search

cube-js / cube

📊 Cube — Universal semantic layer platform for AI, BI, spreadsheets, and embedded analytics
https://cube.dev
Other
18.03k stars 1.78k forks source link

schema-compiler dependency (luxon) update #8203

Closed jlloyd-widen closed 7 months ago

jlloyd-widen commented 7 months ago

https://github.com/cube-js/cube/blob/e5d20d228ac07849dbcd4df2f713ea01fc74f0fe/packages/cubejs-schema-compiler/package.json#L47

The schema-compiler is dependent on an old version of cron-parser that is dependent on luxon@1.28.0 which is implicated in CVE-2023-22467. We need this dependency updated to pass our security checks.

github-actions[bot] commented 7 months ago

If you are interested in working on this issue, please go ahead and provide PR for that. We'd be happy to review it and merge it. If this is the first time you are contributing a Pull Request to Cube, please check our contribution guidelines. You can also post any questions while contributing in the #contributors channel in the Cube Slack.

ovr commented 7 months ago

Hello @jlloyd-widen,

Should be easy to fix it. Would you like to prepare a PR for that?

Thanks

jlloyd-widen commented 7 months ago

I'll give it a shot. This isn't my normal stack.