{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB012", "name": "Service worker is present without a web app manifest", "shortDescription": {"text": "Service worker is present without a web app manifest"}, "fullDescription": {"text": "A service worker without a manifest often means the PWA install surface is incomplete or inconsistent across devices."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8mj-m7cp-5q26", "name": "qs: GHSA-q8mj-m7cp-5q26", "shortDescription": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "fullDescription": {"text": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6rw7-vpxm-498p", "name": "qs: GHSA-6rw7-vpxm-498p", "shortDescription": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "fullDescription": {"text": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxjr-mmjv-4gpg", "name": "lodash: GHSA-xxjr-mmjv-4gpg", "shortDescription": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "fullDescription": {"text": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-378v-28hj-76wf", "name": "bn.js: GHSA-378v-28hj-76wf", "shortDescription": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "fullDescription": {"text": "bn.js affected by an infinite loop"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xv59-967r-8726", "name": "openssl: GHSA-xv59-967r-8726", "shortDescription": {"text": "openssl: GHSA-xv59-967r-8726"}, "fullDescription": {"text": "rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-phqj-4mhp-q6mq", "name": "openssl: GHSA-phqj-4mhp-q6mq", "shortDescription": {"text": "openssl: GHSA-phqj-4mhp-q6mq"}, "fullDescription": {"text": "rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "GHSA-w7fw-mjwx-w883", "name": "qs: GHSA-w7fw-mjwx-w883", "shortDescription": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "fullDescription": {"text": "qs's arrayLimit bypass in comma parsing allows denial of service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-848j-6mx2-7j84", "name": "elliptic: GHSA-848j-6mx2-7j84", "shortDescription": {"text": "elliptic: GHSA-848j-6mx2-7j84"}, "fullDescription": {"text": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9c48-w39g-hm26", "name": "rsa: GHSA-9c48-w39g-hm26", "shortDescription": {"text": "rsa: GHSA-9c48-w39g-hm26"}, "fullDescription": {"text": "rsa crate has potential panic on a prime being equal to 1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xmgf-hq76-4vx2", "name": "openssl: GHSA-xmgf-hq76-4vx2", "shortDescription": {"text": "openssl: GHSA-xmgf-hq76-4vx2"}, "fullDescription": {"text": "rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `vite-plugin-wasm` is minor version(s) behind (3.5.0 -> 3.6.0)", "shortDescription": {"text": "npm package `vite-plugin-wasm` is minor version(s) behind (3.5.0 -> 3.6.0)"}, "fullDescription": {"text": "`vite-plugin-wasm` is pinned/resolved at 3.5.0 but the latest stable release on the npm registry is 3.6.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 21 more): Same pattern found in 21 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 37 more): Same pattern found in 37 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2wj-q39q-566r", "name": "vite: GHSA-v2wj-q39q-566r", "shortDescription": {"text": "vite: GHSA-v2wj-q39q-566r"}, "fullDescription": {"text": "Vite: `server.fs.deny` bypassed with queries"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p9ff-h696-f583", "name": "vite: GHSA-p9ff-h696-f583", "shortDescription": {"text": "vite: GHSA-p9ff-h696-f583"}, "fullDescription": {"text": "Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v39h-62p7-jpjc", "name": "fast-uri: GHSA-v39h-62p7-jpjc", "shortDescription": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "fullDescription": {"text": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q3j6-qgpj-74h6", "name": "fast-uri: GHSA-q3j6-qgpj-74h6", "shortDescription": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "fullDescription": {"text": "fast-uri vulnerable to path traversal via percent-encoded dot segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7h2j-956f-4vf2", "name": "@isaacs/brace-expansion: GHSA-7h2j-956f-4vf2", "shortDescription": {"text": "@isaacs/brace-expansion: GHSA-7h2j-956f-4vf2"}, "fullDescription": {"text": "@isaacs/brace-expansion has Uncontrolled Resource Consumption"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fv7c-fp4j-7gwp", "name": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp", "shortDescription": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "fullDescription": {"text": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0104", "name": "rustls-webpki: RUSTSEC-2026-0104", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "fullDescription": {"text": "Reachable panic in certificate revocation list parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0099", "name": "rustls-webpki: RUSTSEC-2026-0099", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "fullDescription": {"text": "Name constraints were accepted for certificates asserting a wildcard name"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0098", "name": "rustls-webpki: RUSTSEC-2026-0098", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "fullDescription": {"text": "Name constraints for URI names were incorrectly accepted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0049", "name": "rustls-webpki: RUSTSEC-2026-0049", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "fullDescription": {"text": "CRLs not considered authoritative by Distribution Point due to faulty matching logic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0134", "name": "rustls-pemfile: RUSTSEC-2025-0134", "shortDescription": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "fullDescription": {"text": "rustls-pemfile is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0071", "name": "rsa: RUSTSEC-2023-0071", "shortDescription": {"text": "rsa: RUSTSEC-2023-0071"}, "fullDescription": {"text": "Marvin Attack: potential key recovery through timing sidechannels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0037", "name": "quinn-proto: RUSTSEC-2026-0037", "shortDescription": {"text": "quinn-proto: RUSTSEC-2026-0037"}, "fullDescription": {"text": "Denial of service in Quinn endpoints"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xp3w-r5p5-63rr", "name": "openssl: GHSA-xp3w-r5p5-63rr", "shortDescription": {"text": "openssl: GHSA-xp3w-r5p5-63rr"}, "fullDescription": {"text": "rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pqf5-4pqq-29f5", "name": "openssl: GHSA-pqf5-4pqq-29f5", "shortDescription": {"text": "openssl: GHSA-pqf5-4pqq-29f5"}, "fullDescription": {"text": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hppc-g8h3-xhp3", "name": "openssl: GHSA-hppc-g8h3-xhp3", "shortDescription": {"text": "openssl: GHSA-hppc-g8h3-xhp3"}, "fullDescription": {"text": "rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ghm9-cr32-g9qj", "name": "openssl: GHSA-ghm9-cr32-g9qj", "shortDescription": {"text": "openssl: GHSA-ghm9-cr32-g9qj"}, "fullDescription": {"text": "rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8c75-8mhr-p7r9", "name": "openssl: GHSA-8c75-8mhr-p7r9", "shortDescription": {"text": "openssl: GHSA-8c75-8mhr-p7r9"}, "fullDescription": {"text": "rust-openssl has incorrect bounds assertion in aes key wrap"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0057", "name": "fxhash: RUSTSEC-2025-0057", "shortDescription": {"text": "fxhash: RUSTSEC-2025-0057"}, "fullDescription": {"text": "fxhash - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2021-0141", "name": "dotenv: RUSTSEC-2021-0141", "shortDescription": {"text": "dotenv: RUSTSEC-2021-0141"}, "fullDescription": {"text": "dotenv is Unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0007", "name": "bytes: RUSTSEC-2026-0007", "shortDescription": {"text": "bytes: RUSTSEC-2026-0007"}, "fullDescription": {"text": "Integer overflow in `BytesMut::reserve`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC100", "name": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make ", "shortDescription": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "fullDescription": {"text": "Allowlist specific origins. For dynamic per-request validation, validate against a known list and echo the origin back. Never combine wildcard origin with credentials."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`", "shortDescription": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "fullDescription": {"text": "`uses: dtolnay/rust-toolchain@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "package.json dep `uniffi-bindgen-react-native` pulled from URL/Git", "shortDescription": {"text": "package.json dep `uniffi-bindgen-react-native` pulled from URL/Git"}, "fullDescription": {"text": "`dependencies.uniffi-bindgen-react-native` = `github:Enduriel/uniffi-bindgen-react-native#e0282ad3eb972eaea74225dcc06247b7a67204dd` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `alpine:latest` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `alpine:latest` not pinned by digest"}, "fullDescription": {"text": "`FROM alpine:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-5xrq-8626-4rwp", "name": "vitest: GHSA-5xrq-8626-4rwp", "shortDescription": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "fullDescription": {"text": "When Vitest UI server is listening, arbitrary file can be read and executed"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1012"}, "properties": {"repository": "FilenCloudDienste/filen-rs", "repoUrl": "https://github.com/FilenCloudDienste/filen-rs", "branch": "main"}, "results": [{"ruleId": "WEB012", "level": "warning", "message": {"text": "Service worker is present without a web app manifest"}, "properties": {"repobilityId": 94987, "scanner": "repobility-web-presence", "fingerprint": "fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A service worker was discovered but no common web manifest file was found.", "evidence": {"rule_id": "WEB012", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/Manifest"], "correlation_key": "fp|fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manifest.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 94986, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 94985, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 94980, "scanner": "osv-scanner", "fingerprint": "145ddeb19d39b8acec7f661ef7d3e5de48b8188017f77e0c9872ceed66619b8b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 94976, "scanner": "osv-scanner", "fingerprint": "9e51e38881bf4f17f2c8211d363faa2604f84ca7923973f620274956d05bbaec", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 94975, "scanner": "osv-scanner", "fingerprint": "f4e58e206038d3da7782f85bf569c206a8f78392dc466758d2812b11bfe9b426", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 94974, "scanner": "osv-scanner", "fingerprint": "472f592fa5b6b3e8b2a85d5d3d26cf31b0871c7f34faf9269c346ff89934f8a1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 94970, "scanner": "osv-scanner", "fingerprint": "27d5cfa216d806f3d3f0600a9ece58bdd93b115edd0ade47397f529a46f97b3f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 94969, "scanner": "osv-scanner", "fingerprint": "f1c9522e656aa7e1ecab4d28cb8d3a5c82f4b2a9fca54bd38798d16e8374f250", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 94968, "scanner": "osv-scanner", "fingerprint": "366676194cb6e27e70cf667349115314562b473f9b68f700ccd7e1224112da7a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 94966, "scanner": "osv-scanner", "fingerprint": "c6c1dc84679d5c8013d08f4990574c4939c92790759928009e5ea4e7f6928e72", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 94962, "scanner": "osv-scanner", "fingerprint": "acd32155b7c617d935f00828733c678fe7be5d064066332240409bddaac838e1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 94960, "scanner": "osv-scanner", "fingerprint": "4cb024e6950c99f92c7e83c34dc019a1fc67f2feee75b9b6af35bd000f290691", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 94956, "scanner": "osv-scanner", "fingerprint": "8eaad2662b2ab3346caa105af7c87b735887d8b5973697f10121f49c0a7a8ac5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-378v-28hj-76wf", "level": "warning", "message": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "properties": {"repobilityId": 94955, "scanner": "osv-scanner", "fingerprint": "fb21d9f17fae71438ee48d129570effa1c0625697b6ebe3247572f021cb4fbf7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2739"], "package": "bn.js", "rule_id": "GHSA-378v-28hj-76wf", "scanner": "osv-scanner", "correlation_key": "vuln|bn.js|CVE-2026-2739|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 94954, "scanner": "osv-scanner", "fingerprint": "3bb3145decbb84a966579c33e898b13f4dd3d7c60629a5cb1949e39661ca4074", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xv59-967r-8726", "level": "warning", "message": {"text": "openssl: GHSA-xv59-967r-8726"}, "properties": {"repobilityId": 94941, "scanner": "osv-scanner", "fingerprint": "40f7a69afef8f05b62f850cc1a053fe6e15a2035daedd2be3c02e1fc04ce060b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44662"], "package": "openssl", "rule_id": "GHSA-xv59-967r-8726", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-44662|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-phqj-4mhp-q6mq", "level": "warning", "message": {"text": "openssl: GHSA-phqj-4mhp-q6mq"}, "properties": {"repobilityId": 94937, "scanner": "osv-scanner", "fingerprint": "e7d9444dd05c6f7db70b4bbdd19e857b94c64c61212cc0633fa15cbc0de69929", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45784"], "package": "openssl", "rule_id": "GHSA-phqj-4mhp-q6mq", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-45784|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 94928, "scanner": "repobility-docker", "fingerprint": "fbbe07ac26a7d2c3bc7213d95481abe31cacd51acc24e2e4b9a2b51ffb1bdeeb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fbbe07ac26a7d2c3bc7213d95481abe31cacd51acc24e2e4b9a2b51ffb1bdeeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 22}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 94927, "scanner": "repobility-docker", "fingerprint": "d991b6d90c10d01c35b4b302a93583ad466e5b960209514a540065626032f105", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 9 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 9, "correlation_key": "fp|d991b6d90c10d01c35b4b302a93583ad466e5b960209514a540065626032f105", "dependency_install_line": 11}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 94926, "scanner": "repobility-docker", "fingerprint": "5bd9e00ad5a7ab954f66f69454b4d55880a6189251c65f0998743fec439763ee", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "alpine:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5bd9e00ad5a7ab954f66f69454b4d55880a6189251c65f0998743fec439763ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 22}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 94925, "scanner": "repobility-docker", "fingerprint": "fdc71ab474797afbd3cb00bc98d8dde9cdcf28d66738dd59db28792e47a41c1d", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fdc71ab474797afbd3cb00bc98d8dde9cdcf28d66738dd59db28792e47a41c1d", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 94892, "scanner": "repobility-agent-runtime", "fingerprint": "8d86964e61585d38f3f8c4ab767728dda6daf9002b3a797eb49da052a46ecc48", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|8d86964e61585d38f3f8c4ab767728dda6daf9002b3a797eb49da052a46ecc48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/README.md"}, "region": {"startLine": 22}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 94891, "scanner": "repobility-agent-runtime", "fingerprint": "91b1656bcdd66d227a77214f3e555e3e606a7d099ca3f5cacb57e4423cdcc99a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|91b1656bcdd66d227a77214f3e555e3e606a7d099ca3f5cacb57e4423cdcc99a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-cli.yml"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 94834, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a67108e2913c9af821ac1402ecdc02936e38da44e3fec8438b86ae9ab386663c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|a67108e2913c9af821ac1402ecdc02936e38da44e3fec8438b86ae9ab386663c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-types/src/api/v3/chat/last_focus_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 94984, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 94983, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 94982, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 94981, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 94971, "scanner": "osv-scanner", "fingerprint": "5799ef1023006a0bdb3671adbf7fc1059c8c71d729fb9ead775fe8fc077f0c82", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-848j-6mx2-7j84", "level": "note", "message": {"text": "elliptic: GHSA-848j-6mx2-7j84"}, "properties": {"repobilityId": 94957, "scanner": "osv-scanner", "fingerprint": "6328d12cc9e26dc8aa9aebd9af4e558ac788efbd491a7121288207fb7bd9e26e", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-14505"], "package": "elliptic", "rule_id": "GHSA-848j-6mx2-7j84", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2025-14505|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c48-w39g-hm26", "level": "note", "message": {"text": "rsa: GHSA-9c48-w39g-hm26"}, "properties": {"repobilityId": 94946, "scanner": "osv-scanner", "fingerprint": "32721c15a31d95160522b469e70c2b90d0875223098f81acdd7e8f03d5bce2dc", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-21895"], "package": "rsa", "rule_id": "GHSA-9c48-w39g-hm26", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2026-21895|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xmgf-hq76-4vx2", "level": "note", "message": {"text": "openssl: GHSA-xmgf-hq76-4vx2"}, "properties": {"repobilityId": 94939, "scanner": "osv-scanner", "fingerprint": "0bc60beacdb75611689692a159e78cd7d749ffffcaa137ffd32c2c53a7f6a2a7", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41677"], "package": "openssl", "rule_id": "GHSA-xmgf-hq76-4vx2", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41677|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 94929, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 94924, "scanner": "repobility-docker", "fingerprint": "023a78e9ef4fda68c7d6ddbf19fb54a173f6f303a242464e81974c7b910dbbd0", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|023a78e9ef4fda68c7d6ddbf19fb54a173f6f303a242464e81974c7b910dbbd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 94923, "scanner": "repobility-docker", "fingerprint": "02a62f10db8daa4ecc2e10ed03eb80cb98a108e5ccde5474aefc957455383f59", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|02a62f10db8daa4ecc2e10ed03eb80cb98a108e5ccde5474aefc957455383f59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `vite-plugin-wasm` is minor version(s) behind (3.5.0 -> 3.6.0)"}, "properties": {"repobilityId": 94890, "scanner": "repobility-dependency-currency", "fingerprint": "056f8632226ded3ce737e9dcfdab9fa56e7673e7ec4f1032de9454d38c8e1777", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vite-plugin-wasm", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.6.0", "correlation_key": "fp|056f8632226ded3ce737e9dcfdab9fa56e7673e7ec4f1032de9454d38c8e1777", "current_version": "3.5.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `vite-plugin-pwa` is minor version(s) behind (1.2.0 -> 1.3.0)"}, "properties": {"repobilityId": 94889, "scanner": "repobility-dependency-currency", "fingerprint": "dfc24019ca96239b306f599eaa0bb75513f89967db82262d468e0693865be35a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vite-plugin-pwa", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.3.0", "correlation_key": "fp|dfc24019ca96239b306f599eaa0bb75513f89967db82262d468e0693865be35a", "current_version": "1.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `vite-plugin-node-polyfills` is minor version(s) behind (0.24.0 -> 0.28.0)"}, "properties": {"repobilityId": 94888, "scanner": "repobility-dependency-currency", "fingerprint": "08d0ac3cc6724413f7565e0328a66f5fb687592607b14686476193eab6baa434", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vite-plugin-node-polyfills", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.28.0", "correlation_key": "fp|08d0ac3cc6724413f7565e0328a66f5fb687592607b14686476193eab6baa434", "current_version": "0.24.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@vitest/browser-playwright` is minor version(s) behind (4.0.14 -> 4.1.8)"}, "properties": {"repobilityId": 94885, "scanner": "repobility-dependency-currency", "fingerprint": "0afb51d9432bbd6da79e6b3511f5c1cafe7b9dbf5e53dbe9fa8f84508dce6ef9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitest/browser-playwright", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.1.8", "correlation_key": "fp|0afb51d9432bbd6da79e6b3511f5c1cafe7b9dbf5e53dbe9fa8f84508dce6ef9", "current_version": "4.0.14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@vitest/browser` is minor version(s) behind (4.0.14 -> 4.1.8)"}, "properties": {"repobilityId": 94884, "scanner": "repobility-dependency-currency", "fingerprint": "f177f7b0ec24845273f3f6aa048d0939b4ac606f3d9f0150da08f8a9c01e5092", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitest/browser", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.1.8", "correlation_key": "fp|f177f7b0ec24845273f3f6aa048d0939b4ac606f3d9f0150da08f8a9c01e5092", "current_version": "4.0.14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f556eb52101309e3e20a06b543869a36b2df538f91afe7186e00f5fab2fd4c34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/user/events.rs", "duplicate_line": 23, "correlation_key": "fp|f556eb52101309e3e20a06b543869a36b2df538f91afe7186e00f5fab2fd4c34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/user/js/events.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4793e64bd4f9eace6f31d5c336ca518d2c6e5657c7ec612157053698a5179795", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/socket/native.rs", "duplicate_line": 40, "correlation_key": "fp|4793e64bd4f9eace6f31d5c336ca518d2c6e5657c7ec612157053698a5179795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/socket/wasm.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de21452b4f8369289fd9e45a4f5cb11823159a1b1a30355b77c42916f0934a4f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/fs/file/js_impl.rs", "duplicate_line": 308, "correlation_key": "fp|de21452b4f8369289fd9e45a4f5cb11823159a1b1a30355b77c42916f0934a4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/js/service_worker/impls.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94851, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04db992d7286868f9e9fa2adfd076df8350636f771857e463322afcf573c6db3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/js/managed_futures/multi_threaded.rs", "duplicate_line": 139, "correlation_key": "fp|04db992d7286868f9e9fa2adfd076df8350636f771857e463322afcf573c6db3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/js/managed_futures/uniffi.rs"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94850, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e9a25fcbfde8d940f96f43e1a298fb644997a1a6850b0a7772f0e13cd8e805a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/js/managed_futures/multi_threaded.rs", "duplicate_line": 93, "correlation_key": "fp|e9a25fcbfde8d940f96f43e1a298fb644997a1a6850b0a7772f0e13cd8e805a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/js/managed_futures/service_worker.rs"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a455fd6aa758aeee9ce44f637563904a923866aed1a0d4d829607091800abac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/fs/dir/cache.rs", "duplicate_line": 57, "correlation_key": "fp|9a455fd6aa758aeee9ce44f637563904a923866aed1a0d4d829607091800abac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/fs/file/cache.rs"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8568ddf7132a92424d5bf0d9224812a2cb5ff15c21f6d2315e45d0487143942", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/fs/categories/linked.rs", "duplicate_line": 136, "correlation_key": "fp|e8568ddf7132a92424d5bf0d9224812a2cb5ff15c21f6d2315e45d0487143942"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/fs/categories/normal.rs"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94847, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fbb145bc32e4e1a303c8bdfa985f70a70a1d25a9c8791655e66b7bae77add7e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/auth/v1.rs", "duplicate_line": 29, "correlation_key": "fp|7fbb145bc32e4e1a303c8bdfa985f70a70a1d25a9c8791655e66b7bae77add7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/auth/v3.rs"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94846, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8dfd45aa09442d9f32620b40e431a1016db67c9d250641d896c3a867458eb4e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/auth/v2.rs", "duplicate_line": 35, "correlation_key": "fp|8dfd45aa09442d9f32620b40e431a1016db67c9d250641d896c3a867458eb4e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/auth/v3.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94845, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8478d07df2f8f8d3eab5e80cdd3de79d77c9a0b08511d611c13e66f40a26572e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/auth/v1.rs", "duplicate_line": 29, "correlation_key": "fp|8478d07df2f8f8d3eab5e80cdd3de79d77c9a0b08511d611c13e66f40a26572e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/auth/v2.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94844, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5b769f748cb2796442efb9336e85be747cfd736ea802dcbc3ccd2ce8117389c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/content.rs", "duplicate_line": 9, "correlation_key": "fp|e5b769f748cb2796442efb9336e85be747cfd736ea802dcbc3ccd2ce8117389c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/shared/out_uuid.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94843, "scanner": "repobility-ai-code-hygiene", "fingerprint": "816b910f3b27cf51ea6336fad163b92a07f4fd718b540414c4f958c2f3f0ec76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/download/shared.rs", "duplicate_line": 2, "correlation_key": "fp|816b910f3b27cf51ea6336fad163b92a07f4fd718b540414c4f958c2f3f0ec76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/shared/out_uuid.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94842, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d88f83f35134751dade4f7b79b6007b91c2f25aa0a1f27a6e5001b4f2aa7ff87", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/content.rs", "duplicate_line": 9, "correlation_key": "fp|d88f83f35134751dade4f7b79b6007b91c2f25aa0a1f27a6e5001b4f2aa7ff87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/shared/out_root.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94841, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b47756ff2f6da169ed8471f8a35f28b11f5cbb873c3a041af00e487a880e9b10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/download/shared.rs", "duplicate_line": 2, "correlation_key": "fp|b47756ff2f6da169ed8471f8a35f28b11f5cbb873c3a041af00e487a880e9b10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/shared/out_root.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94840, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4395af00a8bc48e9ddefa5db217bb74945de2fa23cab52dcedbf572f0e2ab5c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/content.rs", "duplicate_line": 9, "correlation_key": "fp|4395af00a8bc48e9ddefa5db217bb74945de2fa23cab52dcedbf572f0e2ab5c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/shared/in_uuid.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94839, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c81bb69cbf3f7ef35ab09f8dbee0b003384c9ce6d9cbff13c3d477e7fe50d18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/download/shared.rs", "duplicate_line": 2, "correlation_key": "fp|3c81bb69cbf3f7ef35ab09f8dbee0b003384c9ce6d9cbff13c3d477e7fe50d18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/shared/in_uuid.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94838, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a82505b41a2221d82c3217b26d0aaca2752570c13e49928e8a0ffd6ff602f62", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/download/link.rs", "duplicate_line": 2, "correlation_key": "fp|9a82505b41a2221d82c3217b26d0aaca2752570c13e49928e8a0ffd6ff602f62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/dir/link/content.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94837, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c08ad3e40ba0505b71da51acc96a96eac07c5ce4e0157ad7f54f49bbaf458459", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/content.rs", "duplicate_line": 9, "correlation_key": "fp|c08ad3e40ba0505b71da51acc96a96eac07c5ce4e0157ad7f54f49bbaf458459"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/dir/download/shared.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94836, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b49f924e3b33380c2be2cbf5dfc70b5ef73ce066d710a4ac9085644faac0d9d4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-sdk-rs/src/api/v3/dir/content.rs", "duplicate_line": 9, "correlation_key": "fp|b49f924e3b33380c2be2cbf5dfc70b5ef73ce066d710a4ac9085644faac0d9d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/api/v3/dir/download/mod.rs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94835, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65d687af9444de3d432fe228eba70afff868eaba57438e7f601c5a946673780a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "filen-mobile-native-cache/src/sql/dir.rs", "duplicate_line": 116, "correlation_key": "fp|65d687af9444de3d432fe228eba70afff868eaba57438e7f601c5a946673780a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-mobile-native-cache/src/sql/file.rs"}, "region": {"startLine": 172}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 94833, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6383d49ad6be6b2875d02ee71cd1e054a7f8f94059c0dddd0585acff3734ebd8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|6383d49ad6be6b2875d02ee71cd1e054a7f8f94059c0dddd0585acff3734ebd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-types/src/api/v3/chat/last_focus_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 94921, "scanner": "repobility-threat-engine", "fingerprint": "0c2a074b4156e2c0e94909e487e39e3a0e1d7eeeb369e4b639590c772214e32c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c2a074b4156e2c0e94909e487e39e3a0e1d7eeeb369e4b639590c772214e32c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/sw.