[Snyk] Security upgrade bee-queue from 1.2.2 to 1.4.2

[icebob]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/moleculer-bee-queue/package.json
  • packages/moleculer-bee-queue/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bee-queue

The new version differs by 138 commits.

• 21eafbe chore(release): 1.4.2 [skip ci]
• 445521b fix: require redis v3 (#546)
• 4cb0a15 chore(deps-dev): bump eslint from 7.25.0 to 8.28.0 (#537)
• 0702723 chore(release): 1.4.1 [skip ci]
• 657eb1f fix: If the brpoplpush commands fails, wait before retrying (#162)
• 41710a8 chore(deps): bump minimist and mkdirp (#544)
• 2035dba chore(deps-dev): bump @ commitlint/config-conventional (#543)
• b36ff7d chore(deps-dev): bump @ semantic-release/release-notes-generator (#540)
• fb9b35e chore(deps-dev): bump eslint-plugin-prettier from 3.4.0 to 3.4.1 (#541)
• f3a48c5 chore(deps-dev): bump semver from 7.3.5 to 7.3.8 (#539)
• 53eabc7 chore(deps-dev): bump conventional-changelog-conventionalcommits (#538)
• 251c37f chore(deps-dev): bump @ semantic-release/git from 9.0.0 to 9.0.1 (#536)
• 585f2af chore(deps): bump ssri from 6.0.1 to 6.0.2 (#533)
• 7c1d18c chore(deps): bump normalize-url from 5.3.0 to 5.3.1 (#531)
• 0c9f472 chore(deps): bump npm-user-validate from 1.0.0 to 1.0.1 (#532)
• 6693472 chore(deps-dev): bump semantic-release from 17.4.2 to 17.4.7 (#509)
• c6589f6 chore(deps): bump node-fetch from 2.6.1 to 2.6.7 (#492)
• 1acbf16 chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#529)
• 42374a8 chore(deps): bump tar from 4.4.13 to 4.4.19 (#494)
• 20c9813 chore(deps): bump trim-off-newlines from 1.0.1 to 1.0.3 (#493)
• cab3bc0 chore(deps): bump semver-regex from 3.1.2 to 3.1.4 (#491)
• e1b847d chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.5.0 (#475)
• 840a979 chore(deps): bump path-parse from 1.0.6 to 1.0.7 (#432)
• 8f7aea9 chore(deps-dev): bump @ semantic-release/github from 7.2.0 to 7.2.3 (#408)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)