{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j8xg-fqg3-53r7", "name": "word-wrap: GHSA-j8xg-fqg3-53r7", "shortDescription": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "fullDescription": {"text": "word-wrap vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xcj6-pq6g-qj4x", "name": "vite: GHSA-xcj6-pq6g-qj4x", "shortDescription": {"text": "vite: GHSA-xcj6-pq6g-qj4x"}, "fullDescription": {"text": "Vite allows server.fs.deny to be bypassed with .svg or relative paths"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x574-m823-4x7w", "name": "vite: GHSA-x574-m823-4x7w", "shortDescription": {"text": "vite: GHSA-x574-m823-4x7w"}, "fullDescription": {"text": "Vite bypasses server.fs.deny when using ?raw??"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vg6x-rcgg-rjx6", "name": "vite: GHSA-vg6x-rcgg-rjx6", "shortDescription": {"text": "vite: GHSA-vg6x-rcgg-rjx6"}, "fullDescription": {"text": "Websites were able to send any requests to the development server and read the response in vite"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9cwx-2883-4wfx", "name": "vite: GHSA-9cwx-2883-4wfx", "shortDescription": {"text": "vite: GHSA-9cwx-2883-4wfx"}, "fullDescription": {"text": "Vite's `server.fs.deny` is bypassed when using `?import&raw`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-93m4-6634-74q7", "name": "vite: GHSA-93m4-6634-74q7", "shortDescription": {"text": "vite: GHSA-93m4-6634-74q7"}, "fullDescription": {"text": "vite allows server.fs.deny bypass via backslash on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-92r3-m2mg-pj97", "name": "vite: GHSA-92r3-m2mg-pj97", "shortDescription": {"text": "vite: GHSA-92r3-m2mg-pj97"}, "fullDescription": {"text": "Vite XSS vulnerability in `server.transformIndexHtml` via URL payload"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8jhw-289h-jh2g", "name": "vite: GHSA-8jhw-289h-jh2g", "shortDescription": {"text": "vite: GHSA-8jhw-289h-jh2g"}, "fullDescription": {"text": "Vite's `server.fs.deny` did not deny requests for patterns with directories."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-859w-5945-r5v3", "name": "vite: GHSA-859w-5945-r5v3", "shortDescription": {"text": "vite: GHSA-859w-5945-r5v3"}, "fullDescription": {"text": "Vite's server.fs.deny bypassed with /. for files under project root"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-64vr-g452-qvp3", "name": "vite: GHSA-64vr-g452-qvp3", "shortDescription": {"text": "vite: GHSA-64vr-g452-qvp3"}, "fullDescription": {"text": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4r4m-qw57-chr8", "name": "vite: GHSA-4r4m-qw57-chr8", "shortDescription": {"text": "vite: GHSA-4r4m-qw57-chr8"}, "fullDescription": {"text": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-356w-63v5-8wf4", "name": "vite: GHSA-356w-63v5-8wf4", "shortDescription": {"text": "vite: GHSA-356w-63v5-8wf4"}, "fullDescription": {"text": "Vite has an `server.fs.deny` bypass with an invalid `request-target`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-72xf-g2v4-qvf3", "name": "tough-cookie: GHSA-72xf-g2v4-qvf3", "shortDescription": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "fullDescription": {"text": "tough-cookie Prototype Pollution vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8mj-m7cp-5q26", "name": "qs: GHSA-q8mj-m7cp-5q26", "shortDescription": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "fullDescription": {"text": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6rw7-vpxm-498p", "name": "qs: GHSA-6rw7-vpxm-498p", "shortDescription": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "fullDescription": {"text": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mwcw-c2x4-8c55", "name": "nanoid: GHSA-mwcw-c2x4-8c55", "shortDescription": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "fullDescription": {"text": "Predictable results in nanoid generation when given non-integer values"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-952p-6rrq-rcjv", "name": "micromatch: GHSA-952p-6rrq-rcjv", "shortDescription": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in micromatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxjr-mmjv-4gpg", "name": "lodash: GHSA-xxjr-mmjv-4gpg", "shortDescription": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "fullDescription": {"text": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh29-5h37-fv8m", "name": "js-yaml: GHSA-mh29-5h37-fv8m", "shortDescription": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "fullDescription": {"text": "js-yaml has prototype pollution in merge (<<)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67mh-4wv8-2f99", "name": "esbuild: GHSA-67mh-4wv8-2f99", "shortDescription": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "fullDescription": {"text": "esbuild enables any website to send any requests to the development server and read the response"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-968p-4wvh-cqc8", "name": "@babel/helpers: GHSA-968p-4wvh-cqc8", "shortDescription": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "fullDescription": {"text": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-prr3-c3m5-p7q2", "name": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2", "shortDescription": {"text": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2"}, "fullDescription": {"text": "@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hpx4-r86g-5jrg", "name": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg", "shortDescription": {"text": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg"}, "fullDescription": {"text": "@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `final-form` is 1 major version(s) behind (4.20.9 -> 5.0.1)", "shortDescription": {"text": "npm package `final-form` is 1 major version(s) behind (4.20.9 -> 5.0.1)"}, "fullDescription": {"text": "`final-form` is pinned/resolved at 4.20.9 but the latest stable release on the npm registry is 5.0.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "GHSA-8fgc-7cc6-rx7x", "name": "webpack: GHSA-8fgc-7cc6-rx7x", "shortDescription": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "fullDescription": {"text": "webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38r7-794h-5758", "name": "webpack: GHSA-38r7-794h-5758", "shortDescription": {"text": "webpack: GHSA-38r7-794h-5758"}, "fullDescription": {"text": "webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects \u2192 SSRF + cache persistence"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jqfw-vq24-v9c3", "name": "vite: GHSA-jqfw-vq24-v9c3", "shortDescription": {"text": "vite: GHSA-jqfw-vq24-v9c3"}, "fullDescription": {"text": "Vite's `server.fs` settings were not applied to HTML files"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-g4jq-h2w9-997c", "name": "vite: GHSA-g4jq-h2w9-997c", "shortDescription": {"text": "vite: GHSA-g4jq-h2w9-997c"}, "fullDescription": {"text": "Vite middleware may serve files starting with the same name with the public directory"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w7fw-mjwx-w883", "name": "qs: GHSA-w7fw-mjwx-w883", "shortDescription": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "fullDescription": {"text": "qs's arrayLimit bypass in comma parsing allows denial of service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4gmj-3p3h-gm8h", "name": "es5-ext: GHSA-4gmj-3p3h-gm8h", "shortDescription": {"text": "es5-ext: GHSA-4gmj-3p3h-gm8h"}, "fullDescription": {"text": "es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vpq2-c234-7xj6", "name": "@tootallnate/once: GHSA-vpq2-c234-7xj6", "shortDescription": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "fullDescription": {"text": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "GHSA-f9xv-q969-pqx4", "name": "yaml: GHSA-f9xv-q969-pqx4", "shortDescription": {"text": "yaml: GHSA-f9xv-q969-pqx4"}, "fullDescription": {"text": "Uncaught Exception in yaml"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3h5v-q93c-6h6q", "name": "ws: GHSA-3h5v-q93c-6h6q", "shortDescription": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "fullDescription": {"text": "ws affected by a DoS when handling a request with many HTTP headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c27g-q93r-2cwf", "name": "vite: GHSA-c27g-q93r-2cwf", "shortDescription": {"text": "vite: GHSA-c27g-q93r-2cwf"}, "fullDescription": {"text": "launch-editor vulnerable to command injection via the crafted request on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c24v-8rfc-w8vw", "name": "vite: GHSA-c24v-8rfc-w8vw", "shortDescription": {"text": "vite: GHSA-c24v-8rfc-w8vw"}, "fullDescription": {"text": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mjf5-7g4m-gx5w", "name": "storybook: