Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency sidekiq to '~> 7.1.0' [security] #888

Open
wants to merge 1 commit into
base: staging
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 14, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sidekiq (source, changelog) '~> 7.0.6' -> '~> 7.1.0' age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26141

Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.


Release Notes

sidekiq/sidekiq (sidekiq)

v7.1.3

Compare Source

  • Add sidekiq_options retry_for: 48.hours to allow time-based retry windows [#​6029]
  • Support sidekiq_retry_in and sidekiq_retries_exhausted_block in ActiveJobs (#​5994)
  • Lowercase all Rack headers for Rack 3.0 [#​5951]
  • Validate Sidekiq::Web page refresh delay to avoid potential DoS,
    CVE-2023-26141, thanks for reporting Keegan!

v7.1.2

Compare Source

  • Mark Web UI assets as private so CDNs won't cache them [#​5936]
  • Fix stackoverflow when using Oj and the JSON log formatter [#​5920]
  • Remove spurious enqueued_at from scheduled ActiveJobs [#​5937]

v7.1.1

Compare Source

  • Support multiple CurrentAttributes [#​5904]
  • Speed up latency fetch with large queues on Redis <7 [#​5910]
  • Allow a larger default client pool [#​5886]
  • Ensure Sidekiq.options[:environment] == RAILS_ENV [#​5932]

v7.1.0

Compare Source

  • Improve display of ActiveJob arguments in Web UI [#​5825, cover]
  • Update push_bulk to push batch_size jobs at a time and allow laziness [#​5827, fatkodima]
    This allows Sidekiq::Client to push unlimited jobs as long as it has enough memory for the batch_size.
  • Update perform_bulk to use push_bulk internally.
  • Change return value of push_bulk to map 1-to-1 with arguments.
    If you call push_bulk(args: [[1], [2], [3]]), you will now always get
    an array of 3 values as the result: ["jid1", nil, "jid3"] where nil means
    that particular job did not push successfully (possibly due to middleware
    stopping it). Previously nil values were removed so it was impossible to tell
    which jobs pushed successfully and which did not.
  • Migrate away from all deprecated Redis commands [#​5788]
    Sidekiq will now print a warning if you use one of those deprecated commands.
  • Prefix all Sidekiq thread names [#​5872]

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 14, 2023
@renovate renovate bot changed the title chore(deps): update dependency sidekiq to '~> 7.1.0' [security] chore(deps): update dependency sidekiq to '~> 7.1.0' [security] - autoclosed Aug 1, 2024
@renovate renovate bot closed this Aug 1, 2024
@renovate renovate bot deleted the renovate/rubygems-sidekiq-vulnerability branch August 1, 2024 19:28
@renovate renovate bot restored the renovate/rubygems-sidekiq-vulnerability branch August 6, 2024 06:33
@renovate renovate bot changed the title chore(deps): update dependency sidekiq to '~> 7.1.0' [security] - autoclosed chore(deps): update dependency sidekiq to '~> 7.1.0' [security] Aug 6, 2024
@renovate renovate bot reopened this Aug 6, 2024
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from a663856 to 08dada7 Compare August 6, 2024 06:33
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from 08dada7 to 9f878d3 Compare November 21, 2024 21:03
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from 9f878d3 to 5cc25cb Compare November 27, 2024 14:59
Copy link

codecov bot commented Nov 27, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 52.37%. Comparing base (0daa494) to head (5cc25cb).

Additional details and impacted files
@@           Coverage Diff            @@
##           staging     #888   +/-   ##
========================================
  Coverage    52.37%   52.37%           
========================================
  Files           55       55           
  Lines         1178     1178           
========================================
  Hits           617      617           
  Misses         561      561           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants