cube
cube copied to clipboard
cube-js
Migrate away from `request` and `request-promise`
request and therefore request-promise have been deprecated for a while. On top of that they are dependent on an old version of tough-cookie for which there is a critical CVE report (CVE-2023-26136). migrating to a different request tool is highly recommended for:
- https://github.com/cube-js/cube/blob/e5d20d228ac07849dbcd4df2f713ea01fc74f0fe/packages/cubejs-backend-cloud/package.json#L29
- https://github.com/cube-js/cube/blob/e5d20d228ac07849dbcd4df2f713ea01fc74f0fe/packages/cubejs-cli/package.json#L44
- https://github.com/cube-js/cube/blob/e5d20d228ac07849dbcd4df2f713ea01fc74f0fe/packages/cubejs-schema-compiler/package.json#L81
There are a number of replacements of these packages listed here. Is there a preference by the community as to what we move to?
If you are interested in working on this issue, please go ahead and provide PR for that. We'd be happy to review it and merge it. If this is the first time you are contributing a Pull Request to Cube, please check our contribution guidelines. You can also post any questions while contributing in the #contributors channel in the Cube Slack.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}