GHSA-mjf5-7g4m-gx5w", "shortDescription": {"text": "storybook: GHSA-mjf5-7g4m-gx5w"}, "fullDescription": {"text": "Storybook Dev Server is Vulnerable to WebSocket Hijacking"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8452-54wp-rmv6", "name": "storybook: GHSA-8452-54wp-rmv6", "shortDescription": {"text": "storybook: GHSA-8452-54wp-rmv6"}, "fullDescription": {"text": "Storybook manager bundle may expose environment variables during build"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2qf-rxjj-qqgw", "name": "semver: GHSA-c2qf-rxjj-qqgw", "shortDescription": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "fullDescription": {"text": "semver vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gcx4-mw62-g8wm", "name": "rollup: GHSA-gcx4-mw62-g8wm", "shortDescription": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "fullDescription": {"text": "DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7mvr-c777-76hp", "name": "playwright: GHSA-7mvr-c777-76hp", "shortDescription": {"text": "playwright: GHSA-7mvr-c777-76hp"}, "fullDescription": {"text": "Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wf6x-7x77-mvgw", "name": "immutable: GHSA-wf6x-7x77-mvgw", "shortDescription": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "fullDescription": {"text": "Immutable is vulnerable to Prototype Pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5j98-mcp5-4vw2", "name": "glob: GHSA-5j98-mcp5-4vw2", "shortDescription": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "fullDescription": {"text": "glob CLI: Command injection via -c/--cmd executes matches with shell:true"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v39h-62p7-jpjc", "name": "fast-uri: GHSA-v39h-62p7-jpjc", "shortDescription": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "fullDescription": {"text": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q3j6-qgpj-74h6", "name": "fast-uri: GHSA-q3j6-qgpj-74h6", "shortDescription": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "fullDescription": {"text": "fast-uri vulnerable to path traversal via percent-encoded dot segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3xgq-45jj-v275", "name": "cross-spawn: GHSA-3xgq-45jj-v275", "shortDescription": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in cross-spawn"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-grv7-fg5c-xmjg", "name": "braces: GHSA-grv7-fg5c-xmjg", "shortDescription": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "fullDescription": {"text": "Uncontrolled resource consumption in braces"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fv7c-fp4j-7gwp", "name": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp", "shortDescription": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "fullDescription": {"text": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `gravity-ui/preview-upload-to-s3-action` pinned to mutable ref `@v1`", "shortDescription": {"text": "Action `gravity-ui/preview-upload-to-s3-action` pinned to mutable ref `@v1`"}, "fullDescription": {"text": "`uses: gravity-ui/preview-upload-to-s3-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `mcr.microsoft.com/playwright:v1.40.0-jammy` unpinned", "shortDescription": {"text": "Workflow container/services image `mcr.microsoft.com/playwright:v1.40.0-jammy` unpinned"}, "fullDescription": {"text": "`container/services image: mcr.microsoft.com/playwright:v1.40.0-jammy` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-fjxv-7rqg-78g4", "name": "form-data: GHSA-fjxv-7rqg-78g4", "shortDescription": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "fullDescription": {"text": "form-data uses unsafe random function in form-data for choosing boundary"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67hx-6x53-jw92", "name": "@babel/traverse: GHSA-67hx-6x53-jw92", "shortDescription": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "fullDescription": {"text": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1058"}, "properties": {"repository": "gravity-ui/dynamic-forms", "repoUrl": "https://github.com/gravity-ui/dynamic-forms", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 103861, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 103860, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 103854, "scanner": "osv-scanner", "fingerprint": "f23c81ca1bf7793083d58c8b09cd6bf208ab392998a2d9a3bb3322561a728d6b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 103853, "scanner": "osv-scanner", "fingerprint": "1b788fa8525382946c739270c1849aaa868327cf2c4216daf211eef3de5db45b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j8xg-fqg3-53r7", "level": "warning", "message": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "properties": {"repobilityId": 103851, "scanner": "osv-scanner", "fingerprint": "0a3553b5adddbf423c8b88bc190be2bd4b6c230ac4332be849298da6f27b9d50", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26115"], "package": "word-wrap", "rule_id": "GHSA-j8xg-fqg3-53r7", "scanner": "osv-scanner", "correlation_key": "vuln|word-wrap|CVE-2023-26115|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xcj6-pq6g-qj4x", "level": "warning", "message": {"text": "vite: GHSA-xcj6-pq6g-qj4x"}, "properties": {"repobilityId": 103848, "scanner": "osv-scanner", "fingerprint": "655d7090889fcc61242dd36dc3b9118e667279b366e730662fd60d6623066396", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-31486"], "package": "vite", "rule_id": "GHSA-xcj6-pq6g-qj4x", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-31486|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x574-m823-4x7w", "level": "warning", "message": {"text": "vite: GHSA-x574-m823-4x7w"}, "properties": {"repobilityId": 103847, "scanner": "osv-scanner", "fingerprint": "83153ccd9d30c64327049f1db5229b3688e18cfde0cf0451384f030697129ea2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30208"], "package": "vite", "rule_id": "GHSA-x574-m823-4x7w", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-30208|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vg6x-rcgg-rjx6", "level": "warning", "message": {"text": "vite: GHSA-vg6x-rcgg-rjx6"}, "properties": {"repobilityId": 103846, "scanner": "osv-scanner", "fingerprint": "dd2f14ef29b8bab8105a37553a0c32e884371d67443d3dc17c72dc5c2c167032", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-24010"], "package": "vite", "rule_id": "GHSA-vg6x-rcgg-rjx6", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-24010|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9cwx-2883-4wfx", "level": "warning", "message": {"text": "vite: GHSA-9cwx-2883-4wfx"}, "properties": {"repobilityId": 103841, "scanner": "osv-scanner", "fingerprint": "1b9ba203522667cee3fc2be7411dc0bdb4728b04ee49a6f862ea467d2a468b94", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45811"], "package": "vite", "rule_id": "GHSA-9cwx-2883-4wfx", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2024-45811|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-93m4-6634-74q7", "level": "warning", "message": {"text": "vite: GHSA-93m4-6634-74q7"}, "properties": {"repobilityId": 103840, "scanner": "osv-scanner", "fingerprint": "0a47eb2a50fc12b47aed0b7d36edaaeca003fa78e9b68243d3157185a1ef1801", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-62522"], "package": "vite", "rule_id": "GHSA-93m4-6634-74q7", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-62522|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-92r3-m2mg-pj97", "level": "warning", "message": {"text": "vite: GHSA-92r3-m2mg-pj97"}, "properties": {"repobilityId": 103839, "scanner": "osv-scanner", "fingerprint": "d3350457f55234f90ef5cb38ff60b93e3e69b7c236636e70dfeafcf11d12dd93", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-49293"], "package": "vite", "rule_id": "GHSA-92r3-m2mg-pj97", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2023-49293|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8jhw-289h-jh2g", "level": "warning", "message": {"text": "vite: GHSA-8jhw-289h-jh2g"}, "properties": {"repobilityId": 103838, "scanner": "osv-scanner", "fingerprint": "6bafdf585a9118140ec2350100a8f9fdbad26b71509c330f3ea9a059f7fb5438", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-31207"], "package": "vite", "rule_id": "GHSA-8jhw-289h-jh2g", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2024-31207|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-859w-5945-r5v3", "level": "warning", "message": {"text": "vite: GHSA-859w-5945-r5v3"}, "properties": {"repobilityId": 