Skip to content

Add support to sidekiq `~ 7.1`

Issue

Sidekiq 6.1 has a CVE and the fixes are only available in the 7.1 series. Here is the CVE link: https://nvd.nist.gov/vuln/detail/CVE-2023-26141

Here is bundler-audit notice:

Name: sidekiq
Version: 6.5.9
CVE: CVE-2023-26141
GHSA: GHSA-3qc2-v3hp-6cv8
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2023-26141
Title: sidekiq Denial of Service vulnerability
Solution: upgrade to '>= 7.1.3'

For consideration

Is it possible Sidekiq already uses LMOVE so this gem is now unnecessary? I have found this comment where Sidekiq is now using LMOVE: https://github.com/sidekiq/sidekiq/issues/5788#issuecomment-1736298208

Edited by Helio Cola