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 94917, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 94913, "scanner": "repobility-threat-engine", "fingerprint": "fcd09cebea3a3544c9bcf1924baa9e0df9598b8ac8efb46111b32a0c2417dd0b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fcd09cebea3a3544c9bcf1924baa9e0df9598b8ac8efb46111b32a0c2417dd0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v1.rs"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 94912, "scanner": "repobility-threat-engine", "fingerprint": "4e6ba979e50b05f984be9f90be3cf6eab5ecc4ca5241054aada4b88be73ff600", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4e6ba979e50b05f984be9f90be3cf6eab5ecc4ca5241054aada4b88be73ff600"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/edge_case_tests.rs"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 94908, "scanner": "repobility-threat-engine", "fingerprint": "11e31a3fef3d569ab74501741711447ae014bd9a77682f0555949aae826c5139", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|11e31a3fef3d569ab74501741711447ae014bd9a77682f0555949aae826c5139", "aggregated_count": 21}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 94907, "scanner": "repobility-threat-engine", "fingerprint": "6b29bb0dc8cce63ab117d7310510e266f84cbbbe177815190a23d6e3b5db7ae9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b29bb0dc8cce63ab117d7310510e266f84cbbbe177815190a23d6e3b5db7ae9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/auth/http/bandwidth_limit/download.rs"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 94906, "scanner": "repobility-threat-engine", "fingerprint": "3b945b267f40256e705c330500d078466bd800d21423de6feddc2d1a168415b5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b945b267f40256e705c330500d078466bd800d21423de6feddc2d1a168415b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-mobile-native-cache/src/env.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 94905, "scanner": "repobility-threat-engine", "fingerprint": "55537f54e29f8c7a948d2649ae617398940790f3d9df9551a25c5cbee40536eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55537f54e29f8c7a948d2649ae617398940790f3d9df9551a25c5cbee40536eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-macros/src/sdk_type_derives.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 94904, "scanner": "repobility-threat-engine", "fingerprint": "f2bf68dbf6d5f27d881fbdf44465eef3a6c230779270894ac9898491470c27b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f2bf68dbf6d5f27d881fbdf44465eef3a6c230779270894ac9898491470c27b0", "aggregated_count": 6}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 94903, "scanner": "repobility-threat-engine", "fingerprint": "1819066d93ed707158b0246b3e4f5c1a56ded9a0f24fca67f25ddfbcf607edee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1819066d93ed707158b0246b3e4f5c1a56ded9a0f24fca67f25ddfbcf607edee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/auth/http/deserialize.rs"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 94902, "scanner": "repobility-threat-engine", "fingerprint": "93b0aa8773fef7b13bfa3dc60a1f3619612d5fa55fcea448f3df1504a799d6e0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93b0aa8773fef7b13bfa3dc60a1f3619612d5fa55fcea448f3df1504a799d6e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-macros/src/sdk_type_derives.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 94901, "scanner": "repobility-threat-engine", "fingerprint": "163db1396e07de568c418cbc6dce064a6c17044fae1055f04b5508d5883846a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|163db1396e07de568c418cbc6dce064a6c17044fae1055f04b5508d5883846a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cache/src/handle.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 37 more): Same pattern found in 37 additional files. Review if needed."}, "properties": {"repobilityId": 94900, "scanner": "repobility-threat-engine", "fingerprint": "6c220980b2416bdecea1fb17ad9b24026a73c3b1b1bfd7adef44571ce90aa8ac", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 37 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6c220980b2416bdecea1fb17ad9b24026a73c3b1b1bfd7adef44571ce90aa8ac", "aggregated_count": 37}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 94896, "scanner": "repobility-threat-engine", "fingerprint": "5da9e84bdf98ec4df24ee51c7dcbbbca245dc216e8447d6f166c14580ad2688d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5da9e84bdf98ec4df24ee51c7dcbbbca245dc216e8447d6f166c14580ad2688d", "aggregated_count": 11}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 94895, "scanner": "repobility-threat-engine", "fingerprint": "91a477d840519245b1a1d94161f4d5c318f96a91e535cf6fe976c34bd205d4c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91a477d840519245b1a1d94161f4d5c318f96a91e535cf6fe976c34bd205d4c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v1.rs"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 94894, "scanner": "repobility-threat-engine", "fingerprint": "fcf8db6f76ce2c01b201995c7238735821233fec92c968ebc0a4515120b71f48", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fcf8db6f76ce2c01b201995c7238735821233fec92c968ebc0a4515120b71f48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-macros/src/anchored_ref.rs"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 94893, "scanner": "repobility-threat-engine", "fingerprint": "2dbe10ffd8c30df74225c88f223b53e60630c225ec5b0dfe5206adce7b0d7331", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2dbe10ffd8c30df74225c88f223b53e60630c225ec5b0dfe5206adce7b0d7331"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "anchored-ref/src/lib.rs"}, "region": {"startLine": 72}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `prettier` is patch version(s) behind (3.8.1 -> 3.8.3)"}, "properties": {"repobilityId": 94887, "scanner": "repobility-dependency-currency", "fingerprint": "72497bedbc0e22898cebc51fabce04425f043116dbdc5dcc6b8873aaa595b7e0", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prettier", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.8.3", "correlation_key": "fp|72497bedbc0e22898cebc51fabce04425f043116dbdc5dcc6b8873aaa595b7e0", "current_version": "3.8.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@zip.js/zip.js` is patch version(s) behind (2.8.11 -> 2.8.26)"}, "properties": {"repobilityId": 94886, "scanner": "repobility-dependency-currency", "fingerprint": "3349647d35aa9392d90c578540da9c8d0f866c05d15574294705ca5d0c787dcf", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@zip.js/zip.js", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.8.26", "correlation_key": "fp|3349647d35aa9392d90c578540da9c8d0f866c05d15574294705ca5d0c787dcf", "current_version": "2.8.11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/serviceworker` is patch version(s) behind (0.0.167 -> 0.0.197)"}, "properties": {"repobilityId": 94883, "scanner": "repobility-dependency-currency", "fingerprint": "0b6f09cb35c81c65d58234f97a5164225976e53e5445fdc3c16af62c5f2c38be", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/serviceworker", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.0.197", "correlation_key": "fp|0b6f09cb35c81c65d58234f97a5164225976e53e5445fdc3c16af62c5f2c38be", "current_version": "0.0.167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2wj-q39q-566r", "level": "error", "message": {"text": "vite: GHSA-v2wj-q39q-566r"}, "properties": {"repobilityId": 94978, "scanner": "osv-scanner", "fingerprint": "5635ccf2c0c177250476882de056bb0f1009bb11dfe85763d321f756a1a1e5d3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39364"], "package": "vite", "rule_id": "GHSA-v2wj-q39q-566r", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39364|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p9ff-h696-f583", "level": "error", "message": {"text": "vite: GHSA-p9ff-h696-f583"}, "properties": {"repobilityId": 94977, "scanner": "osv-scanner", "fingerprint": "cd090bab51bb9efdb87c39f6d247a9e22853f5857696622a5bf0ce749f22ad3c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39363"], "package": "vite", "rule_id": "GHSA-p9ff-h696-f583", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39363|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 94973, "scanner": "osv-scanner", "fingerprint": "7beb8ae3670a3941de5e247debeb2ecc0c9002fef9a1a2730128ee4cb4d5dbb9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 94972, "scanner": "osv-scanner", "fingerprint": "ef1071e8b55b4c7ed4198942ba14b3dcdcf3485fdcf570e0c72cc84842bf090c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 94967, "scanner": "osv-scanner", "fingerprint": "338299ea790140d2c404c60a86dd008e91e9d8e221fe6588f6a07557cedc2f58", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 94965, "scanner": "osv-scanner", "fingerprint": "2b1a9319fd2bfc32d521bc98fb945c6e4775fbad2dc2f2a3e0c3806a3d4983de", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 94964, "scanner": "osv-scanner", "fingerprint": "fc031d998ccb7714971e4594fc27ea1d3ba09fde68166f328d842191275a42bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 94963, "scanner": "osv-scanner", "fingerprint": "db5369e93a9d269e16588facb180eed3e671bc7d30c30c0aedf41bbf94df0eb7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 94961, "scanner": "osv-scanner", "fingerprint": "3f9e4f37460fbae87f164b3010405e5d5a44ad7afa50e4a392f80f4b455087c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 94959, "scanner": "osv-scanner", "fingerprint": "528d8688f8a784807667b476c29d27a382cef409e1e31c26ab075d382b0dc2f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 94958, "scanner": "osv-scanner", "fingerprint": "cf63a2ba27f3f0ecde784c9c0c377092664e7a17f9b0b894addca4cf0e66e8ad", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7h2j-956f-4vf2", "level": "error", "message": {"text": "@isaacs/brace-expansion: GHSA-7h2j-956f-4vf2"}, "properties": {"repobilityId": 94953, "scanner": "osv-scanner", "fingerprint": "f95e1f5bec6eaa70e2eee123363f8bbc25e068e7c4b4bec04c7925d08367745b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25547"], "package": "@isaacs/brace-expansion", "rule_id": "GHSA-7h2j-956f-4vf2", "scanner": "osv-scanner", "correlation_key": "vuln|isaacs/brace-expansion|CVE-2026-25547|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 94952, "scanner": "osv-scanner", "fingerprint": "eba7006557ea36c7681d6e12a0407e3d67952c67f241491457eb59613852f33b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 94951, "scanner": "osv-scanner", "fingerprint": "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["476482283f7b4bf24cebe63c772832bbcbb2a342714f10bd108d0c5c67b78813", "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 94950, "scanner": "osv-scanner", "fingerprint": "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2a5659d7cbd0bb9dfc9d2adea8035c41fc228507431bf1ff230640799fbb9dc2", "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 94949, "scanner": "osv-scanner", "fingerprint": "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4e353f860af1fd9047341f396e862081c6c9d858904293310e34f17a61d47c4c", "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0049", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "properties": {"repobilityId": 94948, "scanner": "osv-scanner", "fingerprint": "c255a366c5ce5102bcdc590878b2b69c65babf58fba82dc3e7831720a1de8e0b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-pwjx-qhcg-rvj4"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0049", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-PWJX-QHCG-RVJ4|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pwjx-qhcg-rvj4", "RUSTSEC-2026-0049"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["8d0a8a95183a8e67ddddb67ea96d335b0564fb0fcd1f901d95577ef01a82be3b", "c255a366c5ce5102bcdc590878b2b69c65babf58fba82dc3e7831720a1de8e0b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0134", "level": "error", "message": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "properties": {"repobilityId": 94947, "scanner": "osv-scanner", "fingerprint": "16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "rustls-pemfile", "rule_id": "RUSTSEC-2025-0134", "scanner": "osv-scanner", "correlation_key": "fp|16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0071", "level": "error", "message": {"text": "rsa: RUSTSEC-2023-0071"}, "properties": {"repobilityId": 94945, "scanner": "osv-scanner", "fingerprint": "8d2ec21cf46ba80ff1843c2b573a651f4162fc37b24b67de47343d2180e0463e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-49092", "GHSA-4grx-2x9w-596c", "GHSA-c38w-74pg-36hr"], "package": "rsa", "rule_id": "RUSTSEC-2023-0071", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2023-49092|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 94944, "scanner": "osv-scanner", "fingerprint": "a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "ee2ad9157999fcb0c8f925391a5e09946511288ceed3e6c5f5b05828611b879f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0037", "level": "error", "message": {"text": "quinn-proto: RUSTSEC-2026-0037"}, "properties": {"repobilityId": 94943, "scanner": "osv-scanner", "fingerprint": "f9c1af453f9a0bdfe4a69e7898d9b3129cb1ee80152010518158bda28e881f27", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-31812", "GHSA-6xvm-j4wr-6v98"], "package": "quinn-proto", "rule_id": "RUSTSEC-2026-0037", "scanner": "osv-scanner", "correlation_key": "vuln|quinn-proto|CVE-2026-31812|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6xvm-j4wr-6v98", "RUSTSEC-2026-0037"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2dc7434cf5d6d3f88ba848d37c8b48497b46115aca80c0a7dd5239e3c7556031", "f9c1af453f9a0bdfe4a69e7898d9b3129cb1ee80152010518158bda28e881f27"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 94942, "scanner": "osv-scanner", "fingerprint": "ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xp3w-r5p5-63rr", "level": "error", "message": {"text": "openssl: GHSA-xp3w-r5p5-63rr"}, "properties": {"repobilityId": 94940, "scanner": "osv-scanner", "fingerprint": "d3c5711dee25a3797b74ad5eb81fb765a4fb03d4c045924932e9431b10ed3aa6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42327"], "package": "openssl", "rule_id": "GHSA-xp3w-r5p5-63rr", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-42327|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pqf5-4pqq-29f5", "level": "error", "message": {"text": "openssl: GHSA-pqf5-4pqq-29f5"}, "properties": {"repobilityId": 94938, "scanner": "osv-scanner", "fingerprint": "0ec078659210fefe0ed55693da0692e92806f964834e9dd96ef956f363973206", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41676"], "package": "openssl", "rule_id": "GHSA-pqf5-4pqq-29f5", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41676|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hppc-g8h3-xhp3", "level": "error", "message": {"text": "openssl: GHSA-hppc-g8h3-xhp3"}, "properties": {"repobilityId": 94936, "scanner": "osv-scanner", "fingerprint": "88a97a0ca38fd4860b8196b0939de4a840c1e4dabcf9da45cd425237ca3a51e7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41898"], "package": "openssl", "rule_id": "GHSA-hppc-g8h3-xhp3", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41898|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghm9-cr32-g9qj", "level": "error", "message": {"text": "openssl: GHSA-ghm9-cr32-g9qj"}, "properties": {"repobilityId": 94935, "scanner": "osv-scanner", "fingerprint": "57a3956e206bd3b83f7ab45d9ab03abf63121d7caac7aea76eba0bab20f3b54a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41681"], "package": "openssl", "rule_id": "GHSA-ghm9-cr32-g9qj", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41681|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8c75-8mhr-p7r9", "level": "error", "message": {"text": "openssl: GHSA-8c75-8mhr-p7r9"}, "properties": {"repobilityId": 94934, "scanner": "osv-scanner", "fingerprint": "d293e6e38180ff7bbd16cc8c5355c5503db1da8dbbee4e0f5820f94c039c562a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41678"], "package": "openssl", "rule_id": "GHSA-8c75-8mhr-p7r9", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41678|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0057", "level": "error", "message": {"text": "fxhash: RUSTSEC-2025-0057"}, "properties": {"repobilityId": 94933, "scanner": "osv-scanner", "fingerprint": "81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fxhash", "rule_id": "RUSTSEC-2025-0057", "scanner": "osv-scanner", "correlation_key": "fp|81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2021-0141", "level": "error", "message": {"text": "dotenv: RUSTSEC-2021-0141"}, "properties": {"repobilityId": 