103837, "scanner": "osv-scanner", "fingerprint": "8901af6b7b48852f338d8f236f025f71bded6f87aea76b4254405be61ea89a8f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-46565"], "package": "vite", "rule_id": "GHSA-859w-5945-r5v3", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-46565|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-64vr-g452-qvp3", "level": "warning", "message": {"text": "vite: GHSA-64vr-g452-qvp3"}, "properties": {"repobilityId": 103836, "scanner": "osv-scanner", "fingerprint": "f57c16b879f1c6fa70288923ebf0d615b86ba571ddddc3487c7a7513875a8d6d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45812"], "package": "vite", "rule_id": "GHSA-64vr-g452-qvp3", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2024-45812|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 103835, "scanner": "osv-scanner", "fingerprint": "b9493abcfc150bfe6cb302cb6e27e4bbb1e650942ccb7c4de386ac3ae1c5f54d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4r4m-qw57-chr8", "level": "warning", "message": {"text": "vite: GHSA-4r4m-qw57-chr8"}, "properties": {"repobilityId": 103834, "scanner": "osv-scanner", "fingerprint": "4ac183ff0c1278967ef1d08b4b5a62d2a85b3ad48d9b5ca51e075ebce85ceab2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-31125"], "package": "vite", "rule_id": "GHSA-4r4m-qw57-chr8", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-31125|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-356w-63v5-8wf4", "level": "warning", "message": {"text": "vite: GHSA-356w-63v5-8wf4"}, "properties": {"repobilityId": 103833, "scanner": "osv-scanner", "fingerprint": "8313c04f69eabac1d3bb708154587a5346dc89b150d24d321b7a7bbf4acecd23", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32395"], "package": "vite", "rule_id": "GHSA-356w-63v5-8wf4", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-32395|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 103832, "scanner": "osv-scanner", "fingerprint": "2f6e44d3056f0549be14ae43b720d756ca97d735468761433ea29a9ddf340eaa", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-72xf-g2v4-qvf3", "level": "warning", "message": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "properties": {"repobilityId": 103831, "scanner": "osv-scanner", "fingerprint": "9312444564db3259ff3baca946d1de0e510333d4b6ad2cc139492995a0ed6e56", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26136"], "package": "tough-cookie", "rule_id": "GHSA-72xf-g2v4-qvf3", "scanner": "osv-scanner", "correlation_key": "vuln|tough-cookie|CVE-2023-26136|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 103828, "scanner": "osv-scanner", "fingerprint": "861c9140d2458e85a1dd789a1de43fb0746f37a04647da29356e9e95fb4647ef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 103822, "scanner": "osv-scanner", "fingerprint": "47af66b2941511910bef679f7fdc36232d020247a0f6ed279e094f6f5cfdf3b5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 103821, "scanner": "osv-scanner", "fingerprint": "fa80c0113a31d4aa749588a85511874d731a5f17963bf03bd5aa107cf81d4b3f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 103820, "scanner": "osv-scanner", "fingerprint": "33aa829b4458c5ef73d832c9e568cf3032217bd31f4b18cc6a572d90111a50bb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 103817, "scanner": "osv-scanner", "fingerprint": "d01f2097e7b318fed09051dc9486d1856dda99f71ea520983bca2d575128e70d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mwcw-c2x4-8c55", "level": "warning", "message": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "properties": {"repobilityId": 103816, "scanner": "osv-scanner", "fingerprint": "17aa9cc2e8026cc24dc5e114a937e54b03ea8b7b6868431635040b50227ddd2c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-55565"], "package": "nanoid", "rule_id": "GHSA-mwcw-c2x4-8c55", "scanner": "osv-scanner", "correlation_key": "vuln|nanoid|CVE-2024-55565|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 103812, "scanner": "osv-scanner", "fingerprint": "6074fdd4d1c7ccc86350f1ed269ae01ecab6612eecc17984fef4f3c455e1e6a6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 103811, "scanner": "osv-scanner", "fingerprint": "f047ccc7d9c1109aced3a5c21f0b53a27d6582174ed7660bc0f4dfe83bf08a1a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 103809, "scanner": "osv-scanner", "fingerprint": "de986ead824c9cd2225230d6fcc7a484a3f62fc4668bd948eb33bf3de3e73e26", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 103808, "scanner": "osv-scanner", "fingerprint": "28d729fc1155c54fc66f4fb51841604d700ad2e22c31e413765f6dd36f601211", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 103800, "scanner": "osv-scanner", "fingerprint": "a5366f8592ea792611dbd54230e9a360d84cfa4deab68e1cdb4eca522a676bc6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 103795, "scanner": "osv-scanner", "fingerprint": "e8eb0ab1ffbb15b3b127c7436af364aa04d69dbc42fb22d21fcb4f304d428269", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 103794, "scanner": "osv-scanner", "fingerprint": "b6e4ab66cc3522d009fa9b7b4cb49ad3d9a60843a6d25559c80bbc6b5b65b8d7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 103790, "scanner": "osv-scanner", "fingerprint": "a2744c3dc4514686546d37b3766fd7426464a5ddd60df990e0fd10cd70ff8afb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-prr3-c3m5-p7q2", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2"}, "properties": {"repobilityId": 103789, "scanner": "osv-scanner", "fingerprint": "b77985b2e40a6696ca98bdd77baac141a1a8878acfd3888aa89660f014c04b04", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-48631"], "package": "@adobe/css-tools", "rule_id": "GHSA-prr3-c3m5-p7q2", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-48631|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hpx4-r86g-5jrg", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg"}, "properties": {"repobilityId": 103788, "scanner": "osv-scanner", "fingerprint": "5a917e5412437837402d129acdb8422b23373b1e04676bc67cb81e762dc4350b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26364"], "package": "@adobe/css-tools", "rule_id": "GHSA-hpx4-r86g-5jrg", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-26364|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 103787, "scanner": "repobility-threat-engine", "fingerprint": "863035322232b5f240cd6e9a71ca9ae42a603af9e2edc93291e9724e218e083b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (_) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|863035322232b5f240cd6e9a71ca9ae42a603af9e2edc93291e9724e218e083b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/components/Editor/Editor.tsx"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 103786, "scanner": "repobility-threat-engine", "fingerprint": "9bec914a5270ceb60eeffe0475e1982181bcad1be8b210ba016f8eb6cae74ca9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9bec914a5270ceb60eeffe0475e1982181bcad1be8b210ba016f8eb6cae74ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/Editor.stories.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `final-form` is 1 major version(s) behind (4.20.9 -> 5.0.1)"}, "properties": {"repobilityId": 103785, "scanner": "repobility-dependency-currency", "fingerprint": "e88a207523dd74b380164e5bd5f8593ddfbae621630cc69beeb7a412b41c6bd6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "final-form", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.0.1", "correlation_key": "fp|e88a207523dd74b380164e5bd5f8593ddfbae621630cc69beeb7a412b41c6bd6", "current_version": "4.20.9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `css-loader` is 1 major version(s) behind (6.11.0 -> 7.1.4)"}, "properties": {"repobilityId": 103784, "scanner": "repobility-dependency-currency", "fingerprint": "90046d6a6b1777d9392bb771b4b94d6765e69c055835facab919740d113ffdcc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "css-loader", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.1.4", "correlation_key": "fp|90046d6a6b1777d9392bb771b4b94d6765e69c055835facab919740d113ffdcc", "current_version": "6.11.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `ajv` is 2 major version(s) behind (6.12.6 -> 8.20.0)"}, "properties": {"repobilityId": 103783, "scanner": "repobility-dependency-currency", "fingerprint": "102ae61fd78b8c9e36a82e668b90e8d101df4c37beb7a400b0e0a9bbd0fa7cba", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ajv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.20.0", "correlation_key": "fp|102ae61fd78b8c9e36a82e668b90e8d101df4c37beb7a400b0e0a9bbd0fa7cba", "current_version": "6.12.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@vitejs/plugin-react` is 2 major version(s) behind (4.2.0 -> 6.0.2)"}, "properties": {"repobilityId": 103782, "scanner": "repobility-dependency-currency", "fingerprint": "f6969de907c437afd24f65f54bda57fcee5e59b2789ac9dd285821355cb86944", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitejs/plugin-react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.0.2", "correlation_key": "fp|f6969de907c437afd24f65f54bda57fcee5e59b2789ac9dd285821355cb86944", "current_version": "4.