[Snyk] Upgrade ioredis from 4.14.1 to 4.28.5

[snyk-bot]

Snyk has created this PR to upgrade ioredis from 4.14.1 to 4.28.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 51 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2022-02-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-IOREDIS-1567196	531/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	531/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: ioredis

• 4.28.5 - 2022-02-06
  

  4.28.5 (2022-02-06)

  Bug Fixes

  • Reset loaded script hashes to force a reload of scripts after reconnect of redis (#1497) (f357a31)
• 4.28.4 - 2022-02-02
  

  4.28.4 (2022-02-02)

  Bug Fixes

  • make sure timers is cleared on exit (#1502) (cfb04a0)
• 4.28.3 - 2022-01-11
  

  4.28.3 (2022-01-11)

  Bug Fixes

  • fix exceptions on messages of client side cache (#1479) (02adca4)
• 4.28.2 - 2021-12-01
  

  4.28.2 (2021-12-01)

  Bug Fixes

  • add Redis campaign (#1475) (3f3d8e9)
  • fix a memory leak with autopipelining. (#1470) (f5d8b73)
  • unhandled Promise rejections in pipeline.exec [skip ci] (#1466) (e5615da)
• 4.28.1 - 2021-11-23
  

  4.28.1 (2021-11-23)

  Bug Fixes

  • handle possible unhandled promise rejection with autopipelining+cluster (#1467) (6ad285a), closes #1466
• 4.28.0 - 2021-10-13
  

  4.28.0 (2021-10-13)

  Features

  • tls: add TLS profiles for easier configuration (#1441) (4680211)
• 4.27.11 - 2021-10-11
  

  4.27.11 (2021-10-11)

  Bug Fixes

  • make export interface compatible with jest (#1445) (2728dbe)
• 4.27.10 - 2021-10-04
  

  4.27.10 (2021-10-04)

  Bug Fixes

  • cluster: lazyConnect with pipeline (#1408) (b798107)
• 4.27.9 - 2021-08-30
  

  4.27.9 (2021-08-30)

  Bug Fixes

  • Fix undefined property warning in executeAutoPipeline (#1425) (f898672)
  • improve proto checking for hgetall [skip ci] (#1418) (cba83cb)
• 4.27.8 - 2021-08-18
  

  4.27.8 (2021-08-18)

  Bug Fixes

  • handle malicious keys for hgetall (#1416) (7d73b9d), closes #1267
• 4.27.7 - 2021-08-01
• 4.27.6 - 2021-06-13
• 4.27.5 - 2021-06-05
• 4.27.4 - 2021-06-04
• 4.27.3 - 2021-05-22
• 4.27.2 - 2021-05-04
• 4.27.1 - 2021-04-24
• 4.27.0 - 2021-04-24
• 4.26.0 - 2021-04-08
• 4.25.0 - 2021-04-02
• 4.24.6 - 2021-03-31
• 4.24.5 - 2021-03-27
• 4.24.4 - 2021-03-24
• 4.24.3 - 2021-03-21
• 4.24.2 - 2021-03-14
• 4.24.1 - 2021-03-14
• 4.24.0 - 2021-03-14
• 4.23.1 - 2021-03-14
• 4.23.0 - 2021-02-25
• 4.22.0 - 2021-02-06
• 4.21.0 - 2021-02-06
• 4.20.0 - 2021-02-05
• 4.19.4 - 2020-12-13
• 4.19.3 - 2020-12-13
• 4.19.2 - 2020-10-31
• 4.19.1 - 2020-10-28
• 4.19.0 - 2020-10-23
• 4.18.0 - 2020-07-25
• 4.17.3 - 2020-05-30
• 4.17.2 - 2020-05-30
• 4.17.1 - 2020-05-16
• 4.17.0 - 2020-05-16
• 4.16.3 - 2020-04-21
• 4.16.2 - 2020-04-11
• 4.16.1 - 2020-03-28
• 4.16.0 - 2020-02-19
• 4.15.1 - 2019-12-25
• 4.15.0 - 2019-11-29
• 4.14.4 - 2019-11-22
• 4.14.3 - 2019-11-07
• 4.14.2 - 2019-10-23
• 4.14.1 - 2019-08-27

from ioredis GitHub release notes

Commit messages

Package name: ioredis

• e4c9d01 chore(release): 4.28.5 [skip ci]
• f357a31 fix: Reset loaded script hashes to force a reload of scripts after reconnect of redis (Provide high resolution favicon badges/shields#1497)
• c72f242 chore(release): 4.28.4 [skip ci]
• cfb04a0 fix: make sure timers is cleared on exit ([Cauditor] Replace with error message badges/shields#1502)
• bf3bec7 chore(release): 4.28.3 [skip ci]
• 02adca4 fix: fix exceptions on messages of client side cache (Can't make Travis-CI build status badge to indicate specified branch? badges/shields#1479)
• 2939f8a docs: fix API documentation link ([chocolatey powershellgallery] add service tests for NuGet v2 services badges/shields#1487)
• 8278ec0 test: set up GitHub actions for CI (service tests for [cocoapods] badges/shields#1472)
• 61e98b4 chore(release): 4.28.2 [skip ci]
• a9059be chore: disable interface prefix check
• 3030eee docs(README): update Redis title
• 3f3d8e9 fix: add Redis campaign ([GitHub] Downloads per week, month etc. missing badges/shields#1475)
• d1ead14 chore: scanStream TYPE test requires redis 6 (ar badges/shields#1469)
• b817747 chore: add a few typescript types ([npm bountysource cdnjs circleci clojars docker gem homebrew itunes microbadger nexus requires shippable suggest uptimerobot] Service tests for NPM total downloads + invalidJSON helper badges/shields#1471)
• f5d8b73 fix: fix a memory leak with autopipelining. (Badges render inconsistently on mobile badges/shields#1470)
• e5615da fix: unhandled Promise rejections in pipeline.exec [skip ci] (Snap CI is no longer available badges/shields#1466)
• 2ee877e chore(release): 4.28.1 [skip ci]
• 6ad285a fix: handle possible unhandled promise rejection with autopipelining+cluster (Add Windows logo badges/shields#1467)
• 77ad094 docs: Document enableTLSForSentinelMode Option ([UptimeRobot] Test with regex that accepts decimals badges/shields#1448)
• cfb470d docs(README): add Upstash
• aaf2fe6 chore(release): 4.28.0 [skip ci]
• 4680211 feat(tls): add TLS profiles for easier configuration (Bower Badge Not up to Date badges/shields#1441)
• 7a3f78c chore(release): 4.27.11 [skip ci]
• 2728dbe fix: make export interface compatible with jest ([badge/dynamic/json] fix colorscheme on error badges/shields#1445)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs