[
https://issues.apache.org/jira/browse/FLINK-35282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Nuyanzin reopened FLINK-35282:
-------------------------------------
I noticed that it was reverted by [~hong] at
[caa68c2481f7c483d0364206d36654af26f2074f|https://github.com/apache/flink/commit/caa68c2481f7c483d0364206d36654af26f2074f]
for that reason it would make sense to reopen the issue as well
BTW I have a fix for license check issue at
https://github.com/snuyanzin/flink/commit/5a4f4d0eb785050552c73fbfc74214f85ee278b0
We could try is once build becomes more stable
> PyFlink Support for Apache Beam > 2.49
> --------------------------------------
>
> Key: FLINK-35282
> URL: https://issues.apache.org/jira/browse/FLINK-35282
> Project: Flink
> Issue Type: Improvement
> Components: API / Python
> Affects Versions: 1.19.0, 1.18.1
> Reporter: APA
> Assignee: Antonio Vespoli
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.20.0
>
>
> From what I see PyFlink still has the requirement of Apache Beam => 2.43.0
> and <= 2.49.0 which subsequently results in a requirement of PyArrow <=
> 12.0.0. That keeps us exposed to
> [https://nvd.nist.gov/vuln/detail/CVE-2023-47248]
> I'm not deep enough familiar with the PyFlink code base to understand why
> Apache Beam's upper dependency limit can't be lifted. From all the existing
> issues I haven't seen one addressing this. Therefore I created one now.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