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/uuid` is 2 major version(s) behind (9.0.4 -> 11.0.0)"}, "properties": {"repobilityId": 103781, "scanner": "repobility-dependency-currency", "fingerprint": "604e88147a86ea4575ebb46eac22f3b2bf9c950fbcb55d585f706d36729bb33b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/uuid", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "11.0.0", "correlation_key": "fp|604e88147a86ea4575ebb46eac22f3b2bf9c950fbcb55d585f706d36729bb33b", "current_version": "9.0.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/react-is` is 2 major version(s) behind (17.0.3 -> 19.2.0)"}, "properties": {"repobilityId": 103780, "scanner": "repobility-dependency-currency", "fingerprint": "820677073dff0d8b6d029e13de9e50af62938704efeff6273bb3b4b0aab18dbf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/react-is", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "19.2.0", "correlation_key": "fp|820677073dff0d8b6d029e13de9e50af62938704efeff6273bb3b4b0aab18dbf", "current_version": "17.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/react-dom` is 1 major version(s) behind (18.3.7 -> 19.2.3)"}, "properties": {"repobilityId": 103779, "scanner": "repobility-dependency-currency", "fingerprint": "33dad5f4b4360d0cefb613eaa70f008882aa8ac481b08b89f11b5dd0b53f820e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/react-dom", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "19.2.3", "correlation_key": "fp|33dad5f4b4360d0cefb613eaa70f008882aa8ac481b08b89f11b5dd0b53f820e", "current_version": "18.3.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/jest` is 1 major version(s) behind (29.5.0 -> 30.0.0)"}, "properties": {"repobilityId": 103777, "scanner": "repobility-dependency-currency", "fingerprint": "8c0abed0d0e99e669cc8ce3093907d8f22485306eb456606de27d6ef439bf34f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/jest", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "30.0.0", "correlation_key": "fp|8c0abed0d0e99e669cc8ce3093907d8f22485306eb456606de27d6ef439bf34f", "current_version": "29.5.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@testing-library/react` is 2 major version(s) behind (14.0.0 -> 16.3.2)"}, "properties": {"repobilityId": 103775, "scanner": "repobility-dependency-currency", "fingerprint": "f4a1431c05b44fc646f8e48d7751da177cd97946fe6889bbec8b78776ed438fc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@testing-library/react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "16.3.2", "correlation_key": "fp|f4a1431c05b44fc646f8e48d7751da177cd97946fe6889bbec8b78776ed438fc", "current_version": "14.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@testing-library/jest-dom` is 1 major version(s) behind (5.16.5 -> 6.9.1)"}, "properties": {"repobilityId": 103774, "scanner": "repobility-dependency-currency", "fingerprint": "a4017cc0a7e174ff6449cf669b3da2c26c2cddb7392bd8ded5890b1a1f75b2da", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@testing-library/jest-dom", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.9.1", "correlation_key": "fp|a4017cc0a7e174ff6449cf669b3da2c26c2cddb7392bd8ded5890b1a1f75b2da", "current_version": "5.16.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@storybook/addon-webpack5-compiler-swc` is 2 major version(s) behind (2.1.0 -> 4.0.3)"}, "properties": {"repobilityId": 103772, "scanner": "repobility-dependency-currency", "fingerprint": "8bc89c9196d86341d25580cf7414fefe69d8956802f2f952c29d73944406c274", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@storybook/addon-webpack5-compiler-swc", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.0.3", "correlation_key": "fp|8bc89c9196d86341d25580cf7414fefe69d8956802f2f952c29d73944406c274", "current_version": "2.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@gravity-ui/stylelint-config` is 1 major version(s) behind (4.0.1 -> 5.0.0)"}, "properties": {"repobilityId": 103771, "scanner": "repobility-dependency-currency", "fingerprint": "9b0bcfc639576fb7b40c28910fcc58f60277f302b6715b49452237e00745b56d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@gravity-ui/stylelint-config", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.0.0", "correlation_key": "fp|9b0bcfc639576fb7b40c28910fcc58f60277f302b6715b49452237e00745b56d", "current_version": "4.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@gravity-ui/eslint-config` is 1 major version(s) behind (3.3.0 -> 4.3.1)"}, "properties": {"repobilityId": 103769, "scanner": "repobility-dependency-currency", "fingerprint": "7dcfa92e7c622e8e157ca6286b4e3d802207797fb7915e07b985e7582b0925bd", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@gravity-ui/eslint-config", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.3.1", "correlation_key": "fp|7dcfa92e7c622e8e157ca6286b4e3d802207797fb7915e07b985e7582b0925bd", "current_version": "3.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@commitlint/config-conventional` is 1 major version(s) behind (20.0.0 -> 21.0.2)"}, "properties": {"repobilityId": 103768, "scanner": "repobility-dependency-currency", "fingerprint": "6ae060db34b0841d50779ef24a4fefc44021f430788bb86a1736091206c03db4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@commitlint/config-conventional", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "21.0.2", "correlation_key": "fp|6ae060db34b0841d50779ef24a4fefc44021f430788bb86a1736091206c03db4", "current_version": "20.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@commitlint/cli` is 1 major version(s) behind (20.1.0 -> 21.0.2)"}, "properties": {"repobilityId": 103767, "scanner": "repobility-dependency-currency", "fingerprint": "0f74b12674e11dfb0f49e197fe6ca097f8c8642780e03235d95f4d8bc37bd272", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@commitlint/cli", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "21.0.2", "correlation_key": "fp|0f74b12674e11dfb0f49e197fe6ca097f8c8642780e03235d95f4d8bc37bd272", "current_version": "20.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 103859, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 103858, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 103857, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 103856, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 103850, "scanner": "osv-scanner", "fingerprint": "885831ec9a185235867071859b61a882e0ef92e6f19d618957bda24e6b9a1eff", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 103849, "scanner": "osv-scanner", "fingerprint": "cb693bda54a38b47305c57915d671e4fec7e8595eb17860c0919230b8f1f3165", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jqfw-vq24-v9c3", "level": "note", "message": {"text": "vite: GHSA-jqfw-vq24-v9c3"}, "properties": {"repobilityId": 103845, "scanner": "osv-scanner", "fingerprint": "71e91329fb881334f1ce91ae089ccd547bd43eb260dcc29c293a93cbb8ddaea3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58752"], "package": "vite", "rule_id": "GHSA-jqfw-vq24-v9c3", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-58752|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g4jq-h2w9-997c", "level": "note", "message": {"text": "vite: GHSA-g4jq-h2w9-997c"}, "properties": {"repobilityId": 103844, "scanner": "osv-scanner", "fingerprint": "f81f68d47c560f176cf3a58ca37831845d35be867c11fdf3e0eac4c2b8041609", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58751"], "package": "vite", "rule_id": "GHSA-g4jq-h2w9-997c", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2025-58751|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 103823, "scanner": "osv-scanner", "fingerprint": "f166fc9bedc798a4405ffae4db362d32e9e4c74b30e882f3e29ef038e180f732", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4gmj-3p3h-gm8h", "level": "note", "message": {"text": "es5-ext: GHSA-4gmj-3p3h-gm8h"}, "properties": {"repobilityId": 103799, "scanner": "osv-scanner", "fingerprint": "724928192aa0fdb7af68663729bbf87eb8d8a555f5d2b54e1b6a4ab1bda7aba7", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-27088"], "package": "es5-ext", "rule_id": "GHSA-4gmj-3p3h-gm8h", "scanner": "osv-scanner", "correlation_key": "vuln|es5-ext|CVE-2024-27088|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 103796, "scanner": "osv-scanner", "fingerprint": "3b771ed61f472eab02b4c9eb792b38e138cfec35c8ab51f877acaaca0e374b2d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 103793, "scanner": "osv-scanner", "fingerprint": "b94d4faf3f807316e62a27fde64604e4453cde679a07570857443686cccdd76d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@types/lodash` is minor version(s) behind (4.14.191 -> 4.17.24)"}, "properties": {"repobilityId": 103778, "scanner": "repobility-dependency-currency", "fingerprint": "a0866d88b6aaf8838a37c88098dbc97be5391c7a92d88ffaabe89e42485d4655", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/lodash", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.17.24", "correlation_key": "fp|a0866d88b6aaf8838a37c88098dbc97be5391c7a92d88ffaabe89e42485d4655", "current_version": "4.14.191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@testing-library/user-event` is minor version(s) behind (14.4.3 -> 14.6.1)"}, "properties": {"repobilityId": 103776, "scanner": "repobility-dependency-currency", "fingerprint": "60131f7bf5f3b96620acb37466a51d36fec51f6757139d6c31dd089d922959ff", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@testing-library/user-event", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "14.6.1", "correlation_key": "fp|60131f7bf5f3b96620acb37466a51d36fec51f6757139d6c31dd089d922959ff", "current_version": "14.4.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@babel/preset-typescript` is minor version(s) behind (7.21.0 -> 7.29.7)"}, "properties": {"repobilityId": 103766, "scanner": "repobility-dependency-currency", "fingerprint": "628686e5d4911c12df4ae5574989c802aa8a1fddb809dfe3302f4158ac99068c", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@babel/preset-typescript", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.29.7", "correlation_key": "fp|628686e5d4911c12df4ae5574989c802aa8a1fddb809dfe3302f4158ac99068c", "current_version": "7.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@babel/preset-env` is minor version(s) behind (7.21.5 -> 7.29.7)"}, "properties": {"repobilityId": 103765, "scanner": "repobility-dependency-currency", "fingerprint": "63f0b31caededb9337801aebef6df9e099e9eb0bc479350f86c6dc37b9a2b559", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@babel/preset-env", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.29.7", "correlation_key": "fp|63f0b31caededb9337801aebef6df9e099e9eb0bc479350f86c6dc37b9a2b559", "current_version": "7.21.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `lodash` is minor version(s) behind (4.17.21 -> 4.18.1)"}, "properties": {"repobilityId": 103764, "scanner": "repobility-dependency-currency", "fingerprint": "7c390bb62997da2ea606721d53766c9462649039a2ee34f466a148f442b88f24", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "lodash", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.18.1", "correlation_key": "fp|7c390bb62997da2ea606721d53766c9462649039a2ee34f466a148f442b88f24", "current_version": "4.17.21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@gravity-ui/icons` is minor version(s) behind (2.16.0 -> 2.18.0)"}, "properties": {"repobilityId": 103763, "scanner": "repobility-dependency-currency", "fingerprint": "e5c2f0da32a1ab88ac1e3f72e9ee38d70ac0b7115bc432e553ee0395c09bf162", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@gravity-ui/icons", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.18.0", "correlation_key": "fp|e5c2f0da32a1ab88ac1e3f72e9ee38d70ac0b7115bc432e553ee0395c09bf162", "current_version": "2.16.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@gravity-ui/date-utils` is minor version(s) behind (2.5.5 -> 2.7.0)"}, "properties": {"repobilityId": 103762, "scanner": "repobility-dependency-currency", "fingerprint": "1aa7f9d23fc308764c25c7a289b8a218efc69031fb54511746e74d8e20640dd4", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@gravity-ui/date-utils", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.7.0", "correlation_key": "fp|1aa7f9d23fc308764c25c7a289b8a218efc69031fb54511746e74d8e20640dd4", "current_version": "2.5.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@gravity-ui/date-components` is minor version(s) behind (3.0.0 -> 3.4.2)"}, "properties": {"repobilityId": 103761, "scanner": "repobility-dependency-currency", "fingerprint": "1ac6455a943a223b75ca447eb843519651bc78bad3e49dd9b94f9c34daaf2712", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@gravity-ui/date-components", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.4.2", "correlation_key": "fp|1ac6455a943a223b75ca447eb843519651bc78bad3e49dd9b94f9c34daaf2712", "current_version": "3.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103738, "scanner": "repobility-ai-code-hygiene", "fingerprint": "15fc9eb0f37f28936695d1c7ee8f198a1ec013cb1b5109248b8a65881f0a6d2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/ObjectOneOf.stories.tsx", "duplicate_line": 9, "correlation_key": "fp|15fc9eb0f37f28936695d1c7ee8f198a1ec013cb1b5109248b8a65881f0a6d2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectOneOfFlat.stories.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103737, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e792c38069090362aba6d1cbc488d0d5be06778c3fa8c0a54f203bcb358812f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/ObjectBase.stories.tsx", "duplicate_line": 20, "correlation_key": "fp|3e792c38069090362aba6d1cbc488d0d5be06778c3fa8c0a54f203bcb358812f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectOneOf.stories.tsx"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103736, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34a41f0f69de5af9bd48b6b00dce2a7344f357b78c0584b87016fa8ff93ade5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/ObjectCardOneOf.stories.tsx", "duplicate_line": 14, "correlation_key": "fp|34a41f0f69de5af9bd48b6b00dce2a7344f357b78c0584b87016fa8ff93ade5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectOneOf.stories.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103735, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5ffa634834299b7c314be321e0b979f907a65b8073759cba5f59b4bc78386d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/Editor.stories.tsx", "duplicate_line": 64, "correlation_key": "fp|b5ffa634834299b7c314be321e0b979f907a65b8073759cba5f59b4bc78386d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectOneOf.stories.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103734, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41711fa25e265b87433d3932cf93932a33c005932c16fdf3ce92f867467b3218", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/ObjectMultiOneOf.stories.tsx", "duplicate_line": 9, "correlation_key": "fp|41711fa25e265b87433d3932cf93932a33c005932c16fdf3ce92f867467b3218"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectMultiOneOfFlat.stories.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103733, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9dc9789909e74bc7798a3a9fc1e0847938374a085110c4861b13f4e1f13db81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/ObjectBase.stories.tsx", "duplicate_line": 20, "correlation_key": "fp|f9dc9789909e74bc7798a3a9fc1e0847938374a085110c4861b13f4e1f13db81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectCardOneOf.stories.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103732, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c0069ecfaf9e43e46a1118aea74c2ff57e51112282e6fb3611286b9199dacb24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/Editor.stories.tsx", "duplicate_line": 65, "correlation_key": "fp|c0069ecfaf9e43e46a1118aea74c2ff57e51112282e6fb3611286b9199dacb24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/ObjectCardOneOf.stories.tsx"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103731, "scanner": "repobility-ai-code-hygiene", "fingerprint": "290b9367805c00b31947f64866c3c88da2e33ebf2280d7fc876e3b61b1cb70c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/stories/ArrayCheckboxGroup.stories.tsx", "duplicate_line": 13, "correlation_key": "fp|290b9367805c00b31947f64866c3c88da2e33ebf2280d7fc876e3b61b1cb70c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/stories/Editor.stories.tsx"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103730, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2485587bfbe9688d93db5a98e0ef43be64c55374ebc846243cc439c26534e714", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/MultiSelect/MultiSelect.tsx", "duplicate_line": 7, "correlation_key": "fp|2485587bfbe9688d93db5a98e0ef43be64c55374ebc846243cc439c26534e714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/unstable/kit/MultiSelect.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103729, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d9a799465606c2ff4c96745712e4c5ac7fecce9319ebd5e8a273fac8fd740fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/MultiOneOf/MultiOneOf.tsx", "duplicate_line": 51, "correlation_key": "fp|2d9a799465606c2ff4c96745712e4c5ac7fecce9319ebd5e8a273fac8fd740fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/hooks/useOneOf/useOneOf.tsx"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103728, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9f3b80668b8c3114730cdf5142a3469031d5cd6531d1d1b4c87e4024bf987a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/TableArrayInput/TableArrayInput.tsx", "duplicate_line": 106, "correlation_key": "fp|a9f3b80668b8c3114730cdf5142a3469031d5cd6531d1d1b4c87e4024bf987a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Views/TableArrayView/TableArrayView.