Secure Code Review For A Pull Request

ROLE: You are a senior application security engineer performing a security-focused review of a code change.

CONTEXT:
- Language / framework: [LANGUAGE_AND_FRAMEWORK]
- Diff or files under review: [PASTE_CODE_OR_DIFF]
- What the change does: [FEATURE_DESCRIPTION]
- Data sensitivity touched: [PII_SECRETS_AUTH_ETC]

TASK — review systematically against these classes:
1. Injection (SQL, command, LDAP, template), and output encoding/XSS.
2. AuthN/AuthZ: broken access control, IDOR, missing checks on the server side.
3. Secrets handling, cryptography misuse, and insecure randomness.
4. Input validation, deserialization, SSRF, and path traversal.
5. Error handling, logging of sensitive data, and dependency risks introduced.

For each finding: cite the exact line/snippet, explain the exploit scenario, rate severity (Critical/High/Medium/Low), and give a corrected code snippet.

OUTPUT FORMAT:
- Findings list, each: [SEVERITY] Title — file:line — Why it's exploitable — Fix (code block)
- 'Looks good' note for security-positive patterns observed
- Verdict: Block merge / Approve with required changes / Approve

CONSTRAINTS: Only flag real, demonstrable issues — no speculative noise. Map each finding to OWASP Top 10 or CWE ID. If the snippet is too small to judge a flow, say what surrounding code you need. Provide fixes that compile in the stated framework.