SECURITY: Validate input to avoid possible DoS in Web UI.
Add strict argument checking#5071
Sidekiq will now log a warning if JSON-unsafe arguments are passed to perform_async.
Add Sidekiq.strict_args!(false) to your initializer to disable this warning.
This warning will switch to an exception in Sidekiq 7.0.
Note that Delayed Extensions will be removed in Sidekiq 7.0 #5076
Add perform_{inline,sync} in Sidekiq::Job to run a job synchronously [#5061, hasan-ally]
Tweak shutdown to give long-running threads time to cleanup #5095
Add keyword arguments support in extensions
6.3.1
Fix keyword arguments error with CurrentAttributes on Ruby 3.0 #5048
6.3.0
BREAK: The Web UI has been refactored to remove jQuery. Any UI extensions
which use jQuery will break.
FEATURE: Sidekiq.logger has been enhanced so any Rails.logger
output in jobs now shows up in the Sidekiq console. Remove any logger
hacks in your initializer and see if it Just Works™ now. #5021
FEATURE: Add Sidekiq::Job alias for Sidekiq::Worker, to better
reflect industry standard terminology. You can now do this:
class MyJob
include Sidekiq::Job
sidekiq_options ...
def perform(args)
end
end
... (truncated)
Commits
7f6b2ef Bump minor as there are significant changes
7785ac1 Validate days parameter to avoid possible DoS in Web UI
0a4de94 Add keyword arguments support in extensions (#5120)
b3c99ca Dashboard CSS tweaks for consistency/improvements (#5123)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TCDLibrary/TCD-Hyrax-Web-App/network/alerts).
Bumps sidekiq from 6.2.1 to 6.4.0.
Changelog
Sourced from sidekiq's changelog.
... (truncated)
Commits
7f6b2efBump minor as there are significant changes7785ac1Validatedaysparameter to avoid possible DoS in Web UI0a4de94Add keyword arguments support in extensions (#5120)b3c99caDashboard CSS tweaks for consistency/improvements (#5123)8f7bc48Dark Mode Improvements (#5122)07acfadBring back redis-namespace onto a gem released58a0a1Update build for Ruby 3.1, fixes #511563f6e68standard formatting96816c3fix ruby 3.0 build96ac8e7bumpDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TCDLibrary/TCD-Hyrax-Web-App/network/alerts).