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103727, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4ff78aeed778b8c84ec6bc4f2ae409dec97a30b5ceafefa2d65dde29fbe05e3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/ObjectBase/ObjectBase.tsx", "duplicate_line": 68, "correlation_key": "fp|4ff78aeed778b8c84ec6bc4f2ae409dec97a30b5ceafefa2d65dde29fbe05e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Views/ObjectBaseView/ObjectBaseView.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103726, "scanner": "repobility-ai-code-hygiene", "fingerprint": "734e7c0945d45b5b8a78e4905319d6480c9d29827709e05075c263fa001aada3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/MonacoInput/MonacoInputBase.tsx", "duplicate_line": 56, "correlation_key": "fp|734e7c0945d45b5b8a78e4905319d6480c9d29827709e05075c263fa001aada3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Views/MonacoInputView/MonacoBaseView.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103725, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c36dce44c0a34ff87cfb84bf40f08a31088aa46a3b040f83e95ae00c9f0862d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/ArrayBase/ArrayBase.tsx", "duplicate_line": 39, "correlation_key": "fp|c36dce44c0a34ff87cfb84bf40f08a31088aa46a3b040f83e95ae00c9f0862d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Views/ArrayBaseView/ArrayBaseView.tsx"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103724, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71092d9c5ffd7b7ebbeea3fd8d90ac3871de9e17fdec55ca6d177981418142d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/ViewLayouts/ViewColumn/ViewColumn.tsx", "duplicate_line": 24, "correlation_key": "fp|71092d9c5ffd7b7ebbeea3fd8d90ac3871de9e17fdec55ca6d177981418142d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/ViewLayouts/ViewRow/ViewRow.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103723, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1901a0dac0edf2acff2dfdd4a9b8c474aae35de33451211127965412b37ed8a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Layouts/Column/Column.tsx", "duplicate_line": 33, "correlation_key": "fp|a1901a0dac0edf2acff2dfdd4a9b8c474aae35de33451211127965412b37ed8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Layouts/Row/Row.tsx"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103722, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a7ea6fca4147d75618e0fec4c4bf5900df2ceda70586e80009dc0789266fdb7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Layouts/Accordeon/Accordeon.tsx", "duplicate_line": 24, "correlation_key": "fp|1a7ea6fca4147d75618e0fec4c4bf5900df2ceda70586e80009dc0789266fdb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Layouts/AccordeonCard/AccordeonCardForm.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103721, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afe9f901b9f67aa0de3c4db9d44a83a2835c62f3767d86f8c0e847a3303c2056", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/MultiSelect/MultiSelect.tsx", "duplicate_line": 9, "correlation_key": "fp|afe9f901b9f67aa0de3c4db9d44a83a2835c62f3767d86f8c0e847a3303c2056"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Inputs/Select/Select.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103720, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b3861163c09009bc4c07c7ddfb080efe9f8dc686a2cf0ae84e87af3ea144238", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/kit/components/Inputs/RangeInputPicker/RangeInputPicker.tsx", "duplicate_line": 103, "correlation_key": "fp|8b3861163c09009bc4c07c7ddfb080efe9f8dc686a2cf0ae84e87af3ea144238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/kit/components/Inputs/RangeInputPicker/RangeInputPickerNumber.tsx"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103719, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f29d887a08228e5719b6d82b1e31ab40d1257acd0fe5b899e1ccc8e44e73446", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/View/types/array.ts", "duplicate_line": 2, "correlation_key": "fp|7f29d887a08228e5719b6d82b1e31ab40d1257acd0fe5b899e1ccc8e44e73446"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/View/types/string.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103718, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29384cc8768973c853908ae1c7cd1cdb063cd7cb65cda701def767ed8cb08767", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/View/types/array.ts", "duplicate_line": 2, "correlation_key": "fp|29384cc8768973c853908ae1c7cd1cdb063cd7cb65cda701def767ed8cb08767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/View/types/object.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103717, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc784aa78d9771dad5e46b9d5dd9ca45843a26a08569039185f526c6d72e5960", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/View/types/array.ts", "duplicate_line": 2, "correlation_key": "fp|cc784aa78d9771dad5e46b9d5dd9ca45843a26a08569039185f526c6d72e5960"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/View/types/number.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103716, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e627fdb512c9141f40b595526c15807a962b09f5ac46734b702fd204c93c38e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/View/types/array.ts", "duplicate_line": 2, "correlation_key": "fp|8e627fdb512c9141f40b595526c15807a962b09f5ac46734b702fd204c93c38e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/View/types/boolean.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103715, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a58271e1f907d57ed7ec8efb292e9989cb7a73269d663f09552e10d0a589a14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/hooks/useFormSharedStore.tsx", "duplicate_line": 3, "correlation_key": "fp|3a58271e1f907d57ed7ec8efb292e9989cb7a73269d663f09552e10d0a589a14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/View/hooks/useViewSharedStore.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103714, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9bf40f35cbb539711eef92eb9999daf05412cb6efeafad465c161260520c4b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/types/array.ts", "duplicate_line": 4, "correlation_key": "fp|f9bf40f35cbb539711eef92eb9999daf05412cb6efeafad465c161260520c4b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/Form/types/string.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103713, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0f5fabbe72d1d02e58fb598aded57e93cf7041d3b3ae7928a1ec4e978ea552ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/types/boolean.ts", "duplicate_line": 2, "correlation_key": "fp|0f5fabbe72d1d02e58fb598aded57e93cf7041d3b3ae7928a1ec4e978ea552ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/Form/types/string.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103712, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d57228635e71b1882be330889b24a1ba2a76b0c3bdaca84a8517a6dc97c17323", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/types/array.ts", "duplicate_line": 4, "correlation_key": "fp|d57228635e71b1882be330889b24a1ba2a76b0c3bdaca84a8517a6dc97c17323"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/Form/types/object.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103711, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca712155cd6434f19b3d83b4f6acbb48fb482613c6bb86b93e917130c7871bee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/types/array.ts", "duplicate_line": 4, "correlation_key": "fp|ca712155cd6434f19b3d83b4f6acbb48fb482613c6bb86b93e917130c7871bee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/Form/types/number.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103710, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6b9ae7c549acbb4dccb069980a3ce9dfd2b7b338440a673dc70ad81b49fda7d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/types/boolean.ts", "duplicate_line": 2, "correlation_key": "fp|b6b9ae7c549acbb4dccb069980a3ce9dfd2b7b338440a673dc70ad81b49fda7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/Form/types/number.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103709, "scanner": "repobility-ai-code-hygiene", "fingerprint": "86d0ca5a382e8cb7783c3b579d8bb6c1b5e6a51a3295b4b84b03fb0a7c0f3b3b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/core/components/Form/types/array.ts", "duplicate_line": 4, "correlation_key": "fp|86d0ca5a382e8cb7783c3b579d8bb6c1b5e6a51a3295b4b84b03fb0a7c0f3b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/core/components/Form/types/boolean.