Summary
NREM analysis identified 6 pairs of duplicate open issues that should be consolidated to reduce noise and improve issue tracking clarity.
Duplicate Pairs
Copilot PR-issues duplicating original issues (same day, 2026-03-18)
Original Issue (numbers-official)
Copilot Duplicate
Topic
#3384 [Feature][High] Add dependency vulnerability scanning to CI pipeline#3388 Add dependency vulnerability scanning to CI pipelineCI vulnerability scanning
#3385 [Feature][Medium] Reduce technical debt: 81 untyped any usages...#3389 Reduce technical debt: eliminate explicit any types...Tech debt cleanup
#3382 [Security][High] SafeResourceUrlPipe bypasses Angular XSS protection...#3386 fix(security): SafeResourceUrlPipe XSS — add BUBBLE_IFRAME_URL allowlistXSS pipe fix
#3383 [Security][Medium] Missing Content Security Policy...#3387 Add Content Security Policy and fix silent error swallowingCSP + error handling
Re-filed issues (same author, weeks apart)
Earlier Issue
Later Duplicate
Topic
#3362 (2026-02-24) JWT tokens exposed via unencoded iframe URL query parameters#3380 (2026-03-12) JWT access and refresh tokens leaked via iframe URL query parametersJWT leak via iframe
#3357 (2026-02-23) Unencrypted private key storage in Capacitor Preferences#3372 (2026-03-04) Ethereum private key stored in plaintext via Capacitor PreferencesPrivate key storage
Suggested Actions
For each Copilot duplicate (fix(security): SafeResourceUrlPipe XSS — add BUBBLE_IFRAME_URL allowlist validation #3386
For re-filed duplicates ([Security] JWT access and refresh tokens leaked via iframe URL query parameters #3380 [Security] Ethereum private key stored in plaintext via Capacitor Preferences (unencrypted device storage) #3372
Consider adding an issue template checklist that prompts authors to search for existing issues before filing.
Evidence
All issue metadata verified via gh api repos/numbersprotocol/capture-cam/issues/{id}
Created and author dates confirmed for each pair
Generated by NREM Mode with Omni
Summary
NREM analysis identified 6 pairs of duplicate open issues that should be consolidated to reduce noise and improve issue tracking clarity.
Duplicate Pairs
Copilot PR-issues duplicating original issues (same day, 2026-03-18)
[Feature][High] Add dependency vulnerability scanning to CI pipelineAdd dependency vulnerability scanning to CI pipeline[Feature][Medium] Reduce technical debt: 81 untyped any usages...Reduce technical debt: eliminate explicit any types...[Security][High] SafeResourceUrlPipe bypasses Angular XSS protection...fix(security): SafeResourceUrlPipe XSS — add BUBBLE_IFRAME_URL allowlist[Security][Medium] Missing Content Security Policy...Add Content Security Policy and fix silent error swallowingRe-filed issues (same author, weeks apart)
JWT tokens exposed via unencoded iframe URL query parametersJWT access and refresh tokens leaked via iframe URL query parametersUnencrypted private key storage in Capacitor PreferencesEthereum private key stored in plaintext via Capacitor PreferencesSuggested Actions
Evidence
gh api repos/numbersprotocol/capture-cam/issues/{id}Generated by NREM Mode with Omni