Skip to content

chore(deps): bump ioredis to 5.11.1 via override (dedupe bullmq's pin) #197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
agjs merged 1 commit into from
Jun 19, 2026
Merged

chore(deps): bump ioredis to 5.11.1 via override (dedupe bullmq's pin) #197

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 5 additions & 8 deletions apps/api/bun.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions apps/api/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@
"elysia-rate-limit": "4.6.2",
"fs-extra": "11.3.5",
"handlebars": "4.7.9",
"ioredis": "5.10.1",
"ioredis": "5.11.1",
"nodemailer": "9.0.1",
"openai": "6.42.0",
"otpauth": "9.5.1",
Expand Down Expand Up @@ -127,10 +127,12 @@
"//overrides": {
"_": "Why these transitive deps are pinned. Keep each entry in sync with the matching `overrides` key — enforced by the package-override-parity lint-meta rule.",
"@typescript-eslint/utils": "Single @typescript-eslint/utils resolution across the workspace so the shared @boring-stack-pkg ESLint plugins all load the same utils version. The UI and docs apps mirror this exact pin; a mismatch makes the custom plugins resolve divergent utils copies and fail to load.",
"form-data": "Pin patched form-data (GHSA-hmw2-7cc7-3qxx CRLF injection via unescaped multipart field names); 4.0.5 is vulnerable, 4.0.6 patches it. Pulled in transitively via @sendgrid/mail -> @sendgrid/client -> axios. Excluded from the install quarantine while <7 days old."
"form-data": "Pin patched form-data (GHSA-hmw2-7cc7-3qxx CRLF injection via unescaped multipart field names); 4.0.5 is vulnerable, 4.0.6 patches it. Pulled in transitively via @sendgrid/mail -> @sendgrid/client -> axios. Excluded from the install quarantine while <7 days old.",
"ioredis": "Force a single ioredis resolution across the tree. bullmq 5.78.0 exact-pins ioredis@5.10.1, so bumping the top-level dep to 5.11.1 otherwise leaves bullmq on its own nested 5.10.1 copy — two ioredis instances whose RedisOptions types are structurally incompatible (tsc fails on new Redis(options) calls). This override collapses bullmq's nested copy onto 5.11.1 too; 5.10.1 -> 5.11.1 is a semver patch and the Redis/BullMQ integration tests verify runtime compatibility. Drop this once bullmq advances its own ioredis pin."
},
"overrides": {
"@typescript-eslint/utils": "8.61.0",
"form-data": "4.0.6"
"form-data": "4.0.6",
"ioredis": "5.11.1"
}
}
Loading