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@swc/jest` is patch version(s) behind (0.2.36 -> 0.2.39)"}, "properties": {"repobilityId": 103773, "scanner": "repobility-dependency-currency", "fingerprint": "47a60fb8e4395014a5782a2cfe219b9a6fbde407dafbc601694acb06c2759bac", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@swc/jest", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.2.39", "correlation_key": "fp|47a60fb8e4395014a5782a2cfe219b9a6fbde407dafbc601694acb06c2759bac", "current_version": "0.2.36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@gravity-ui/prettier-config` is patch version(s) behind (1.1.0 -> 1.1.1)"}, "properties": {"repobilityId": 103770, "scanner": "repobility-dependency-currency", "fingerprint": "26e104fa6d888eda9ad6849d18aaf0f16da8fbcb95aa6a74d4c4e228d23f73ea", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@gravity-ui/prettier-config", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.1.1", "correlation_key": "fp|26e104fa6d888eda9ad6849d18aaf0f16da8fbcb95aa6a74d4c4e228d23f73ea", "current_version": "1.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f9xv-q969-pqx4", "level": "error", "message": {"text": "yaml: GHSA-f9xv-q969-pqx4"}, "properties": {"repobilityId": 103855, "scanner": "osv-scanner", "fingerprint": "acd2f79226fe8422d5131b36397ac1aa107bd44ec1670314e5d1ab61fcffd4bc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-2251"], "package": "yaml", "rule_id": "GHSA-f9xv-q969-pqx4", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2023-2251|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 103852, "scanner": "osv-scanner", "fingerprint": "8238b367394f3eb3a63c9fdcf3a3af1b249bb37192f2b8decf177b0ea2da6032", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c27g-q93r-2cwf", "level": "error", "message": {"text": "vite: GHSA-c27g-q93r-2cwf"}, "properties": {"repobilityId": 103843, "scanner": "osv-scanner", "fingerprint": "dd1e18cdffffe00fe267fb9b66e6f4dc2594fc288e77826c630f78db5e2ca5d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52011"], "package": "vite", "rule_id": "GHSA-c27g-q93r-2cwf", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2024-52011|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c24v-8rfc-w8vw", "level": "error", "message": {"text": "vite: GHSA-c24v-8rfc-w8vw"}, "properties": {"repobilityId": 103842, "scanner": "osv-scanner", "fingerprint": "abfe76622b4970dcb1de242d1063f5a29a093d5ea52a7203cbeb62f02b9d9a84", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-23331"], "package": "vite", "rule_id": "GHSA-c24v-8rfc-w8vw", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2024-23331|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mjf5-7g4m-gx5w", "level": "error", "message": {"text": "storybook: GHSA-mjf5-7g4m-gx5w"}, "properties": {"repobilityId": 103830, "scanner": "osv-scanner", "fingerprint": "c1d4a25d509e9c425711f0f2cc595cb61824270e3fc7e57af51e86d83f493ff8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27148"], "package": "storybook", "rule_id": "GHSA-mjf5-7g4m-gx5w", "scanner": "osv-scanner", "correlation_key": "vuln|storybook|CVE-2026-27148|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8452-54wp-rmv6", "level": "error", "message": {"text": "storybook: GHSA-8452-54wp-rmv6"}, "properties": {"repobilityId": 103829, "scanner": "osv-scanner", "fingerprint": "d1e764744ded9f45d4de423d3f867defa22c04ca0c1a3fb2035b7b7866202ce0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68429"], "package": "storybook", "rule_id": "GHSA-8452-54wp-rmv6", "scanner": "osv-scanner", "correlation_key": "vuln|storybook|CVE-2025-68429|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 103827, "scanner": "osv-scanner", "fingerprint": "7f2d30dd9b8a0eda6d87deac04527ff692eca0ea143a54f9b4184ad2b283ffa3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 103826, "scanner": "osv-scanner", "fingerprint": "99a27955ef80d362141ad0a78ae49f493e9942bb5b0563c320b2990d69becaa1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 103825, "scanner": "osv-scanner", "fingerprint": "45eb15dbc950ecc73cdbba5f5c1bf13da272afb36602ddfcb04a26485063e743", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gcx4-mw62-g8wm", "level": "error", "message": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "properties": {"repobilityId": 103824, "scanner": "osv-scanner", "fingerprint": "37433dbccd9064e3d37c1cb46f7a72ce9ce1ed3c6d1093f1d725f83554f99332", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47068"], "package": "rollup", "rule_id": "GHSA-gcx4-mw62-g8wm", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2024-47068|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7mvr-c777-76hp", "level": "error", "message": {"text": "playwright: GHSA-7mvr-c777-76hp"}, "properties": {"repobilityId": 103819, "scanner": "osv-scanner", "fingerprint": "a30b2e6c21afd79bd953ed73fe5cd35258a93cf2a8fcc681bc5681c5382a1ad9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-59288"], "package": "playwright", "rule_id": "GHSA-7mvr-c777-76hp", "scanner": "osv-scanner", "correlation_key": "vuln|playwright|CVE-2025-59288|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 103818, "scanner": "osv-scanner", "fingerprint": "3cd93794643bff3fd4328203c06c842a2d7c54c53b7a77b0e6bc61b44cf4e561", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 103815, "scanner": "osv-scanner", "fingerprint": "eefef250e5a6e239df447b5946f207cdb0dd68151255b2332fb8ba8f476755c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 103814, "scanner": "osv-scanner", "fingerprint": "51db4fe99f02113d5057e54849a1514660f72202efa765a619a8195e282ff31f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 103813, "scanner": "osv-scanner", "fingerprint": "f4f398661d95064420cba5942b7bc163815b09d09751c05f0247afa0ed407b54", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 103810, "scanner": "osv-scanner", "fingerprint": "069f9bb4f0a38c36ca2992b2ffe11f999b2e5befc1dec86319fea7bbf65a679b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wf6x-7x77-mvgw", "level": "error", "message": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "properties": {"repobilityId": 103807, "scanner": "osv-scanner", "fingerprint": "aa858c3bc9b19baf90e40230ee0ef6fdb91daf12b2b86d9932d1306df6132ca6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29063"], "package": "immutable", "rule_id": "GHSA-wf6x-7x77-mvgw", "scanner": "osv-scanner", "correlation_key": "vuln|immutable|CVE-2026-29063|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5j98-mcp5-4vw2", "level": "error", "message": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "properties": {"repobilityId": 103806, "scanner": "osv-scanner", "fingerprint": "eb490bd1b89973ff050f29fea98c6d9f88110605102c7a249218d08c2cfd6d73", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64756"], "package": "glob", "rule_id": "GHSA-5j98-mcp5-4vw2", "scanner": "osv-scanner", "correlation_key": "vuln|glob|CVE-2025-64756|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 103804, "scanner": "osv-scanner", "fingerprint": "12f8c13a1500c4e201cd19c15c7415ed765defb1c8c79e0887745cf5d0c7caba", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 103803, "scanner": "osv-scanner", "fingerprint": "b797beca07deb64b07234792c672e8b741104617529fbd9314dd615ac2f0d51d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 103802, "scanner": "osv-scanner", "fingerprint": "d9e8ef847898100d4370c43984678fe5fed930d5324ab88248c2d2156d522d84", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 103801, "scanner": "osv-scanner", "fingerprint": "bbadb454e2f0de5491c967e3dd8f97119c293cd0aafbefed77d3b3e72652865f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 103798, "scanner": "osv-scanner", "fingerprint": "d2e8ad2e78fcc589de2192cb324111e4957895ae7347a6d0ae3a1bff7c881c9d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 103797, "scanner": "osv-scanner", "fingerprint": "467a760dbf4a428753304f077900d3bdfba0282340dd3145e3dad79851484f96", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 103791, "scanner": "osv-scanner", "fingerprint": "ad52739427efbb114a916176e346643bbd15d1155c76f28185e965208050ec44", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gravity-ui/preview-upload-to-s3-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 103760, "scanner": "repobility-supply-chain", "fingerprint": "52852d387d305124d6eb938cd551f4b73dc74549f36a76d0df589a35a086e5e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|52852d387d305124d6eb938cd551f4b73dc74549f36a76d0df589a35a086e5e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main-preview.