Skip to content
This repository was archived by the owner on May 1, 2025. It is now read-only.

[Snyk] Upgrade bull from 3.13.0 to 3.29.3 #6

Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade bull from 3.13.0 to 3.29.3 #6

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Dec 23, 2021

Snyk has created this PR to upgrade bull from 3.13.0 to 3.29.3.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 41 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-10-13.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Command Injection
SNYK-JS-LODASH-1040724		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 Proof of Concept
Prototype Pollution
SNYK-JS-IOREDIS-1567196		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: bull
  • 3.29.3 - 2021-10-13

    3.29.3 (2021-10-13)

    Bug Fixes

    • name-processors: wait for all processors when closing fixes #1618 (79ce013)
  • 3.29.2 - 2021-09-08

    3.29.2 (2021-09-08)

    Bug Fixes

    • connection: fail only if redis connection does not recover (0ca4c6b)
  • 3.29.1 - 2021-08-26

    3.29.1 (2021-08-26)

    Bug Fixes

  • 3.29.0 - 2021-08-20

    3.29.0 (2021-08-20)

    Features

    • jobs: add extendLock method (30d5959)
  • 3.28.1 - 2021-08-06

    3.28.1 (2021-08-06)

    Bug Fixes

    • queue: changed user prop to username for redisOptions (71baea9)
  • 3.28.0 - 2021-08-05

    3.28.0 (2021-08-05)

    Features

    • queue: handle redis url containing username (a245fc4)
  • 3.27.0 - 2021-07-27

    3.27.0 (2021-07-27)

    Features

    • support job.discard function in sandboxed processors (5adcf2c)
  • 3.26.0 - 2021-07-16

    3.26.0 (2021-07-16)

    Features

    • repeatable: store key in repeat options (dab0d82)
  • 3.25.2 - 2021-07-16

    3.25.2 (2021-07-16)

    Bug Fixes

  • 3.25.1 - 2021-07-16

    3.25.1 (2021-07-16)

    Bug Fixes

    • error when .lua scripts missing in built bundle (85307c3)
  • 3.25.0 - 2021-07-15
  • 3.24.0 - 2021-07-15
  • 3.23.3 - 2021-07-15
  • 3.23.2 - 2021-07-15
  • 3.23.1 - 2021-07-15
  • 3.23.0 - 2021-07-13
  • 3.22.12 - 2021-07-13
  • 3.22.11 - 2021-07-08
  • 3.22.10 - 2021-07-01
  • 3.22.9 - 2021-06-22
  • 3.22.8 - 2021-06-09
  • 3.22.7 - 2021-05-31
  • 3.22.6 - 2021-05-17
  • 3.22.5 - 2021-05-11
  • 3.22.4 - 2021-04-27
  • 3.22.3 - 2021-04-23
  • 3.22.2 - 2021-04-23
  • 3.22.1 - 2021-04-19
  • 3.22.0 - 2021-03-24
  • 3.21.1 - 2021-03-19
  • 3.21.0 - 2021-03-18
  • 3.20.1 - 2021-02-06
  • 3.20.0 - 2020-11-26
  • 3.19.1 - 2020-11-20
  • 3.19.0 - 2020-11-19
  • 3.18.1 - 2020-10-27
  • 3.18.0 - 2020-08-13
  • 3.17.0 - 2020-08-12
  • 3.16.0 - 2020-07-16
  • 3.15.0 - 2020-06-30
  • 3.14.0 - 2020-05-08
  • 3.13.0 - 2020-02-13
from bull GitHub release notes
Commit messages
Package name: bull
  • 2618a2e chore(release): 3.29.3 [skip ci]
  • 79ce013 fix(name-processors): wait for all processors when closing fixes #1618
  • c2194fe chore(commands): fix comment in takeLock
  • 8981898 chore(commands): fix typo
  • 87690a5 chore(release): 3.29.2 [skip ci]
  • 0ca4c6b fix(connection): fail only if redis connection does not recover
  • b5d55ec docs: add isPaused to the reference
  • 9e62ddc docs: add more explicit documentation around Repeatable Job configurations
  • 100c259 chore(release): 3.29.1 [skip ci]
  • 2f27faa fix: protect getJob with isReady, fixes #1386
  • 0cc0c39 chore: remove irrelevant comment fixes #2140
  • f2e25fb chore(release): 3.29.0 [skip ci]
  • 30d5959 feat(jobs): add extendLock method
  • 0277184 chore(deps): bump path-parse from 1.0.6 to 1.0.7
  • 1391dc0 chore(deps): bump tar from 6.1.0 to 6.1.6
  • c8d57fe chore(release): 3.28.1 [skip ci]
  • 71baea9 fix(queue): changed user prop to username for redisOptions
  • b7b8748 chore(release): 3.28.0 [skip ci]
  • a245fc4 feat(queue): handle redis url containing username
  • 6133d71 chore(release): 3.27.0 [skip ci]
  • 5adcf2c feat: support job.discard function in sandboxed processors
  • b50512e chore: exec npm run prettier
  • 236f812 docs: prefer const in PATTERNS.md
  • 562c9db chore(release): 3.26.0 [skip ci]

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

cla:signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot