chore(deps): update dependency sidekiq to '~> 7.1.0' [security] #888
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
'~> 7.0.6'
->'~> 7.1.0'
GitHub Vulnerability Alerts
CVE-2023-26141
Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.
Release Notes
sidekiq/sidekiq (sidekiq)
v7.1.3
Compare Source
sidekiq_options retry_for: 48.hours
to allow time-based retry windows [#6029]CVE-2023-26141, thanks for reporting Keegan!
v7.1.2
Compare Source
enqueued_at
from scheduled ActiveJobs [#5937]v7.1.1
Compare Source
v7.1.0
Compare Source
push_bulk
to pushbatch_size
jobs at a time and allow laziness [#5827, fatkodima]This allows Sidekiq::Client to push unlimited jobs as long as it has enough memory for the batch_size.
perform_bulk
to usepush_bulk
internally.push_bulk
to map 1-to-1 with arguments.If you call
push_bulk(args: [[1], [2], [3]])
, you will now always getan array of 3 values as the result:
["jid1", nil, "jid3"]
where nil meansthat particular job did not push successfully (possibly due to middleware
stopping it). Previously nil values were removed so it was impossible to tell
which jobs pushed successfully and which did not.
Sidekiq will now print a warning if you use one of those deprecated commands.
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.