631bfcc1cb9783372c73dc11c14ebb2936", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/integration/minimal/controls/minimal.rb", "duplicate_line": 9, "correlation_key": "fp|bf4d2d00941c52d2e8b6cfa9585274631bfcc1cb9783372c73dc11c14ebb2936"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/vpc_sc_project/controls/vpc_sc_project.rb"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137640, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5490af67056a3675b905f14f1eebdcd9c89f5070b64224d236cee431acd4f6c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/integration/full/controls/shared-vpc.rb", "duplicate_line": 14, "correlation_key": "fp|5490af67056a3675b905f14f1eebdcd9c89f5070b64224d236cee431acd4f6c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/shared_vpc_no_subnets/controls/gcloud.rb"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137639, "scanner": "repobility-ai-code-hygiene", "fingerprint": "15193a50416b198f4a4f48c3d9d59aed68cc49d4b1fe9e2058cbbc4c33d28349", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/integration/fabric_project/controls/project_fabric.rb", "duplicate_line": 22, "correlation_key": "fp|15193a50416b198f4a4f48c3d9d59aed68cc49d4b1fe9e2058cbbc4c33d28349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/minimal/controls/minimal.rb"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137638, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69b669ee76b0665a89bc9c1030d800d81409c6127c73802b98453d5c9168426f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/integration/dynamic_shared_vpc/controls/svpc.rb", "duplicate_line": 20, "correlation_key": "fp|69b669ee76b0665a89bc9c1030d800d81409c6127c73802b98453d5c9168426f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/full/controls/shared-vpc.rb"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 137637, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d75b4836465f49ab1837c6a5fbc02f81abda7675efcdb0f3531b882eeb2dded9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "helpers/migrate.py", "duplicate_line": 135, "correlation_key": "fp|d75b4836465f49ab1837c6a5fbc02f81abda7675efcdb0f3531b882eeb2dded9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/migrate4.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 137636, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 137670, "scanner": "repobility-threat-engine", "fingerprint": "aa226448d6f766b53a192d40e23752cdf588fe51c7b7de383c0fbc4412ae4f53", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aa226448d6f766b53a192d40e23752cdf588fe51c7b7de383c0fbc4412ae4f53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/init_debian.sh"}, "region": {"startLine": 135}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 137738, "scanner": "osv-scanner", "fingerprint": "5b353e264cf00187196232ccca250018f84611c507bd2c6387cae966155e69bb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 137737, "scanner": "osv-scanner", "fingerprint": "98b71449a1084f1b24ebdc931aa9d1dff850b790b39cc5dcbac630cf45b177f1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 137736, "scanner": "osv-scanner", "fingerprint": "ca7e2878b76f9b3647fbb5c154957ca73550e7994a25551d9989925a3920919b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 137735, "scanner": "osv-scanner", "fingerprint": "f20776b0ef68d0d93d9e1cae0b13680de8e5349dc6ef2b1f077d402068198bb7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 137734, "scanner": "osv-scanner", "fingerprint": "fccd5af5638274ae0e50291f241cffbbeb70f36a86a85ba4b5d3893a1916e16e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 137733, "scanner": "osv-scanner", "fingerprint": "660c86187ef088eabb12cada6edaef066f5e3a5f4e647ec00e04675a136deed3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 137732, "scanner": "osv-scanner", "fingerprint": "f44e2598171e31efb2f16ea0bf9796d0efe0529e8ff7713a3ba5206414e7331b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 137731, "scanner": "osv-scanner", "fingerprint": "03f4933a60a86caeb5581decacd24978dd24c48340bc6f7412adadbfc4d35b46", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 137730, "scanner": "osv-scanner", "fingerprint": "81d725fb33fbc1232a3dc7720bdfacca16a111d6daf073c65006cd16904eb3cb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 137729, "scanner": "osv-scanner", "fingerprint": "2099ab7a9131fd2d82a2e95773c90ee6c3265ef6c7ef5bad5314afe5973da1e1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 137728, "scanner": "osv-scanner", "fingerprint": "f0e4744afccf9ef99861e050a15d9e764b3a84c0ee45e1d35e311f4489e0d45b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 137727, "scanner": "osv-scanner", "fingerprint": "72ee09d9c4baeaf2adffe6b96942df470686d953c061f9b3b530bac206e8fbd4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 137726, "scanner": "osv-scanner", "fingerprint": "42c57534dbff7f56709e4882079e30e537e6e4c6cf9fac3f9fa1d01bd0ed9767", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 137725, "scanner": "osv-scanner", "fingerprint": "7eea8001c0df0bbf74799b3879a65281096b69f06cb23648a95ffe26b65ec3b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 137724, "scanner": "osv-scanner", "fingerprint": "8167e8dc5cd2ba7ca4f5d554fa0fc6cb8b80582feb229ff2ebe99bf358488901", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 137723, "scanner": "osv-scanner", "fingerprint": "448e46e1951491d4219fe5652fbc2e73ea5258a4f43434bc11e2bb73370b3380", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 137722, "scanner": "osv-scanner", "fingerprint": "945f7c15d95d4dddd159c10c6a662f2530ddb6e024f2277870e22700bbc65462", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 137721, "scanner": "osv-scanner", "fingerprint": "fc124fd9a5ff58c693d8c6d320e0fadea3ccf3c7958ef44a59681911fb1342f2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 137720, "scanner": "osv-scanner", "fingerprint": "0cf3f46bfbb62764426a2ca7b8e4628e276956ac1ec94749fe3e2160c31357c4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 137719, "scanner": "osv-scanner", "fingerprint": "f6f1c1437994986953d1a89dfb9327008b0b6a95e34e46a4968ccb7270e5d492", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 137718, "scanner": "osv-scanner", "fingerprint": "7cb0001de99a2699330992c96717cd32a2a938fe484a135bd1f75f66f48ae7e5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 137717, "scanner": "osv-scanner", "fingerprint": "7887d437ae64971eaa262165063b1b9d7bc03f19b7a4627457361af4a6ed250d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 137716, "scanner": "osv-scanner", "fingerprint": "c008a6f3f1bd13e51cc3c0e9a4e37bb939852f9c7fdfa3ff7df078d8daaaab47", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 137715, "scanner": "osv-scanner", "fingerprint": "47c93e14e6d4578669a2cfec8d355be8d86f3c35d319a8438591964600d1bf4a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 137714, "scanner": "osv-scanner", "fingerprint": "1d87189be451a7ccebdf366b314fc7f68249dc0037635740c1a9ed97f51e275d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 137713, "scanner": "osv-scanner", "fingerprint": "bc4d89d346777fd4256a00c4c1986f3769b73dd2cdbfdfb95871b2c67ab0f268", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 137712, "scanner": "osv-scanner", "fingerprint": "e47b2b0a389b9f11a023732e38fa6ba573e9acf552ee226dfa483ad0b18f411b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 137711, "scanner": "osv-scanner", "fingerprint": "f40b28f14859b920fd38e1f891428e43e2efdf7f56eeb5d301044b7074af86b5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 137710, "scanner": "osv-scanner", "fingerprint": "92f61720b090909df0f2176d28199bce8340eac30fad841c9d31e5cdc165bcdf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 137709, "scanner": "osv-scanner", "fingerprint": "f9b851002fc101fc53aa0f9c8396ee4a3e3281f39ee44dd9163087f7e0642a0c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 137708, "scanner": "osv-scanner", "fingerprint": "65d1e35875c149a63bf6049536dcb2d90749fa4eaf194bcb19ac983d6671ca16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 137707, "scanner": "osv-scanner", "fingerprint": "024967b27fb189846ddc0cf2bed4b1cb4aee1d01b809ce7991ecdd1558f60472", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 137706, "scanner": "osv-scanner", "fingerprint": "f0b1e624606f03d05e16d24f02a2dc6ab250d2e5990f4274711565663f4446ca", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 137705, "scanner": "osv-scanner", "fingerprint": "b87bd0a1d702877680a01c0db221bb0b8a10098b5ac8b948e85f3db1d6ce799a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 137704, "scanner": "osv-scanner", "fingerprint": "8275bac31c4961c11a8173861135b9d42bde3781768b31d8a8fd9a3e3b639d1b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 137703, "scanner": "osv-scanner", "fingerprint": "43ff833e344ca44bbc2f707aa9482092dd8c7fe675378ed8399bcd827c5eb2ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5024", "level": "error", "message": {"text": "golang.org/x/sys: GO-2026-5024"}, "properties": {"repobilityId": 137702, "scanner": "osv-scanner", "fingerprint": "834a1e6c9d9e8902326a42c2f09002e554105c5c87034a3b6476fdaf69b1154e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39824"], "package": "golang.org/x/sys", "rule_id": "GO-2026-5024", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/sys|CVE-2026-39824|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 137701, "scanner": "osv-scanner", "fingerprint": "461f539003aeb9e595f35951a584edae8e77b2c4fb96fff8546ee7ee3ac70dd8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 137700, "scanner": "osv-scanner", "fingerprint": "5a0f3706573a5e6d93ee75c80331fbb1d5589232b78a88eae29da2f97c140a5f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 137699, "scanner": "osv-scanner", "fingerprint": "3462a6571424c5358629e162a1d3e7b953cfb029ae522ae209ccf189e4e8ea12", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 137698, "scanner": "osv-scanner", "fingerprint": "6d83e3c9c957932a96a7fd93185dd67271bb1db6e3f7eff946f5dd9b1fe7d0cd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 137697, "scanner": "osv-scanner", "fingerprint": "4b85b50ba65d7df8d769ae35392f443cc6ff057069114313495a72d9ff5c155d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 137696, "scanner": "osv-scanner", "fingerprint": "9ce306726cab4cb7024abdab888b354d969d159573ba4968fdb8e563a0bb9cf2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4918"}, "properties": {"repobilityId": 137695, "scanner": "osv-scanner", "fingerprint": "3e963fc4bc901744b05e5c71128ed3043c1d613dd49fe2551ee9411f9fd96a83", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "golang.org/x/net", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-33814|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4441", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4441"}, "properties": {"repobilityId": 137694, "scanner": "osv-scanner", "fingerprint": "5c0293548c868f3834617e421f350e63e2616870cd283960dbcff8b12b125039", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58190"], "package": "golang.org/x/net", "rule_id": "GO-2026-4441", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2025-58190|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4440", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4440"}, "properties": {"repobilityId": 137693, "scanner": "osv-scanner", "fingerprint": "c8656615c00681579741c65e20e44dc39267a422c0287321bc613ea1262249f6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47911", "GHSA-w4gw-w5jq-g9jh"], "package": "golang.org/x/net", "rule_id": "GO-2026-4440", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2025-47911|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 137692, "scanner": "osv-scanner", "fingerprint": "e2a794b724e603929c6de31a8e72857c23b5567d3b8ce0bebd657405ca46b429", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 137691, "scanner": "osv-scanner", "fingerprint": "098c2ee24e03c24b3efcc8d41d8d6735ab12563f45fa84c6bf047c0f5204afe4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 137690, "scanner": "osv-scanner", "fingerprint": "eb635a607606d607354392bf7c8b44c74227129c5fff291833e4bc7b1d60c58f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 137689, "scanner": "osv-scanner", "fingerprint": "4e38c8992d9e860d0197e95ba5e6a33ebad21d47bc8ec31714243172627e9c9b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 137688, "scanner": "osv-scanner", "fingerprint": "98dc58559e5b3969c371f35f046cb6e092f7bebf4f8e408c12ed2b6a8fc3f3c0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 137687, "scanner": "osv-scanner", "fingerprint": "d7e261e59d162760231b4cd6f0825af38bdc746db6a676ed80dd2d4193b1469a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 137686, "scanner": "osv-scanner", "fingerprint": "eb9979ef37805aafeb48a2127fd866ff8eb580e59879c8b15e53f2b16ccfc428", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 137685, "scanner": "osv-scanner", "fingerprint": "7a2ae946e75c1fb5036f6658e9cf92dc3b64e74456bb0df26cc0def9a75b767e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 137684, "scanner": "osv-scanner", "fingerprint": "9cb09d51589b4b072320ff17faee8905d38dfe54b425ff787a623dab0d943298", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 137683, "scanner": "osv-scanner", "fingerprint": "22fb99da97274978f9c62fe5c542a52a73ace80cc9494c4194aeb9b611b79cee", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 137682, "scanner": "osv-scanner", "fingerprint": "7038f908fae1823be93b2e8ef638584d22a79122688ed8bd1040c33543455335", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 137681, "scanner": "osv-scanner", "fingerprint": "6cbb0d7d6f839bd02f59da20dd1c2c1116f7b402fc6a6e4cd25a37431cb732a1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 