Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade ioredis from 2.5.0 to 4.27.8 #200

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 603/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.2
Prototype Pollution
SNYK-JS-IOREDIS-1567196
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ioredis The new version differs by 250 commits.
  • 0587353 chore(release): 4.27.8 [skip ci]
  • 7d73b9d fix: handle malicious keys for hgetall (#1416)
  • 17c7595 chore: fix potential security vulnerabilities [skip ci]
  • a13eddc chore(release): 4.27.7 [skip ci]
  • d7477aa fix(cluster): fix autopipeline with keyPrefix or arg array (#1391)
  • beefcc1 docs(README): fix docs typo (#1385)
  • cae7fc5 chore(release): 4.27.6 [skip ci]
  • 42f1ee1 fix: fixed autopipeline performances. (#1226)
  • 71f2994 chore(release): 4.27.5 [skip ci]
  • f02e383 fix(SENTINEL): actively failover detection under an option (#1363)
  • c87ea2a chore(release): 4.27.4 [skip ci]
  • 62b6a64 perf: Serialize error stack only when needed (#1359)
  • d4a55b5 chore(release): 4.27.3 [skip ci]
  • abd9a82 fix: autopipeling for buffer function (#1231)
  • e0cfea1 chore(release): 4.27.2 [skip ci]
  • aa9c5b1 fix(cluster): avoid ClusterAllFailedError in certain cases
  • aafc349 chore(release): 4.27.1 [skip ci]
  • d65f8b2 fix: clears commandTimeout timer as each respective command gets fulfilled (#1336)
  • 9e140f0 chore(release): 4.27.0 [skip ci]
  • a464151 feat(sentinel): detect failover from +switch-master messages (#1328)
  • 6b821af docs: add CONTRIBUTING note
  • dac428d chore(release): 4.26.0 [skip ci]
  • 2e388db feat(cluster): apply provided connection name to internal connections
  • 81b9be0 fix(cluster): subscriber connection leaks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant