chore(deps): bump es5-ext in /packages/cubejs-query-orchestrator to address security advisory

[adamstruck]

I was running into this security alert in my project due to the pinned version in this package.

es5-ext vulnerable to Regular Expression Denial of Service in function#copy and function#toStringTokens

Impact

Passing functions with very long names or complex default argument names into function#copy orfunction#toStringTokens may put script to stall

Patches

Fixed with medikoo/es5-ext@3551cdd and medikoo/es5-ext@a52e957
Published with v0.10.63

Workarounds

No real workaround aside of refraining from using above utilities.

References

medikoo/es5-ext#201

References

GHSA-4gmj-3p3h-gm8h
https://nvd.nist.gov/vuln/detail/CVE-2024-27088
medikoo/es5-ext#201
medikoo/es5-ext@3551cdd
medikoo/es5-ext@a52e957

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

8 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
examples-angular-dashboard	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-react-d3	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-react-dashboard	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-react-data-table	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-react-highcharts	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-react-material-ui	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-react-pivot-table	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm
examples-vue-query-builder	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 6:30pm

[ovr]

This dependency is locked due to #4257

The author of this library misuses opportunities from postinstall script to spam logs https://github.com/medikoo/es5-ext/blob/main/_postinstall.js

medikoo/es5-ext#116

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 47.91%. Comparing base (cd67a7c) to head (8e8e43e).
Report is 57 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #7884       +/-   ##
===========================================
- Coverage   68.14%   47.91%   -20.24%     
===========================================
  Files         348      154      -194     
  Lines       58971    21011    -37960     
  Branches     5262     5262               
===========================================
- Hits        40186    10067    -30119     
+ Misses      18585    10744     -7841     
  Partials      200      200               

Flag	Coverage Δ
cube-backend	47.91% <ø> (ø)
cubesql	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.