Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency sidekiq to v6.5.10 [SECURITY] #16

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency sidekiq to v6.5.10 [SECURITY] #16

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 14, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sidekiq (source, changelog) 6.5.6 -> 6.5.10 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26141

Versions of the package sidekiq before 7.1.3 and 6.5.10 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.

Release Notes

sidekiq/sidekiq (sidekiq)

v6.5.10

Compare Source

v6.5.9

Compare Source

  • Ensure Sidekiq.options[:environment] == RAILS_ENV [#​5932]

v6.5.8

Compare Source

  • Fail if using a bad version of scout_apm [#​5616]
  • Add pagination to Busy page [#​5556]
  • Speed up WorkSet#each [#​5559]
  • Adjust CurrentAttributes to work with the String class name so we aren't referencing the Class within a Rails initializer [#​5536]

v6.5.7

Compare Source

  • Updates for JA and ZH locales
  • Further optimizations for scheduled polling [#​5513]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from Clivern as a code owner September 14, 2023 22:56
@renovate renovate bot changed the title Update dependency sidekiq to v7 [SECURITY] Update dependency sidekiq to v7 [SECURITY] - autoclosed Oct 5, 2023
@renovate renovate bot closed this Oct 5, 2023
@renovate renovate bot deleted the renovate/rubygems-sidekiq-vulnerability branch October 5, 2023 13:33
@renovate renovate bot changed the title Update dependency sidekiq to v7 [SECURITY] - autoclosed Update dependency sidekiq to v7 [SECURITY] Oct 5, 2023
@renovate renovate bot reopened this Oct 5, 2023
@renovate renovate bot restored the renovate/rubygems-sidekiq-vulnerability branch October 5, 2023 16:23
@renovate renovate bot changed the title Update dependency sidekiq to v7 [SECURITY] Update dependency sidekiq to v6.5.10 [SECURITY] Oct 5, 2023
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from f48e2e2 to b00cca3 Compare October 5, 2023 16:24
@renovate renovate bot changed the title Update dependency sidekiq to v6.5.10 [SECURITY] Update dependency sidekiq to v6.5.10 [SECURITY] - autoclosed Jul 8, 2024
@renovate renovate bot closed this Jul 8, 2024
@renovate renovate bot deleted the renovate/rubygems-sidekiq-vulnerability branch July 8, 2024 20:00
@renovate renovate bot changed the title Update dependency sidekiq to v6.5.10 [SECURITY] - autoclosed Update dependency sidekiq to v6.5.10 [SECURITY] Jul 14, 2024
@renovate renovate bot restored the renovate/rubygems-sidekiq-vulnerability branch July 14, 2024 09:55
@renovate renovate bot reopened this Jul 14, 2024
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from b00cca3 to a78a261 Compare July 14, 2024 09:55
@renovate renovate bot changed the title Update dependency sidekiq to v6.5.10 [SECURITY] Update dependency sidekiq to v6.5.10 [SECURITY] - autoclosed Aug 3, 2024
@renovate renovate bot closed this Aug 3, 2024
@renovate renovate bot deleted the renovate/rubygems-sidekiq-vulnerability branch August 3, 2024 18:16
@renovate renovate bot changed the title Update dependency sidekiq to v6.5.10 [SECURITY] - autoclosed Update dependency sidekiq to v6.5.10 [SECURITY] Aug 6, 2024
@renovate renovate bot reopened this Aug 6, 2024
@renovate renovate bot restored the renovate/rubygems-sidekiq-vulnerability branch August 6, 2024 10:50
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from a78a261 to f17d67a Compare August 6, 2024 10:51
@renovate renovate bot force-pushed the renovate/rubygems-sidekiq-vulnerability branch from f17d67a to 592f71a Compare November 3, 2024 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Clivern Clivern Awaiting requested review from Clivern Clivern is a code owner

Assignees
No one assigned
Labels
🚧 Dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants