Skip to content

Update dependency @angular/compiler to v21 #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency @angular/compiler to v21

cee05f9
Select commit
Loading
Failed to load commit list.
Open

Update dependency @angular/compiler to v21 #55

Update dependency @angular/compiler to v21
cee05f9
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Dec 27, 2025 in 12m 25s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

maven

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hbase-1.4/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hbase-1.4: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hbase-1.4:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hbase-2.2/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hbase-2.2: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hbase-2.2:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hive-2.3.9/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hive-2.3.9_2.12: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hive-2.3.9_2.12:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-hive-3.1.3/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-hive-3.1.3_2.12: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-hive-3.1.3_2.12:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-connectors/flink-sql-connector-kafka/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-connector-kafka: Could not resolve dependencies for project org.apache.flink:flink-sql-connector-kafka:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-avro-confluent-registry/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-avro-confluent-registry: Could not resolve dependencies for project org.apache.flink:flink-sql-avro-confluent-registry:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-avro/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-avro: Could not resolve dependencies for project org.apache.flink:flink-sql-avro:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-csv/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-csv: Could not resolve dependencies for project org.apache.flink:flink-sql-csv:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-json/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-json: Could not resolve dependencies for project org.apache.flink:flink-sql-json:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-orc/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-orc: Could not resolve dependencies for project org.apache.flink:flink-sql-orc:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-parquet/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-parquet: Could not resolve dependencies for project org.apache.flink:flink-sql-parquet:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-formats/flink-sql-protobuf/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-sql-protobuf: Could not resolve dependencies for project org.apache.flink:flink-sql-protobuf:jar:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] [ERROR] Some problems were encountered while processing the POMs:
[WARNING] 'groupId' contains an expression but should be a constant. @ ${groupId}:${artifactId}:${version}, /tmp/ws-scm/flink/flink-quickstart/flink-quickstart-java/src/main/resources/archetype-resources/pom.xml, line 23, column 11
[WARNING] 'artifactId' contains an expression but should be a constant. @ ${groupId}:${arti...
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: mvn org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree -DoutputFile=whitesource_mvn_dependency_tree.txt -Dverbose -DoutputType=text -T1 -B
    Error lines:
    [NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED]
    Output lines:
    [[INFO] Scanning for project...
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/flink-walkthroughs/flink-walkthrough-datastream-java/src/main/resources/archetype-resources/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] [ERROR] Some problems were encountered while processing the POMs:
[WARNING] 'groupId' contains an expression but should be a constant. @ ${groupId}:${artifactId}:${version}, /tmp/ws-scm/flink/flink-walkthroughs/flink-walkthrough-datastream-java/src/main/resources/archetype-resources/pom.xml, line 23, column 11
[WARNING] 'artifactId' contains an expression but should be a constant. @ ${g...
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: mvn org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree -DoutputFile=whitesource_mvn_dependency_tree.txt -Dverbose -DoutputType=text -T1 -B
    Error lines:
    [NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED]
    Output lines:
    [[INFO] Scanning for project...
  • Fallback is used, returns direct dependencies only

/tmp/ws-scm/flink/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Failed to execute goal on project flink-parent: Could not resolve dependencies for project org.apache.flink:flink-parent:pom:1.18-SNAPSHOT
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Maven failed to detect the POM for the following dependencies:
    [org.mockito:mockito-inline:jar:3.4.5, org.mockito:mockito-core:jar:3.4.5, org.mockito:mockito-junit-jupiter:jar:3.4.5]
  • Fallback is used, returns direct dependencies only

pip

/tmp/ws-scm/flink/flink-python
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20251227211936_HFRSAE/cmd_FMIPSY/20251227212102/MNZGSJ_script.sh
    Error lines:
    [ERROR: Ignored the following versions that require a different python version: 2.1.0 Requires-Python >=3.10; 2.1.1 Requires-Python >=3.10; 2.1.2 Requires-Python >=3.10; 2.1.3 Requires-Python >=3.10; 2.10.0 Requires-Python <3.0,>=2.7; 2.2.0 Requires-Python >=3.10; 2.2.1 Re...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

/tmp/ws-scm/flink/flink-python/apache-flink-libraries
Step Level Description Details
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: /tmp/ws-ua_20251227211936_HFRSAE/cmd_FMIPSY/20251227211944/NZQDPU_script.sh
    Error lines:
    [ error: subprocess-exited-with-error, � Getting requirements to build wheel did not run successfully., � exit code: 255, ��> [1 lines of output], Failed to find the file /tmp/ws-scm/flink/flink-dist/target/flink-1.18-SNAPSHOT-bin/flink-1.18-SNAPSHOT/op...
  • Failed to get hierarchy tree, trying to collect a flat list (which may only contain partial results)

You have successfully remediated 15 vulnerabilities, but introduced 8 new vulnerabilities in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2024-52338

Path to dependency file: /flink-python

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/pyarrow-8.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl,/tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/pyarrow-8.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ pyarrow-8.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Critical 9.8 Direct pyarrow-8.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl pyarrow-8.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl arrow - no_fix None
CVE-2025-4565

Path to dependency file: /flink-python

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/protobuf-3.20.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl,/tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/protobuf-3.20.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl

Dependency Hierarchy:

-> ❌ protobuf-3.20.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl (Vulnerable Library)

High 7.5 Direct protobuf-3.20.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl protobuf-3.20.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl protobuf - 6.31.1,protobuf - 5.29.5,protobuf - 4.25.8 None
CVE-2023-33953

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 Direct grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl grpc - 1.53.2,grpcio - 1.54.3,grpcio - 1.56.2,grpcio - 1.53.2,grpc - 1.54.3,grpc - 1.56.2 None
CVE-2023-1428

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 Direct grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl 1.53.0 None
CVE-2023-32731

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.4 Direct grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl 1.53.0 None
CVE-2021-41496

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl,/tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Dependency Hierarchy:

-> ❌ numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Medium 5.5 Direct numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl https://github.com/numpy/numpy.git - no_fix None
CVE-2023-32732

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Direct grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl grpcio-1.46.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl grpc - 1.53.0 None
CVE-2021-41495

Path to dependency file: /flink-python/dev/dev-requirements.txt

Path to vulnerable library: /tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl,/tmp/ws-ua_20251227211936_HFRSAE/python_JIGDIO/20251227211936/numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Dependency Hierarchy:

-> ❌ numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Medium 5.3 Direct numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl numpy-1.21.6-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl https://github.com/numpy/numpy.git - no_fix None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2024-27454 orjson-3.9.7-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
GHSA-36jr-mh4h-2g58 d3-color-1.4.1.tgz
CVE-2025-4565 protobuf-3.20.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
CVE-2021-41496 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2025-50182 urllib3-2.0.7-py3-none-any.whl
CVE-2025-66471 urllib3-2.0.7-py3-none-any.whl
CVE-2024-52338 pyarrow-8.0.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2020-8908 guava-27.0.1-jre.jar
CVE-2021-41495 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2023-33953 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2024-37891 pip-24.0-py3-none-any.whl
CVE-2023-32732 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2023-32731 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2023-1428 grpcio-1.46.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-50181 urllib3-2.0.7-py3-none-any.whl

Base branch total remaining vulnerabilities: 31
Base branch commit: a9b113119f373a0311e02e140a1342e959059bdf


Total libraries scanned: 213

Scan token: 88a9648b88a340df8421a4d332e7e217

View more details on Dev - Mend for GitHub.com