nigzak opened a new pull request, #27187: URL: https://github.com/apache/superset/pull/27187
update numexpr from 2.8.4 to 2.9.0 to fix CVE-2023-39631 <!--- Please write the PR title following the conventions at https://www.conventionalcommits.org/en/v1.0.0/ Example: fix(dashboard): load charts correctly --> ### SUMMARY superset 3.1.0 / 3.1.1 has a critical finding: CVE-2023-39631 because of numexpr 2.8.4 ### TESTING INSTRUCTIONS unknown (sorry), this pull request is to update the numexpr to a non-faulty version depending the CVE ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [x] Has associated issue: https://github.com/apache/superset/issues/26967 - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API HINT: This is my first pull request ... if I made something wrong please let me know that I can make a next one better :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