137680, "scanner": "osv-scanner", "fingerprint": "75061e833fb40bf13c61db14a91130bc4ec5af91d2093e53113b5c8a80698bb1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4135", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4135"}, "properties": {"repobilityId": 137679, "scanner": "osv-scanner", "fingerprint": "30a1d83396173d7ecb596ec91bb44f1db5db037dcbf44987e76f6cbc9809cbb3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-47914", "GHSA-f6x5-jh6r-wrfv"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4135", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-47914|test/integration/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f6x5-jh6r-wrfv", "GO-2025-4135"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["30a1d83396173d7ecb596ec91bb44f1db5db037dcbf44987e76f6cbc9809cbb3", "bc933865a8fc3d58c4ebebd33eaaeb8d9f74679d573690167c640606766c8823"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4134", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4134"}, "properties": {"repobilityId": 137678, "scanner": "osv-scanner", "fingerprint": "f28f5827b6a067422e2eec484d6db9e6a47f7eda1399329ba5396afdf1a83b8c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-58181", "GHSA-j5w8-q4qc-rx2x"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4134", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-58181|test/integration/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j5w8-q4qc-rx2x", "GO-2025-4134"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["c325e04a9e0c87957747b85ecd29bffa294dc182915ad04d6ff502480fe1cb01", "f28f5827b6a067422e2eec484d6db9e6a47f7eda1399329ba5396afdf1a83b8c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4116", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4116"}, "properties": {"repobilityId": 137677, "scanner": "osv-scanner", "fingerprint": "5dd6de26644595491bcc0b93823b680977ccdc1c33f92973801326444d501e4f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47913", "GHSA-56w8-48fp-6mgv"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4116", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-47913|test/integration/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3922", "level": "error", "message": {"text": "github.com/ulikunitz/xz: GO-2025-3922"}, "properties": {"repobilityId": 137676, "scanner": "osv-scanner", "fingerprint": "f041eadae937f07d287d8130dba60ffc509c470c42c8eda1d980382a6ec9c8ad", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-58058", "GHSA-jc7w-c686-c4v9"], "package": "github.com/ulikunitz/xz", "rule_id": "GO-2025-3922", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/ulikunitz/xz|CVE-2025-58058|test/integration/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jc7w-c686-c4v9", "GO-2025-3922"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["380b69d1f85d64f875cb6014eff94c090a3439d5947869d3852576df53415f6d", "f041eadae937f07d287d8130dba60ffc509c470c42c8eda1d980382a6ec9c8ad"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-74", "level": "error", "message": {"text": "requests: PYSEC-2023-74"}, "properties": {"repobilityId": 137672, "scanner": "osv-scanner", "fingerprint": "d8fd8ea3868ca44512bfd1f4b7cb0e2119b53fd75cce3d2ee79034173fbc9b66", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-32681", "GHSA-j8r2-6x86-q33q"], "package": "requests", "rule_id": "PYSEC-2023-74", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2023-32681|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j8r2-6x86-q33q", "PYSEC-2023-74"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["b783c10b7753aff4b52672a2d4da1dbb3c99cd31bd74500a67a90725cb5899a1", "d8fd8ea3868ca44512bfd1f4b7cb0e2119b53fd75cce3d2ee79034173fbc9b66"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/preconditions/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 137669, "scanner": "repobility-supply-chain", "fingerprint": "a2dea6d57ac79c38bb6c0881cd1c1f59e4c0247fb2f1cdacf68e4ab9dcbc546c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a2dea6d57ac79c38bb6c0881cd1c1f59e4c0247fb2f1cdacf68e4ab9dcbc546c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yaml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 137668, "scanner": "repobility-supply-chain", "fingerprint": "048fda45c30194f0a15e725e2b404836af830c0e22b2304cdee94ead02bfae8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|048fda45c30194f0a15e725e2b404836af830c0e22b2304cdee94ead02bfae8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yaml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 137667, "scanner": "repobility-supply-chain", "fingerprint": "a61394a13aac2dd9a82b1b6d61928f41ab58d7c5e1d7f32227db0e9401634a64", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a61394a13aac2dd9a82b1b6d61928f41ab58d7c5e1d7f32227db0e9401634a64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.module` used but never assigned in __init__"}, "properties": {"repobilityId": 137666, "scanner": "repobility-ast-engine", "fingerprint": "251310d010198b63d39c526f06bfc7e68475b8c401b1867fac300e53e226023e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|251310d010198b63d39c526f06bfc7e68475b8c401b1867fac300e53e226023e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.module` used but never assigned in __init__"}, "properties": {"repobilityId": 137665, "scanner": "repobility-ast-engine", "fingerprint": "0efc333ba3b1aef66a7664f5b2f0ba51b8c6ba97f817dafc0cc6b9f9696cd145", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0efc333ba3b1aef66a7664f5b2f0ba51b8c6ba97f817dafc0cc6b9f9696cd145"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 137664, "scanner": "repobility-ast-engine", "fingerprint": "f686d1bd9839b0b025ec91138bda13d3bc6d4291f6b69f66461309b65840c56c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f686d1bd9839b0b025ec91138bda13d3bc6d4291f6b69f66461309b65840c56c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 137663, "scanner": "repobility-ast-engine", "fingerprint": "a8c26499ea6f349dcba67685db9201759c68acdcd7766362b2f8463bda86b90d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8c26499ea6f349dcba67685db9201759c68acdcd7766362b2f8463bda86b90d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 137662, "scanner": "repobility-ast-engine", "fingerprint": "98b6a840cf45db1420a489ce88e30d3827f9e2818db22bd6378c203617b66d8b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98b6a840cf45db1420a489ce88e30d3827f9e2818db22bd6378c203617b66d8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 137661, "scanner": "repobility-ast-engine", "fingerprint": "a2434998df440149fa0a1e62daf689b0577a9414037c0d2dc78042952c9800d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2434998df440149fa0a1e62daf689b0577a9414037c0d2dc78042952c9800d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.resources` used but never assigned in __init__"}, "properties": {"repobilityId": 137660, "scanner": "repobility-ast-engine", "fingerprint": "b8e49f2883513e4e0e4f84780d22815bb626b6b755524db5e3fc72f1dc5108ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8e49f2883513e4e0e4f84780d22815bb626b6b755524db5e3fc72f1dc5108ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.module` used but never assigned in __init__"}, "properties": {"repobilityId": 137659, "scanner": "repobility-ast-engine", "fingerprint": "52abfe1af01a401261df47988b43a64c232dbd9e63d9a480746708d442dbfee6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52abfe1af01a401261df47988b43a64c232dbd9e63d9a480746708d442dbfee6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.resources` used but never assigned in __init__"}, "properties": {"repobilityId": 137658, "scanner": "repobility-ast-engine", "fingerprint": "0371dc543b534ca36731626a0645c94a05107fa7b42ded764237a49990104136", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0371dc543b534ca36731626a0645c94a05107fa7b42ded764237a49990104136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.migration` used but never assigned in __init__"}, "properties": {"repobilityId": 137657, "scanner": "repobility-ast-engine", "fingerprint": "95601c382ebbea019ef67f2e120cbca2b8e0c948444501e270d2bed75fa6c7eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95601c382ebbea019ef67f2e120cbca2b8e0c948444501e270d2bed75fa6c7eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 137656, "scanner": "repobility-ast-engine", "fingerprint": "49c0134cf58f6ddc74eb1e818918c25e0f78c9d5acc864a403684f3eca732d30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49c0134cf58f6ddc74eb1e818918c25e0f78c9d5acc864a403684f3eca732d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 137655, "scanner": "repobility-ast-engine", "fingerprint": "16a5a24e7a1caae0e912215e2f24f73fe4f841ee6e94b15e20b0b261d3450805", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16a5a24e7a1caae0e912215e2f24f73fe4f841ee6e94b15e20b0b261d3450805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.migration` used but never assigned in __init__"}, "properties": {"repobilityId": 137654, "scanner": "repobility-ast-engine", "fingerprint": "584fd2391e394a8802b7d828cb9181dbfa0df2189ce433f4a0915b157fd0718d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|584fd2391e394a8802b7d828cb9181dbfa0df2189ce433f4a0915b157fd0718d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 137653, "scanner": "repobility-ast-engine", "fingerprint": "c48ea141b5491a033abe2f769c2f2ee4f894fad0a54f21460b7ced33ea6a0932", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c48ea141b5491a033abe2f769c2f2ee4f894fad0a54f21460b7ced33ea6a0932"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.migration` used but never assigned in __init__"}, "properties": {"repobilityId": 137652, "scanner": "repobility-ast-engine", "fingerprint": "baa9a680f249d524a1f305e2604e4e0edc789aa47b1edc3e7477b2c4e11341fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|baa9a680f249d524a1f305e2604e4e0edc789aa47b1edc3e7477b2c4e11341fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 137651, "scanner": "repobility-ast-engine", "fingerprint": "717f33ac2a7c7968ab3d095f8e90c210c904c4fc1654f0de68812d4b4f43c693", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|717f33ac2a7c7968ab3d095f8e90c210c904c4fc1654f0de68812d4b4f43c693"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.migration` used but never assigned in __init__"}, "properties": {"repobilityId": 137650, "scanner": "repobility-ast-engine", "fingerprint": "412f7cf40ae1c4bcba21ac151bb2c4feb5814fe1dfcbe9c60d47a25827e9a4f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|412f7cf40ae1c4bcba21ac151bb2c4feb5814fe1dfcbe9c60d47a25827e9a4f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 137649, "scanner": "repobility-ast-engine", "fingerprint": "674144840f802474a6e4390388b1b9605309a1dba06ef55179e45084dbc7b466", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|674144840f802474a6e4390388b1b9605309a1dba06ef55179e45084dbc7b466"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.module` used but never assigned in __init__"}, "properties": {"repobilityId": 137648, "scanner": "repobility-ast-engine", "fingerprint": "b9a7d634f3f058d563441960659f27556e3bb2fb5ab7d932cd7578e7516f6ba3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9a7d634f3f058d563441960659f27556e3bb2fb5ab7d932cd7578e7516f6ba3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.resources` used but never assigned in __init__"}, "properties": {"repobilityId": 137647, "scanner": "repobility-ast-engine", "fingerprint": "924c9cc832c165f02098c45299f2f7d4f42cbd37ab183dc8d70a38a05f8f374b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|924c9cc832c165f02098c45299f2f7d4f42cbd37ab183dc8d70a38a05f8f374b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.migration` used but never assigned in __init__"}, "properties": {"repobilityId": 137646, "scanner": "repobility-ast-engine", "fingerprint": "d0aefa10837acb2f240154eae7213b4fb79037a747f74e96bdfc42bc8746b884", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0aefa10837acb2f240154eae7213b4fb79037a747f74e96bdfc42bc8746b884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.module` used but never assigned in __init__"}, "properties": {"repobilityId": 137645, "scanner": "repobility-ast-engine", "fingerprint": "28a5b632fd38f122b1e247c85524b6b1654235bddc3cab68eb65020d8a322983", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28a5b632fd38f122b1e247c85524b6b1654235bddc3cab68eb65020d8a322983"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.resources` used but never assigned in __init__"}, "properties": {"repobilityId": 137644, "scanner": "repobility-ast-engine", "fingerprint": "abfd0b157fe851a99d24cfdc1655df889dab5af12942724a5a40ea282c5cb97f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|abfd0b157fe851a99d24cfdc1655df889dab5af12942724a5a40ea282c5cb97f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/helpers/test_migrate.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.targets` used but never assigned in __init__"}, "properties": {"repobilityId": 137643, "scanner": "repobility-ast-engine", "fingerprint": "8937ed69690a06e37c183770fe775eb41e30bbf9a3cc8a823d0e6ff527bc5f08", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8937ed69690a06e37c183770fe775eb41e30bbf9a3cc8a823d0e6ff527bc5f08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/migrate4.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.targets` used but never assigned in __init__"}, "properties": {"repobilityId": 137642, "scanner": "repobility-ast-engine", "fingerprint": "e02908652e324c87d35d6eb955dfc5152748d2c575a58ef87f18b8300a969d2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e02908652e324c87d35d6eb955dfc5152748d2c575a58ef87f18b8300a969d2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helpers/migrate.py"}, "region": {"startLine": 143}}}]}]}]}