94932, "scanner": "osv-scanner", "fingerprint": "510e3e5120ab09f35912b276d001ec907e20d8e6984fe9dc6fd321e83d0eb4d2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dotenv", "rule_id": "RUSTSEC-2021-0141", "scanner": "osv-scanner", "correlation_key": "fp|510e3e5120ab09f35912b276d001ec907e20d8e6984fe9dc6fd321e83d0eb4d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0007", "level": "error", "message": {"text": "bytes: RUSTSEC-2026-0007"}, "properties": {"repobilityId": 94931, "scanner": "osv-scanner", "fingerprint": "840e36d2de2ac4a8c1c34987b6b57d85a91e4b9353f37c12a525b9daca3b5258", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-25541", "GHSA-434x-w66g-qw3r"], "package": "bytes", "rule_id": "RUSTSEC-2026-0007", "scanner": "osv-scanner", "correlation_key": "vuln|bytes|CVE-2026-25541|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-434x-w66g-qw3r", "RUSTSEC-2026-0007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["840e36d2de2ac4a8c1c34987b6b57d85a91e4b9353f37c12a525b9daca3b5258", "95131744e23e323a780caee127b231789361290b6f3c2f97df8af0deb20d6e30"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 94922, "scanner": "repobility-threat-engine", "fingerprint": "335ecde767eb4b4d239e916ca6f71dfa4d4f5fb11ee6e05cd11cbd53df3f1827", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|335ecde767eb4b4d239e916ca6f71dfa4d4f5fb11ee6e05cd11cbd53df3f1827"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/vite.config.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 94920, "scanner": "repobility-threat-engine", "fingerprint": "76a2e40c6ec46b8e07a366e0fcc8d60a235c5951d96f57bea210fc3c2f3b038c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76a2e40c6ec46b8e07a366e0fcc8d60a235c5951d96f57bea210fc3c2f3b038c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v1.rs"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 94919, "scanner": "repobility-threat-engine", "fingerprint": "d52886ae058340c8d48bf069dfc3c07ee157b0a27ace41ecd88dbda2e90f4689", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d52886ae058340c8d48bf069dfc3c07ee157b0a27ace41ecd88dbda2e90f4689"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v2.rs"}, "region": {"startLine": 372}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 94918, "scanner": "repobility-threat-engine", "fingerprint": "8be11875b5599797d39a7ceef70b42ff53e153846fc52655b2a40a70c9b0cfb8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8be11875b5599797d39a7ceef70b42ff53e153846fc52655b2a40a70c9b0cfb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v1.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 94916, "scanner": "repobility-threat-engine", "fingerprint": "898b61d69010f871be726efdda7ce3eabbfaab1ec14ff39531ed26c26a6adbb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(derived_password_str);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|898b61d69010f871be726efdda7ce3eabbfaab1ec14ff39531ed26c26a6adbb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v2.rs"}, "region": {"startLine": 392}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 94915, "scanner": "repobility-threat-engine", "fingerprint": "91900511da9bc8a428fd25c4e1a70fb26db632aec42ebdffff505ea27153e1da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(password);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|91900511da9bc8a428fd25c4e1a70fb26db632aec42ebdffff505ea27153e1da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/v1.rs"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 94914, "scanner": "repobility-threat-engine", "fingerprint": "7c0304fb38c18ef04a466ef40c334b494e615a523bda07b4ae150944d60d06e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hmac.update(data);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7c0304fb38c18ef04a466ef40c334b494e615a523bda07b4ae150944d60d06e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/crypto/rsa.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94911, "scanner": "repobility-threat-engine", "fingerprint": "aa940a7cf8293e9cb25407b9769137b843e92c412a72cd77e1fa99af02cc6fab", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aa940a7cf8293e9cb25407b9769137b843e92c412a72cd77e1fa99af02cc6fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/sw.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94910, "scanner": "repobility-threat-engine", "fingerprint": "a245104462345d8d3e163c3a7169b615a3ab46b535abf38465bf08046e018e8a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a245104462345d8d3e163c3a7169b615a3ab46b535abf38465bf08046e018e8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/sync/lock.rs"}, "region": {"startLine": 199}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94909, "scanner": "repobility-threat-engine", "fingerprint": "7118afeb3b053783f28908bd4271d34585b6776d434d67d989cbb4a07ea9e7bd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7118afeb3b053783f28908bd4271d34585b6776d434d67d989cbb4a07ea9e7bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/src/consts.rs"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 94899, "scanner": "repobility-threat-engine", "fingerprint": "b8142210be8de23feae03c1b95b5d47cc534876d272f55e3ef8c1ec4bed88386", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b8142210be8de23feae03c1b95b5d47cc534876d272f55e3ef8c1ec4bed88386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/src/lib.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 94898, "scanner": "repobility-threat-engine", "fingerprint": "7339f9a284a71bc0dd8f4274e2d982a98cc14bf4a35ae6224a65a1b45b1ba967", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7339f9a284a71bc0dd8f4274e2d982a98cc14bf4a35ae6224a65a1b45b1ba967"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/build.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 94897, "scanner": "repobility-threat-engine", "fingerprint": "07d10ff55953e27a4e3c4626e3066a33078feb8f617784a6f9639e7c86efa4c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|07d10ff55953e27a4e3c4626e3066a33078feb8f617784a6f9639e7c86efa4c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cache/src/handle.rs"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94882, "scanner": "repobility-supply-chain", "fingerprint": "909143c32e4d428db306b750be8cc8cec9d61d1bd585127da99ce1660397c613", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|909143c32e4d428db306b750be8cc8cec9d61d1bd585127da99ce1660397c613"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94881, "scanner": "repobility-supply-chain", "fingerprint": "7eda58e6ebfa95965b9bd59f9a6694c5f5f512bb19d24edbfdc03935e7587270", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7eda58e6ebfa95965b9bd59f9a6694c5f5f512bb19d24edbfdc03935e7587270"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94880, "scanner": "repobility-supply-chain", "fingerprint": "bc491716cc1b17a5031dea9451a0aeb57454d949aebcda2088eca6673c0e7ffe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc491716cc1b17a5031dea9451a0aeb57454d949aebcda2088eca6673c0e7ffe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `amyu/setup-android` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94879, "scanner": "repobility-supply-chain", "fingerprint": "d5cbe5462c03761c51cc54552d9fe3890ec0c4ff258548c1788f6dc39d46a5fb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d5cbe5462c03761c51cc54552d9fe3890ec0c4ff258548c1788f6dc39d46a5fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94878, "scanner": "repobility-supply-chain", "fingerprint": "53e15486da256045eb78a5cd6e039f4e7e48049d077664f7d3b897a0e82b5706", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|53e15486da256045eb78a5cd6e039f4e7e48049d077664f7d3b897a0e82b5706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94877, "scanner": "repobility-supply-chain", "fingerprint": "48fc003a2e30c7c02302aefaddfa5c125866f718967de40e56dc8b61dbca4dd3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48fc003a2e30c7c02302aefaddfa5c125866f718967de40e56dc8b61dbca4dd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