Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade bullmq from 4.17.0 to 5.3.3 #45

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

antobinary
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bullmq The new version differs by 97 commits.
  • e31fe65 chore(release): 5.3.3 [skip ci]
  • 91cf9a9 fix(deps): replaced glob by fast-glob due to security advisory
  • 927d2a5 chore(release): 5.3.2 [skip ci]
  • 7606e36 fix(sandbox): extend SandboxedJob from JobJsonSandbox (#2446) fixes #2439
  • 8f8cb88 test(dragonfly): fix flaky test when getting worker rawnames(#2445)
  • 651d086 chore(release): 5.3.1 [skip ci]
  • 1e9a13f fix(add-job): fix parent job cannot be replaced error message (#2441)
  • 7fc6f91 GITBOOK-192: change request with no subject merged in GitBook
  • bfa1839 chore(release): 5.3.0 [skip ci]
  • 9bf50bc chore(queue-events): add TODO to the comment
  • 7ba2729 feat(worker): add support for naming workers
  • b1432ab GITBOOK-191: change request with no subject merged in GitBook
  • 1a77c16 GITBOOK-190: change request with no subject merged in GitBook
  • 56e578b GITBOOK-189: change request with no subject merged in GitBook
  • 571b417 chore(release): 5.2.1 [skip ci]
  • 8a85207 fix(flow): remove failed children references on auto removal (#2432)
  • 83e8a61 chore(release): 5.2.0 [skip ci]
  • c7559f4 feat(flow): add ignoreDependencyOnFailure option (#2426)
  • 51ef4ae test(flow): do not remove grandparent on regular remove (#2429)
  • 5938664 chore(release): 5.1.12 [skip ci]
  • 1bc26a6 fix(redis-connection): close redis connection even when initializing (#2425) fixes #2385
  • d08cd59 refactor(add-job): remove extra include (#2423)
  • 415f389 docs(guide): fix queueEvents.on failed description (#2420)
  • 4c54873 docs(guide): fix markdown syntax in prioritized jobs (#2421)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Copy link

Updated Docker image pushed to docker.io/bigbluebutton/bbb-webhooks:pr-45

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants