Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade redis from 2.8.0 to 4.0.3 #15

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade redis from 2.8.0 to 4.0.3 #15

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Mar 3, 2022

Snyk has created this PR to upgrade redis from 2.8.0 to 4.0.3.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 23 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-01-31.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-REDIS-1255645		 479/1000
Why? Has a fix available, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: redis
  • 4.0.3 - 2022-01-31
  • 4.0.2 - 2022-01-13
    No content.
  • 4.0.1 - 2021-12-13
  • 4.0.0 - 2021-11-25
  • 4.0.0-rc.4 - 2021-11-16
  • 4.0.0-rc.3 - 2021-10-11
  • 4.0.0-rc.2 - 2021-09-23
  • 4.0.0-rc.1 - 2021-09-06
  • 4.0.0-rc.0 - 2021-08-27
  • 4.0.0-next.7 - 2021-08-24
  • 4.0.0-next.6 - 2021-08-19
  • 4.0.0-next.5 - 2021-07-28
  • 4.0.0-next.4 - 2021-07-01
  • 4.0.0-next.3 - 2021-06-24
  • 4.0.0-next.2 - 2021-06-12
  • 4.0.0-next.1 - 2021-06-11
  • 4.0.0-next.0 - 2021-06-11
  • 3.1.2 - 2021-04-20
  • 3.1.1 - 2021-04-13
  • 3.1.0 - 2021-03-31
  • 3.0.2 - 2020-02-09
  • 3.0.1 - 2020-02-09
  • 3.0.0 - 2020-02-09
  • 2.8.0 - 2017-08-08
from redis GitHub release notes
Commit messages
Package name: redis
  • 429c1e0 lock versions
  • 287b334 Release [email protected]
  • a5798e2 Release [email protected]
  • d78d25a upgrade dependencies
  • 3547b20 Graph (#1887)
  • 46b831c fix #1864 - cluster.quit (#1886)
  • 8160fa7 fix #1865 - add defaults to RedisModules and RedisScripts (#1885)
  • ac1a61f fix #1876 - remove engines (#1884)
  • 5147521 fix #1874 - fix TIME return type (#1880)
  • 21270ba fix #1875 - fix XPENDING_RANGE id type (#1879)
  • 741aff0 update tls type to be boolean instead of "true" (RedisTlsSocketOptions) (#1851)
  • 84aebcc upgrade dependencies
  • 7ded3dd fix #1846 - handle arguments that are not buffers or strings (#1849)
  • 551d204 fix #1854 - fix __redis__:invalidate messages handler (#1856)
  • cf120c3 Correct relative links (#1867)
  • e66fa6a Correct relative link to changelog (#1868)
  • a229950 upgrade dependencies (#1863)
  • bac6744 Delete dependabot.yml
  • de16a8d Update dependabot.yml
  • 76c137b Bump release-it from 14.12.1 to 14.12.3 (#1862)
  • eb26249 Bump @ types/node from 17.0.8 to 17.0.10 (#1861)
  • 415a10c Bump typescript from 4.5.4 to 4.5.5 (#1858)
  • 7e6d4b5 Bump eslint from 8.6.0 to 8.7.0 (#1859)
  • 3ae275e Bump typedoc from 0.22.10 to 0.22.11 (#1860)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot