sidekiq 5.2.8 → 5.2.10

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sidekiq might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 736ce0e629bd4a115422342ccb49c3cf8199372ced62e0bb0a9463974d2cb6cd
4
- data.tar.gz: 60857bf5d87f618ece94183f4553636ae6221f567ada9489da82bbbbd88e0930
3
+ metadata.gz: 22b205223a123bbe3a8812f1e2804be148afb5fe91c201ecb9a073eb4a188a06
4
+ data.tar.gz: '08ab2999267df91afb8f62b9a6b00810299791cad99763d5b16f70bda946410a'
5
5
  SHA512:
6
- metadata.gz: 363885cb52ed06abe653a9fbb6627e9931064fc7d3c607d605a2c915ff2e2ef236c1afd15d22e29a2ee11807f9682fd404c324a24fcd0163637a89f7b0d97458
7
- data.tar.gz: b772dbcd3a911a7a2e48cc75c51f996e59aeca84372188f14972ded218c56a11457e0b3fbd715f28f4c5a2e5b88ededf0ece59933a2e5a2cdb64815d96a02c06
6
+ metadata.gz: ad90b8ed3b060ce4521326a0dd4173550ee6bf64b0674fc08fbf37770aaec5ca0ea82738ed1730ccfcff4e0b616afcc47789ca8610cdd41a20abc0ef7d734891
7
+ data.tar.gz: 2ed367f9801d28616a1b56b0b209cfe797c2b5a137d2e67cfb8c6864c8d5ed8f58992924ddce654f1fec53b84a5f18abdf88d4df45373b98f46786d511bac3f2
data/Changes.md CHANGED
@@ -2,6 +2,19 @@
2
2
 
3
3
  [Sidekiq Changes](https://github.com/mperham/sidekiq/blob/master/Changes.md) | [Sidekiq Pro Changes](https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md) | [Sidekiq Enterprise Changes](https://github.com/mperham/sidekiq/blob/master/Ent-Changes.md)
4
4
 
5
+ 5.2.10
6
+ ---------
7
+
8
+ - Backport fix for CVE-2022-23837.
9
+ - Migrate to `exists?` for redis-rb.
10
+ - Lock redis-rb to <4.6 to avoid deprecations.
11
+
12
+ 5.2.9
13
+ ---------
14
+
15
+ - Release Rack lock due to a cascade of CVEs. [#4566]
16
+ Pro-tip: don't lock Rack.
17
+
5
18
  5.2.8
6
19
  ---------
7
20
 
data/Gemfile CHANGED
@@ -5,7 +5,7 @@ gemspec
5
5
  gem 'rake'
6
6
  gem 'redis-namespace'
7
7
  gem 'rails', '~> 5.2'
8
- gem 'sqlite3', '~> 1.3.6', platforms: :ruby
8
+ gem 'sqlite3', platforms: :ruby
9
9
  gem 'activerecord-jdbcsqlite3-adapter', platforms: :jruby
10
10
 
11
11
  group :test do
@@ -13,10 +13,6 @@ group :test do
13
13
  gem 'simplecov'
14
14
  end
15
15
 
16
- group :development, :test do
17
- gem 'pry-byebug', platforms: :mri
18
- end
19
-
20
16
  group :load_test do
21
17
  gem 'hiredis'
22
18
  gem 'toxiproxy'
data/lib/sidekiq/api.rb CHANGED
@@ -164,6 +164,8 @@ module Sidekiq
164
164
 
165
165
  class History
166
166
  def initialize(days_previous, start_date = nil)
167
+ #we only store five years of data in Redis
168
+ raise ArgumentError if days_previous < 1 || days_previous > (5 * 365)
167
169
  @days_previous = days_previous
168
170
  @start_date = start_date || Time.now.utc.to_date
169
171
  end
@@ -904,7 +906,7 @@ module Sidekiq
904
906
  procs = sscan(conn, 'processes')
905
907
  procs.sort.each do |key|
906
908
  valid, workers = conn.pipelined do
907
- conn.exists(key)
909
+ conn.exists?(key)
908
910
  conn.hgetall("#{key}:workers")
909
911
  end
910
912
  next unless valid
@@ -102,7 +102,7 @@ module Sidekiq
102
102
  _, exists, _, _, msg = Sidekiq.redis do |conn|
103
103
  conn.multi do
104
104
  conn.sadd('processes', key)
105
- conn.exists(key)
105
+ conn.exists?(key)
106
106
  conn.hmset(key, 'info', to_json, 'busy', curstate.size, 'beat', Time.now.to_f, 'quiet', @done)
107
107
  conn.expire(key, 60)
108
108
  conn.rpop("#{key}-signals")
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module Sidekiq
3
- VERSION = "5.2.8"
3
+ VERSION = "5.2.10"
4
4
  end
@@ -15,7 +15,7 @@ module Sidekiq
15
15
  end
16
16
 
17
17
  def halt(res)
18
- throw :halt, res
18
+ throw :halt, [res, {"Content-Type" => "text/plain"}, [res.to_s]]
19
19
  end
20
20
 
21
21
  def redirect(location)
@@ -45,7 +45,10 @@ module Sidekiq
45
45
 
46
46
  get "/" do
47
47
  @redis_info = redis_info.select{ |k, v| REDIS_KEYS.include? k }
48
- stats_history = Sidekiq::Stats::History.new((params['days'] || 30).to_i)
48
+ days = (params["days"] || 30).to_i
49
+ return halt(401) if days < 1 || days > 180
50
+
51
+ stats_history = Sidekiq::Stats::History.new(days)
49
52
  @processed_history = stats_history.processed
50
53
  @failed_history = stats_history.failed
51
54
 
data/sidekiq.gemspec CHANGED
@@ -14,8 +14,8 @@ Gem::Specification.new do |gem|
14
14
  gem.version = Sidekiq::VERSION
15
15
  gem.required_ruby_version = ">= 2.2.2"
16
16
 
17
- gem.add_dependency 'redis', '>= 3.3.5', '< 5'
17
+ gem.add_dependency "redis", "~> 4.5", "< 4.6.0"
18
18
  gem.add_dependency 'connection_pool', '~> 2.2', '>= 2.2.2'
19
- gem.add_dependency 'rack', '< 2.1.0'
19
+ gem.add_dependency 'rack', '~> 2.0'
20
20
  gem.add_dependency 'rack-protection', '>= 1.5.0'
21
21
  end
metadata CHANGED
@@ -1,35 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sidekiq
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.8
4
+ version: 5.2.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Perham
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-13 00:00:00.000000000 Z
11
+ date: 2022-02-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: redis
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 3.3.5
19
+ version: '4.5'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
- version: '5'
22
+ version: 4.6.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
- - - ">="
27
+ - - "~>"
28
28
  - !ruby/object:Gem::Version
29
- version: 3.3.5
29
+ version: '4.5'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
- version: '5'
32
+ version: 4.6.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: connection_pool
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -54,16 +54,16 @@ dependencies:
54
54
  name: rack
55
55
  requirement: !ruby/object:Gem::Requirement
56
56
  requirements:
57
- - - "<"
57
+ - - "~>"
58
58
  - !ruby/object:Gem::Version
59
- version: 2.1.0
59
+ version: '2.0'
60
60
  type: :runtime
61
61
  prerelease: false
62
62
  version_requirements: !ruby/object:Gem::Requirement
63
63
  requirements:
64
- - - "<"
64
+ - - "~>"
65
65
  - !ruby/object:Gem::Version
66
- version: 2.1.0
66
+ version: '2.0'
67
67
  - !ruby/object:Gem::Dependency
68
68
  name: rack-protection
69
69
  requirement: !ruby/object:Gem::Requirement
@@ -208,7 +208,7 @@ homepage: http://sidekiq.org
208
208
  licenses:
209
209
  - LGPL-3.0
210
210
  metadata: {}
211
- post_install_message:
211
+ post_install_message:
212
212
  rdoc_options: []
213
213
  require_paths:
214
214
  - lib
@@ -223,8 +223,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
223
223
  - !ruby/object:Gem::Version
224
224
  version: '0'
225
225
  requirements: []
226
- rubygems_version: 3.0.3
227
- signing_key:
226
+ rubygems_version: 3.2.32
227
+ signing_key:
228
228
  specification_version: 4
229
229
  summary: Simple, efficient background processing for Ruby
230
230
  test_files: []