[Security] package updates #296

eatyourgreens · 2024-01-11T10:34:38Z

Updates for outdated packages, including a security patch for host spoofing in follow-redirects, in the NewRelic client.

Bumps [newrelic](https://github.com/newrelic/node-newrelic) from 11.5.0 to 11.9.0. - [Release notes](https://github.com/newrelic/node-newrelic/releases) - [Changelog](https://github.com/newrelic/node-newrelic/blob/main/changelog.json) - [Commits](newrelic/node-newrelic@v11.5.0...v11.9.0) --- updated-dependencies: - dependency-name: newrelic dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@sentry/node](https://github.com/getsentry/sentry-javascript) from 7.81.1 to 7.93.0. - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.81.1...7.93.0) --- updated-dependencies: - dependency-name: "@sentry/node" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [redis](https://github.com/redis/node-redis) from 4.6.11 to 4.6.12. - [Release notes](https://github.com/redis/node-redis/releases) - [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/node-redis/compare/redis@4.6.11...redis@4.6.12) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 7.1.4 to 7.1.5. - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v7.1.4...v7.1.5) --- updated-dependencies: - dependency-name: express-rate-limit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

- Bump `redis`. - Bump `newrelic`. - Bump `@sentry/browser`.

shaunanoordin

PR Review

This seems like a fairly straightforward dependency bump for sugar.

Dependabot is bumping newrelic, @sentry/node, redis, express-rate-limit, and github/codeql-action
Our CodeQL workflow is accordingly updated to use the newest version of codeql.

LGTM 👍

dependabot bot added 5 commits January 11, 2024 10:11

eatyourgreens force-pushed the security-package-updates branch 2 times, most recently from 0dec393 to 45fc242 Compare January 15, 2024 16:25

Bump outdated packages

3f37127

- Bump `redis`. - Bump `newrelic`. - Bump `@sentry/browser`.

shaunanoordin approved these changes Feb 5, 2024

View reviewed changes

shaunanoordin merged commit 2036cf1 into zooniverse:master Feb 5, 2024
4 checks passed

eatyourgreens deleted the security-package-updates branch February 5, 2024 13:34