origin
origin copied to clipboard
Update dependency redis to v3 [SECURITY]
This PR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
redis | 2.8.0 -> 3.1.1 |
GitHub Vulnerability Alerts
CVE-2021-29469
Impact
When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.
Patches
The problem was fixed in commit 2d11b6d
and was released in version 3.1.1
.
References
#1569 (GHSL-2021-026)
Release Notes
redis/node-redis
v3.1.1
Enhancements
- Upgrade node and dependencies (#1578)
Fixes
- Fix a potential exponential regex in monitor mode (#1595)
v3.1.0
Enhancements
- Upgrade node and dependencies and redis-commands to support Redis 6 (#1578)
- Add support for Redis 6
auth pass [user]
(#1508)
v3.0.2
v3.0.1
v3.0.0
This version is mainly a release to distribute all the unreleased changes on master since 2017 and additionally removes a lot of old deprecated features and internals in preparation for an upcoming modernization refactor (v4).
Breaking Changes
- Dropped support for Node.js < 6
- Dropped support for
hiredis
(no longer required) - Removed previously deprecated
drain
event - Removed previously deprecated
idle
event - Removed previously deprecated
parser
option - Removed previously deprecated
max_delay
option - Removed previously deprecated
max_attempts
option - Removed previously deprecated
socket_no_delay
option
Bug Fixes
- Removed development files from published package (#1370)
- Duplicate function now allows db param to be passed (#1311)
Features
- Upgraded to latest
redis-commands
package - Upgraded to latest
redis-parser
package, v3.0.0, which brings performance improvements - Replaced
double-ended-queue
withdenque
, which brings performance improvements - Add timestamps to debug traces
- Add
socket_initial_delay
option forsocket.setKeepAlive
(#1396) - Add support for
rediss
protocol in url (#1282)
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.