Update dependency org.apache.commons:commons-lang3 to v3.18.0 by dev-mend-for-github-com[bot] · Pull Request #37 · CarOrgSima/nifi

Security Report

You have successfully remediated 10 vulnerabilities, but introduced 8 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2024-8309 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library)	Critical	9.8	`Direct` langchain-0.0.331-py3-none-any.whl	langchain-0.0.331-py3-none-any.whl	langchain - 0.2.0,langchain-community - 0.2.19,langchain - 0.2.0,langchain-community - 0.2.19	None
CVE-2024-7042 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library)	Critical	9.8	`Direct` langchain-0.0.331-py3-none-any.whl	langchain-0.0.331-py3-none-any.whl	https://github.com/langchain-ai/langchainjs.git - no_fix	None
CVE-2021-41496 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info Dependency Hierarchy: -> langchain-0.0.331-py3-none-any.whl (Root Library) -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)	Medium	5.5	`Transitive` numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	langchain-0.0.331-py3-none-any.whl	`Transitive` https://github.com/numpy/numpy.git - no_fix	None
CVE-2021-41496 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info Dependency Hierarchy: -> chromadb-0.4.14-py3-none-any.whl (Root Library) -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)	Medium	5.5	`Transitive` numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	chromadb-0.4.14-py3-none-any.whl	`Transitive` https://github.com/numpy/numpy.git - no_fix	None
CVE-2021-41496 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info Dependency Hierarchy: -> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library) -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)	Medium	5.5	`Transitive` numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl	`Transitive` https://github.com/numpy/numpy.git - no_fix	None
CVE-2021-41495 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info Dependency Hierarchy: -> langchain-0.0.331-py3-none-any.whl (Root Library) -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)	Medium	5.3	`Transitive` numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	langchain-0.0.331-py3-none-any.whl	`Transitive` https://github.com/numpy/numpy.git - no_fix	None
CVE-2021-41495 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info Dependency Hierarchy: -> chromadb-0.4.14-py3-none-any.whl (Root Library) -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)	Medium	5.3	`Transitive` numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	chromadb-0.4.14-py3-none-any.whl	`Transitive` https://github.com/numpy/numpy.git - no_fix	None
CVE-2021-41495 Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20251127191200_TSUJSG/python_STYLYP/202511271912011/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info Dependency Hierarchy: -> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library) -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)	Medium	5.3	`Transitive` numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl	`Transitive` https://github.com/numpy/numpy.git - no_fix	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2025-62727	starlette-0.27.0-py3-none-any.whl
CVE-2021-41495	numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2025-54121	starlette-0.27.0-py3-none-any.whl
CVE-2021-22134	elasticsearch-7.10.2.jar
CVE-2021-41496	numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2025-50181	urllib3-2.0.7-py3-none-any.whl
CVE-2025-50182	urllib3-2.0.7-py3-none-any.whl
CVE-2024-24762	fastapi-0.103.2-py3-none-any.whl
CVE-2025-48924	commons-lang3-3.12.0.jar
CVE-2025-4565	protobuf-4.24.4-cp37-abi3-manylinux2014_x86_64.whl

Base branch total remaining vulnerabilities: 122
Base branch commit: null

Total libraries scanned: 2192

Scan token: 02ce371910ff47fdb72a7640f4870e6f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency org.apache.commons:commons-lang3 to v3.18.0#37

Update dependency org.apache.commons:commons-lang3 to v3.18.0#37
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/org.apache.commons-commons-lang3-3.x

Uh oh!

Security Report

Re-running checks...