You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
VG120 (SSRF) no longer false-positives on URLs that are provably not request-controlled: a literal https:// constant, a process.env value (including env default parameters), or a minified bundle. new URL(...) is still treated as potentially user-controlled
Validated old-vs-new on the corpus: 1 false positive removed, 0 true positives lost, no drift in any other rule; recall preserved by tests
Constant-base template URLs are left for a future dataflow engine rather than narrowed unsafely; no rule or tool changes (438 / 37); gate green (PASS/A/0)