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103759, "scanner": "repobility-supply-chain", "fingerprint": "70c4494b4fd4fb7b96fa518e3d8ebfa32071a55a57e63848c9ecde944888b888", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70c4494b4fd4fb7b96fa518e3d8ebfa32071a55a57e63848c9ecde944888b888"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main-preview.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103758, "scanner": "repobility-supply-chain", "fingerprint": "4046c361746131b533150c4854aa99786c3e94384c7923858620a14ae51ad7e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4046c361746131b533150c4854aa99786c3e94384c7923858620a14ae51ad7e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main-preview.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gravity-ui/preview-build-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 103757, "scanner": "repobility-supply-chain", "fingerprint": "31ca18fd05efabe756baee45c58f249fe1d2c84a006eb83d3aeff9e0498b4e99", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31ca18fd05efabe756baee45c58f249fe1d2c84a006eb83d3aeff9e0498b4e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-preview-build.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gravity-ui/release-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 103756, "scanner": "repobility-supply-chain", "fingerprint": "3e8b55177e0f4e64b49e9c7ec9bae47aa5aa5f9e9c62837fab063e13c126f1ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e8b55177e0f4e64b49e9c7ec9bae47aa5aa5f9e9c62837fab063e13c126f1ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gravity-ui/release-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 103755, "scanner": "repobility-supply-chain", "fingerprint": "0fb4d864faa4696c7c564937d0c20a93d724bf10b0cd906b6304c356363ed3e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0fb4d864faa4696c7c564937d0c20a93d724bf10b0cd906b6304c356363ed3e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-v3.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gravity-ui/release-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 103754, "scanner": "repobility-supply-chain", "fingerprint": "2a81570174263dba27c10293b6872a2846566ccc041a9863a772406ce93d157d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a81570174263dba27c10293b6872a2846566ccc041a9863a772406ce93d157d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-v4.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103753, "scanner": "repobility-supply-chain", "fingerprint": "1e20c46e43fb44679e90ca547fc75c3ce4077f7725ee2341ed4c629ff9d8d846", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e20c46e43fb44679e90ca547fc75c3ce4077f7725ee2341ed4c629ff9d8d846"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103752, "scanner": "repobility-supply-chain", "fingerprint": "ccf8fdf2b3d7f1540c41ffd9037fb7ec9f170b097f0eb85b43f343f8d64febb5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccf8fdf2b3d7f1540c41ffd9037fb7ec9f170b097f0eb85b43f343f8d64febb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103751, "scanner": "repobility-supply-chain", "fingerprint": "4abebbd9e6ea5916040dfc0c8b13b0b1ec18f5bc15f97167ebb10d779049cb46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4abebbd9e6ea5916040dfc0c8b13b0b1ec18f5bc15f97167ebb10d779049cb46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103750, "scanner": "repobility-supply-chain", "fingerprint": "df45e587a62a93ca6e7719e115f8bf0b4f239aff54cc0db691f96c6be309682e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df45e587a62a93ca6e7719e115f8bf0b4f239aff54cc0db691f96c6be309682e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103749, "scanner": "repobility-supply-chain", "fingerprint": "5880a495939f8c7dd39ff6cdc34a927702fd1ba0c2116d2d5d999715175b9780", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5880a495939f8c7dd39ff6cdc34a927702fd1ba0c2116d2d5d999715175b9780"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-beta.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103748, "scanner": "repobility-supply-chain", "fingerprint": "d1bfc3132e493df2783ef9b39ee84804380b598db87ee6d0dae0fd17455f194b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1bfc3132e493df2783ef9b39ee84804380b598db87ee6d0dae0fd17455f194b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-beta.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `marocchino/sticky-pull-request-comment` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 103747, "scanner": "repobility-supply-chain", "fingerprint": "aac42fe8f4caa65dbaf667143215cf544acfe912d4a32046d5abf75c0317dea3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aac42fe8f4caa65dbaf667143215cf544acfe912d4a32046d5abf75c0317dea3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-playwright-report.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `unfor19/install-aws-cli-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 103746, "scanner": "repobility-supply-chain", "fingerprint": "90f31676a466cb6e6e2ef7fc683e20b950b76964f97d7ad13f2613a4c687ef5a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90f31676a466cb6e6e2ef7fc683e20b950b76964f97d7ad13f2613a4c687ef5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-playwright-report.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103745, "scanner": "repobility-supply-chain", "fingerprint": "eff7ecbba316a836d172c49c406e1b022646b7e45656f62e102e15fe23e13913", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eff7ecbba316a836d172c49c406e1b022646b7e45656f62e102e15fe23e13913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-playwright-report.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `mcr.microsoft.com/playwright:v1.40.0-jammy` unpinned"}, "properties": {"repobilityId": 103744, "scanner": "repobility-supply-chain", "fingerprint": "262a08ad184a6d9daa78ba45c844a9a511c0deb40830bb2aa503d0733485cda1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|262a08ad184a6d9daa78ba45c844a9a511c0deb40830bb2aa503d0733485cda1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/playwright.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103743, "scanner": "repobility-supply-chain", "fingerprint": "1b37dc31bb4df362f4b3e0f00d0453eae13b203505efc4134012f8735514ff13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1b37dc31bb4df362f4b3e0f00d0453eae13b203505efc4134012f8735514ff13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/playwright.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103742, "scanner": "repobility-supply-chain", "fingerprint": "919b103f17574497f608674684e5084b80c8a0ff016d20a0fb036ee3422994ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|919b103f17574497f608674684e5084b80c8a0ff016d20a0fb036ee3422994ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/playwright.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103741, "scanner": "repobility-supply-chain", "fingerprint": "f8b92379584e2435a0fd3ff32069d50e86476e4d3461ca80fafaf0d4872c0b38", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f8b92379584e2435a0fd3ff32069d50e86476e4d3461ca80fafaf0d4872c0b38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/playwright.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 103740, "scanner": "repobility-supply-chain", "fingerprint": "66b4b80e51810424b919d3a3555c826baebd8131911fbcc7e59b46cb9056fc90", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66b4b80e51810424b919d3a3555c826baebd8131911fbcc7e59b46cb9056fc90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/playwright.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gravity-ui/preview-deploy-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 103739, "scanner": "repobility-supply-chain", "fingerprint": "d4b30cccfffcc985fcba9e16b80875b3e9b23662bd8663874c39e417ecac71b5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4b30cccfffcc985fcba9e16b80875b3e9b23662bd8663874c39e417ecac71b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-preview-deploy.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 103805, "scanner": "osv-scanner", "fingerprint": "4a6f7e2dea5113b393ee1171be93cf20d0c04c5890440121f926d31a7ca5f35a", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67hx-6x53-jw92", "level": "error", "message": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "properties": {"repobilityId": 103792, "scanner": "osv-scanner", "fingerprint": "f662b2de42beb485937750eacbb69fb3ef48db7cdc10f7585e8ba5b5428b98f1", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-45133"], "package": "@babel/traverse", "rule_id": "GHSA-67hx-6x53-jw92", "scanner": "osv-scanner", "correlation_key": "vuln|babel/traverse|CVE-2023-45133|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}]}]}