A complete solution for open data platforms, enterprise data catalogs, data lakes and data management. Open source, mature, fully-featured and production ready.

DataHub

`Vulnerability` 
`CVE-2023-30608`  `sqlparse 0.4.3` `Severity High`
Hello team,
We got a notification from our security scanner on an issue reported by CWE <https://nvd.nist.gov/vuln/detail/CVE-2023-30608|CVE-2023-30608>. I know that it _`sqlparse`_ was kept to _0.4.3_ since it was compatible with `sqllinneage` _1.3.6_. However `sqllinneage`  1.3.8 is compatible with 0.4.4, so would it make sense to upgrade sqllinneage to 1.3.8 to avoid the security issue in sqlparse 0.4.3.

Hi, thanks for reporting this - we'll deliver this to our core team and get back to you!

Thank you so much for the fast response <@U04QRNY4ZHA>  :hugging_face:

We’re working on this here <https://github.com/datahub-project/datahub/pull/8098>

<@U01GZEETMEZ> I noticed that the pull request you mentioned got closed because of failing builds. Is it possible to just upgrade it to 1.3.8 since that is just a micro update? :slightly_smiling_face: This will at least get rid of the vulnerability.

Sure - doing that here, assuming it passes CI <https://github.com/datahub-project/datahub/pull/8481>