[
https://issues.apache.org/jira/browse/BEAM-13995?focusedWorklogId=736469&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-736469
]
ASF GitHub Bot logged work on BEAM-13995:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 04/Mar/22 04:40
Start Date: 04/Mar/22 04:40
Worklog Time Spent: 10m
Work Description: codecov[bot] edited a comment on pull request #17011:
URL: https://github.com/apache/beam/pull/17011#issuecomment-1058807661
#
[Codecov](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
Report
> Merging
[#17011](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
(2e8cecb) into
[master](https://codecov.io/gh/apache/beam/commit/14d02ee07f3da3f326e2d80ea38521ddf04c905c?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
(14d02ee) will **decrease** coverage by `0.00%`.
> The diff coverage is `n/a`.
[](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #17011 +/- ##
==========================================
- Coverage 73.83% 73.82% -0.01%
==========================================
Files 664 664
Lines 87272 87272
==========================================
- Hits 64434 64430 -4
- Misses 21735 21739 +4
Partials 1103 1103
```
| Flag | Coverage Δ | |
|---|---|---|
| python | `83.63% <ø> (-0.01%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click
here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment)
to find out more.
| [Impacted
Files](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
| Coverage Δ | |
|---|---|---|
|
[...ks/python/apache\_beam/runners/worker/data\_plane.py](https://codecov.io/gh/apache/beam/pull/17011/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy93b3JrZXIvZGF0YV9wbGFuZS5weQ==)
| `87.50% <0.00%> (-1.71%)` | :arrow_down: |
|
[.../python/apache\_beam/transforms/periodicsequence.py](https://codecov.io/gh/apache/beam/pull/17011/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vdHJhbnNmb3Jtcy9wZXJpb2RpY3NlcXVlbmNlLnB5)
| `96.72% <0.00%> (-1.64%)` | :arrow_down: |
|
[...ks/python/apache\_beam/runners/worker/sdk\_worker.py](https://codecov.io/gh/apache/beam/pull/17011/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy93b3JrZXIvc2RrX3dvcmtlci5weQ==)
| `89.06% <0.00%> (+0.15%)` | :arrow_up: |
|
[...hon/apache\_beam/runners/worker/bundle\_processor.py](https://codecov.io/gh/apache/beam/pull/17011/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy93b3JrZXIvYnVuZGxlX3Byb2Nlc3Nvci5weQ==)
| `93.51% <0.00%> (+0.24%)` | :arrow_up: |
------
[Continue to review full report at
Codecov](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn
more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by
[Codecov](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
Last update
[14d02ee...2e8cecb](https://codecov.io/gh/apache/beam/pull/17011?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
Read the [comment
docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 736469)
Time Spent: 0.5h (was: 20m)
> Apache beam is having vulnerable dependencies - Tensorflow, httplib2, pandas
> and numpy
> --------------------------------------------------------------------------------------
>
> Key: BEAM-13995
> URL: https://issues.apache.org/jira/browse/BEAM-13995
> Project: Beam
> Issue Type: Bug
> Components: dependencies, sdk-py-core
> Affects Versions: 2.23.0, 2.35.0, 2.36.0
> Reporter: Prerana
> Priority: P1
> Attachments: Tensorflow vulnerabilities.xlsx
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> We are using apache-beam[gcp]==2.23.0 and apache-beam=2.36.0.
> The following vulnerabilities are detected in white source with apache-beam.
> [CVE-2020-13091|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2020-13091;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]
> - pandas-0.25.3-cp37-cp37m-manylinux1_x86_64.whl -
> {*}Fix{*}({color:#4c9aff}Upgrade to version pandas -
> 0.3.0.beta,1.0.4;autovizwidget - 0.12.7;pandas - 1.0.4,1.1.0rc0{color})
> [CVE-2021-41496 -
> |https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2021-41496;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]numpy-1.21.5-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
> - {*}Fix{*}({color:#4c9aff}Upgrade to version autovizwidget - 0.12.7;numpy -
> 1.22.0rc1;numcodecs - 0.6.2;numpy-base - 1.11.3;numpy - 1.17.4{color})
> [CVE-2021-21240|https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2021-21240;orgToken=4b33dfdb-afc6-46a5-ae17-ea4bf6ebb98c]
> -httplib2-0.17.4-py3-none-any.whl - {*}Fix{*}({color:#4c9aff}Upgrade to
> version v0.19.0{color})
> {color:#0747a6}See attached xls{color} -
> tensorflow-1.14.0-cp37-cp37m-manylinux1_x86_64.whl -
> {*}Fix({*}{color:#4c9aff}attached xls{color}{*}){*}
> please upgrade the packages to the mentioned versions with fix.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