94876, "scanner": "repobility-supply-chain", "fingerprint": "f279e908775d3f77ae47e9c9616311dc559325bff85266c89c04c17facf4642f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f279e908775d3f77ae47e9c9616311dc559325bff85266c89c04c17facf4642f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94875, "scanner": "repobility-supply-chain", "fingerprint": "a9aae97c22e46b96bc3dafecff4254d72f5041f08017d270233b28b4b6838872", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9aae97c22e46b96bc3dafecff4254d72f5041f08017d270233b28b4b6838872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94874, "scanner": "repobility-supply-chain", "fingerprint": "c9610b7695cf201ccbefc7c89782437748763335afa31c601f38dc87ad5efaec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9610b7695cf201ccbefc7c89782437748763335afa31c601f38dc87ad5efaec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94873, "scanner": "repobility-supply-chain", "fingerprint": "d2a17eb6c38b82012dab2c5ad6b8ca67c3b31e66af77becac4b32e2b60758c2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d2a17eb6c38b82012dab2c5ad6b8ca67c3b31e66af77becac4b32e2b60758c2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94872, "scanner": "repobility-supply-chain", "fingerprint": "d6e5535e1e9991378a7815f541c8c9068f28b4f2dace628938733c38120f11a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6e5535e1e9991378a7815f541c8c9068f28b4f2dace628938733c38120f11a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94871, "scanner": "repobility-supply-chain", "fingerprint": "3b0fec33be5da43e4e2850c526263f24e1558c0bb18e637f7972cf88cafc23e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b0fec33be5da43e4e2850c526263f24e1558c0bb18e637f7972cf88cafc23e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94870, "scanner": "repobility-supply-chain", "fingerprint": "f123b400a4810d009962b0f2e84cbcb07d0fefca6c37aade2a04354e931ee003", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f123b400a4810d009962b0f2e84cbcb07d0fefca6c37aade2a04354e931ee003"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94869, "scanner": "repobility-supply-chain", "fingerprint": "5bff899ae9c027b8ce2202d0ab409602909327aeba45f177f5d360b5b880bb0f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5bff899ae9c027b8ce2202d0ab409602909327aeba45f177f5d360b5b880bb0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94868, "scanner": "repobility-supply-chain", "fingerprint": "152191d82edd368a28319263abf8fb4949dcc9dbb88c281c21e8318e11c64d69", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|152191d82edd368a28319263abf8fb4949dcc9dbb88c281c21e8318e11c64d69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `amyu/setup-android` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94867, "scanner": "repobility-supply-chain", "fingerprint": "7cad5c5bb276ebe6f1d8d858d28d921a736ae38b7aee03f6324a73209676ddfe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7cad5c5bb276ebe6f1d8d858d28d921a736ae38b7aee03f6324a73209676ddfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94866, "scanner": "repobility-supply-chain", "fingerprint": "6d08242c0a835cfed6dbb0273cfaf3b6982fda92ce331bec5850cdaec23b3219", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d08242c0a835cfed6dbb0273cfaf3b6982fda92ce331bec5850cdaec23b3219"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94865, "scanner": "repobility-supply-chain", "fingerprint": "b762b746b7163add2737a9b7e59ac7372e976bc548b7d18959bec42439752ca9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b762b746b7163add2737a9b7e59ac7372e976bc548b7d18959bec42439752ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94864, "scanner": "repobility-supply-chain", "fingerprint": "7f80431f96ea75025690cf938efb9e85584644d31430fbbe984d718da910a2ba", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f80431f96ea75025690cf938efb9e85584644d31430fbbe984d718da910a2ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/npm-publish.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94863, "scanner": "repobility-supply-chain", "fingerprint": "2e1100b8e2a6425c809f4d5b171a8b35396ea29f42ebc4e0daf877ed95ce2d68", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2e1100b8e2a6425c809f4d5b171a8b35396ea29f42ebc4e0daf877ed95ce2d68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94862, "scanner": "repobility-supply-chain", "fingerprint": "0d01714c735927f155bae3534fa88df87e8ed073b93c1258ab75b4009ef5fc22", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d01714c735927f155bae3534fa88df87e8ed073b93c1258ab75b4009ef5fc22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94861, "scanner": "repobility-supply-chain", "fingerprint": "1a23d14419d270fbff0fc048075f9f2828ceb37c71151d9b1f264f58a4ea5f91", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a23d14419d270fbff0fc048075f9f2828ceb37c71151d9b1f264f58a4ea5f91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94860, "scanner": "repobility-supply-chain", "fingerprint": "f30d919987918eb1c31453faf2f872991c3517747726ac69f7494531e9b1bbea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f30d919987918eb1c31453faf2f872991c3517747726ac69f7494531e9b1bbea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94859, "scanner": "repobility-supply-chain", "fingerprint": "bd998e9a3e63c95e5e1ec9de2a3d96276299a702536bdc7640504e617602782b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bd998e9a3e63c95e5e1ec9de2a3d96276299a702536bdc7640504e617602782b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94858, "scanner": "repobility-supply-chain", "fingerprint": "678faf5b723886030a5b4ed58ec01019667a1fa1092986221c5b7584767d97ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|678faf5b723886030a5b4ed58ec01019667a1fa1092986221c5b7584767d97ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "package.json dep `uniffi-bindgen-react-native` pulled from URL/Git"}, "properties": {"repobilityId": 94857, "scanner": "repobility-supply-chain", "fingerprint": "831941bda87b0813c3d4d911331a23a4afa3a3d430743aab7719b221e5b2486d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|831941bda87b0813c3d4d911331a23a4afa3a3d430743aab7719b221e5b2486d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `alpine:latest` not pinned by digest"}, "properties": {"repobilityId": 94856, "scanner": "repobility-supply-chain", "fingerprint": "979367b8adbf4c8982b77118f037330b2f100cffd27e719c5660958e8dcb1346", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|979367b8adbf4c8982b77118f037330b2f100cffd27e719c5660958e8dcb1346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.91.0-slim` not pinned by digest"}, "properties": {"repobilityId": 94855, "scanner": "repobility-supply-chain", "fingerprint": "28b0dbdbed2f16b73de9959fb394bf531403f8d619fe09896199c4c3e907cc92", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28b0dbdbed2f16b73de9959fb394bf531403f8d619fe09896199c4c3e907cc92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-cli/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "GHSA-5xrq-8626-4rwp", "level": "error", "message": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "properties": {"repobilityId": 94979, "scanner": "osv-scanner", "fingerprint": "c7a71c348f6cc02f97e614eed6527fe5f35c2d410f39e2d43005bd0aec2454de", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47429"], "package": "vitest", "rule_id": "GHSA-5xrq-8626-4rwp", "scanner": "osv-scanner", "correlation_key": "vuln|vitest|CVE-2026-47429|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "filen-sdk-rs/web/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94930, "scanner": "gitleaks", "fingerprint": "7af3251d6507a66155316edc8056ccb4897f0932bc3b1c0727e0ae3d4fa3cc5a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API_KEY = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|. token|19|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/skills/security/SKILL.md"}, "region": {"startLine": 192}}}]}]}]}