Skip to content
This repository has been archived by the owner on May 28, 2024. It is now read-only.

chore(deps): update dependency sidekiq to v7.1.3 #19

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ibm-mend-app[bot]
Copy link

@ibm-mend-app ibm-mend-app bot commented May 12, 2024

This PR contains the following updates:

Package Update Change
sidekiq (source, changelog) patch 7.1.0 -> 7.1.3

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Medium Medium 4.9 CVE-2023-26141

Release Notes

sidekiq/sidekiq (sidekiq)

v7.1.3

Compare Source

  • Add sidekiq_options retry_for: 48.hours to allow time-based retry windows [#​6029]
  • Support sidekiq_retry_in and sidekiq_retries_exhausted_block in ActiveJobs (#​5994)
  • Lowercase all Rack headers for Rack 3.0 [#​5951]
  • Validate Sidekiq::Web page refresh delay to avoid potential DoS,
    CVE-2023-26141, thanks for reporting Keegan!

v7.1.2

Compare Source

  • Mark Web UI assets as private so CDNs won't cache them [#​5936]
  • Fix stackoverflow when using Oj and the JSON log formatter [#​5920]
  • Remove spurious enqueued_at from scheduled ActiveJobs [#​5937]

v7.1.1

Compare Source

  • Support multiple CurrentAttributes [#​5904]
  • Speed up latency fetch with large queues on Redis <7 [#​5910]
  • Allow a larger default client pool [#​5886]
  • Ensure Sidekiq.options[:environment] == RAILS_ENV [#​5932]

  • If you want to rebase/retry this PR, check this box

@ibm-mend-app ibm-mend-app bot added the security fix Security fix generated by WhiteSource label May 12, 2024
@ibm-mend-app ibm-mend-app bot force-pushed the whitesource-remediate/sidekiq-7.x-lockfile branch from 32198f5 to 758a32c Compare May 22, 2024 00:52
Copy link
Author

ibm-mend-app bot commented May 28, 2024

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock
Fetching gem metadata from https://rubygems.org/.........

Could not find gem 'Ruby� (~> 3.2.0.0)' in the local ruby installation.

The source contains the following gems matching 'Ruby�':
  * Ruby�-3.2.2.53

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
security fix Security fix generated by WhiteSource
Development

Successfully merging this pull request may close these issues.

0 participants