Skip to content

Update dependency apache-beam to v2.47.0 #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency apache-beam to v2.47.0

b5b8461
Select commit
Loading
Failed to load commit list.
Open

Update dependency apache-beam to v2.47.0 #34

Update dependency apache-beam to v2.47.0
b5b8461
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Feb 25, 2026 in 10m 52s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

maven

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hbase-1.4/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hbase-1.4: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hbase-1.4:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hbase-2.2/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hbase-2.2: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hbase-2.2:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hive-2.3.9/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hive-2.3.9_2.12: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hive-2.3.9_2.12:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hive-3.1.3/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hive-3.1.3_2.12: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hive-3.1.3_2.12:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-kafka/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-kafka: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-kafka:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-avro-confluent-registry/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-avro-confluent-registry: Could not resolve dependencies for project org.apache.flink:flink-sql-avro-confluent-registry:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-avro/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-avro: Could not resolve dependencies for project org.apache.flink:flink-sql-avro:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-csv/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-csv: Could not resolve dependencies for project org.apache.flink:flink-sql-csv:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-json/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-json: Could not resolve dependencies for project org.apache.flink:flink-sql-json:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-orc/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-orc: Could not resolve dependencies for project org.apache.flink:flink-sql-orc:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-parquet/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-parquet: Could not resolve dependencies for project org.apache.flink:flink-sql-parquet:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-protobuf/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-protobuf: Could not resolve dependencies for project org.apache.flink:flink-sql-protobuf:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] [ERROR] Some problems were encountered while processing the POMs:
[WARNING] 'groupId' contains an expression but should be a constant. @ ${groupId}:${artifactId}:${version}, /tmp/ws-scm/flink/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml, line 23, column 11
[WARNING] 'artifactId' contains an expression but should be a constant. @ ${groupId}:${arti...
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: mvn org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree -DoutputFile=whitesource_mvn_dependency_tree.txt -Dverbose -DoutputType=text -T1 -B
    Error lines:
    [NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED]
    Output lines:
    [[INFO] Scanning for project...
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-walkthroughs/flink-walkthrough-datastream-java/src/main/resources/archetype-resources/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] [ERROR] Some problems were encountered while processing the POMs:
[WARNING] 'groupId' contains an expression but should be a constant. @ ${groupId}:${artifactId}:${version}, /tmp/ws-scm/flink/flink-walkthroughs/flink-walkthrough-datastream-java/src/main/resources/archetype-resources/pom.xml, line 23, column 11
[WARNING] 'artifactId' contains an expression but should be a constant. @ ${g...
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: mvn org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree -DoutputFile=whitesource_mvn_dependency_tree.txt -Dverbose -DoutputType=text -T1 -B
    Error lines:
    [NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED]
    Output lines:
    [[INFO] Scanning for project...
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-parent: Could not resolve dependencies for project org.apache.flink:flink-parent:pom:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

pip

/tmp/ws-scm/flink/flink-python
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20260225214349_EHHXBL/cmd_EBTNTM/20260225214824/GGEOSH_script.sh
    Error lines:
    [ERROR: Ignored the following versions that require a different python version: 2.1.0 Requires-Python >=3.10; 2.1.1 Requires-Python >=3.10; 2.1.2 Requires-Python >=3.10; 2.1.3 Requires-Python >=3.10; 2.10.0 Requires-Python <3.0,>=2.7; 2.2.0 Requires-Python >=3.10; 2.2.1 Re...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/flink/flink-python/apache-flink-libraries
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20260225214349_EHHXBL/cmd_EBTNTM/20260225214652/AOXWTS_script.sh
    Error lines:
    [ error: subprocess-exited-with-error, � Getting requirements to build wheel did not run successfully., � exit code: 255, ��> [1 lines of output], Failed to find the file /tmp/ws-scm/flink/flink-dist/target/flink-1.18-SNAPSHOT-bin/flink-1.18-SNAPSHOT/op...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/flink/flink-python/dev/dev-requirements.txt
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20260225214349_EHHXBL/cmd_EBTNTM/20260225214719/NCJQFU_script.sh
    Error lines:
    [ERROR: Cannot install -r /tmp/ws-scm/flink/flink-python/dev/dev-requirements.txt (line 18) and cloudpickle==2.2.0 because these package versions have conflicting dependencies., ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-res...
  • pip install command failed, trying to install dependencies one by one
  • Failed to parse the following dependencies: [python-dateutil>=2.8.0,<3, avro-python3>=1.8.1,!=1.9.2,<1.10.0, pandas>=1.3.0,<1.4.0, pyarrow>=5.0.0,<9.0.0, numpy>=1.21.4,<1.22.0, fastavro>=1.1.0,<1.4.8, grpcio>=1.29.0,<=1.46.3, grpcio-tools>=1.29.0,<=1.46.3, pemja==0.3.0; platform_system != 'Windows', httplib2>=0.19.0,<=0.20.4, protobuf>=3.19.0,<=3.21] from */tmp/ws-scm/flink/flink-python/dev/d...

You have successfully remediated 23 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2024-52338

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260225214349_EHHXBL/python_QEXYTE/20260225214349/4/pyarrow-11.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> ❌ pyarrow-11.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Critical 9.8 Transitive pyarrow-11.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Transitive 17.0.0 None
CVE-2023-47248

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260225214349_EHHXBL/python_QEXYTE/20260225214349/4/pyarrow-11.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> ❌ pyarrow-11.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Critical 9.8 Transitive pyarrow-11.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Transitive 14.0.1 None
CVE-2026-0994

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260225214349_EHHXBL/python_QEXYTE/20260225214349/4/protobuf-4.22.5-cp37-abi3-manylinux2014_x86_64.whl

Dependency Hierarchy:

-> apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> ❌ protobuf-4.22.5-cp37-abi3-manylinux2014_x86_64.whl (Vulnerable Library)

High 8.6 Transitive protobuf-4.22.5-cp37-abi3-manylinux2014_x86_64.whl apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl None
CVE-2025-4565

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260225214349_EHHXBL/python_QEXYTE/20260225214349/4/protobuf-4.22.5-cp37-abi3-manylinux2014_x86_64.whl

Dependency Hierarchy:

-> apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> ❌ protobuf-4.22.5-cp37-abi3-manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 Transitive protobuf-4.22.5-cp37-abi3-manylinux2014_x86_64.whl apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Transitive 4.25.8 None
CVE-2021-41496

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260225214349_EHHXBL/python_QEXYTE/20260225214349/4/numpy-1.24.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> ❌ numpy-1.24.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 Transitive numpy-1.24.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41495

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260225214349_EHHXBL/python_QEXYTE/20260225214349/4/numpy-1.24.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> ❌ numpy-1.24.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive numpy-1.24.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl apache_beam-2.47.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Transitive https://github.com/numpy/numpy.git - no_fix None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
GHSA-36jr-mh4h-2g58 d3-color-1.4.1.tgz
CVE-2026-0994 protobuf-3.20.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
CVE-2021-41496 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2025-4565 protobuf-3.20.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
CVE-2023-47248 pyarrow-8.0.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-66471 urllib3-2.0.7-py3-none-any.whl
CVE-2020-8908 guava-27.0.1-jre.jar
CVE-2021-41495 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2024-37891 pip-24.0-py3-none-any.whl
CVE-2023-1428 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-50181 urllib3-2.0.7-py3-none-any.whl
CVE-2026-21441 urllib3-2.0.7-py3-none-any.whl
CVE-2024-27454 orjson-3.9.7-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-47273 setuptools-68.0.0-py3-none-any.whl
CVE-2024-47081 requests-2.31.0-py3-none-any.whl
CVE-2025-50182 urllib3-2.0.7-py3-none-any.whl
CVE-2024-5629 pymongo-3.13.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-24049 wheel-0.42.0-py3-none-any.whl
CVE-2024-52338 pyarrow-8.0.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2024-5569 zipp-3.15.0-py3-none-any.whl
CVE-2023-33953 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2023-32732 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2023-32731 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Base branch total remaining vulnerabilities: 49
Base branch commit: a9b113119f373a0311e02e140a1342e959059bdf


Total libraries scanned: 209

Scan token: 50d7a4ab674b45a28887166e851c3e6c

View more details on Dev - Mend for GitHub.com