chore(deps): update dependency sidekiq to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sidekiq (source, changelog)	'~> 6.5', '>= 6.5.12' -> '~> 7.3', '>= 7.3.7'

---

Release Notes

sidekiq/sidekiq (sidekiq)

v7.3.7

Compare Source

• Backport Sidekiq::Web.configure for compatibility with 8.0 [#​6532]
• Backport url_params(key) and route_params(key) for compatibility with 8.0 [#​6532]
• Various fixes for UI filtering [#​6508]
• Tune inspect for internal S::Components to keep size managable [#​6553]

v7.3.6

Compare Source

• Forward compatibility fixes for Ruby 3.4
• Filtering in the Web UI now works via GET so you can bookmark a filtered view. [#​6497]

v7.3.5

• Reimplement retry_all and kill_all API methods to use ZPOPMIN,
  approximately 30-60% faster. [#​6481]
• Add preload testing binary at examples/testing/sidekiq_boot to verify your Rails app boots correctly with Sidekiq Enterprise's app preloading.
• Fix circular require with ActiveJob adapter [#​6477]
• Fix potential race condition leading to incorrect serialized values for CurrentAttributes [#​6475]
• Restore missing elapsed time when default job logging is disabled

v7.3.4

• Fix FrozenError when starting Sidekiq [#​6470]

v7.3.3

Compare Source

• Freeze global configuration once boot is complete, to avoid configuration race conditions [#​6466, #​6465]
• Sidekiq now warns if a job iteration takes longer than the -t timeout setting (defaults to 25 seconds)
• Iteration callbacks now have easy access to job arguments via the arguments method:

def on_stop
  p arguments # => `[123, "string", {"key" => "value"}]`
  id, str, hash = arguments
end

• Iterable jobs can be cancelled via Sidekiq::Client#cancel!:

c = Sidekiq::Client.new
jid = c.push("class" => SomeJob, "args" => [123])
c.cancel!(jid) # => true

• Take over support for ActiveJob's :sidekiq adapter [#​6430, fatkodima]
• Ensure CurrentAttributes are in scope when creating batch callbacks [#​6455]
• Add Sidekiq.gem_version API.
• Update Ukranian translations

v7.3.2

Compare Source

• Adjust ActiveRecord batch iteration to restart an interrupted batch from the beginning.
  Each batch should be processed as a single transaction in order to be idempotent. [#​6405]
• Fix typo in S::DeadSet#kill [#​6397]
• Fix CSS issue with bottom bar in Web UI [#​6414]

v7.3.1

Compare Source

• Don't count job interruptions as failures in metrics [#​6386]
• Add frozen string literal to a number of .rb files.
• Fix frozen string error with style_tag and script_tag [#​6371]
• Fix an error on Ruby 2.7 because of usage of Hash#except [#​6376]

v7.3.0

Compare Source

• NEW FEATURE Add Sidekiq::IterableJob, iteration support for long-running jobs. [#​6286, fatkodima]
  Iterable jobs are interruptible and can restart quickly if
  running during a deploy. You must ensure that each_iteration
  doesn't take more than Sidekiq's -t timeout (default: 25 seconds). Iterable jobs must not implement perform.

class ProcessArrayJob
  include Sidekiq::IterableJob
  def build_enumerator(*args, **kwargs)
    array_enumerator(args, **kwargs)
  end
  def each_iteration(arg)
    puts arg
  end
end
ProcessArrayJob.perform_async(1, 2, 3)

See the Iteration wiki page and the RDoc in Sidekiq::IterableJob.
This feature should be considered BETA until the next minor release.

• SECURITY The Web UI no longer allows extensions to use <script>.
  Adjust CSP to disallow inline scripts within the Web UI. Please see
  examples/webui-ext for how to register Web UI extensions and use
  dynamic CSS and JS. This will make Sidekiq immune to XSS attacks. [#​6270]
• Add config option, :skip_default_job_logging to disable Sidekiq's default
  start/finish job logging. [#​6200]
• Allow Sidekiq::Limiter.redis to use Redis Cluster [#​6288]
• Retain CurrentAttributeѕ after inline execution [#​6307]
• Ignore non-existent CurrentAttributes attributes when restoring [#​6341]
• Raise default Redis {read,write,connect} timeouts from 1 to 3 seconds
  to minimize ReadTimeoutErrors [#​6162]
• Add logger as a dependency since it will become bundled in Ruby 3.5 [#​6320]
• Ignore unsupported locales in the Web UI [#​6313]

v7.2.4

Compare Source

• Fix XSS in metrics filtering introduced in 7.2.0, CVE-2024-32887
  Thanks to @​UmerAdeemCheema for the security report.

v7.2.3

Compare Source

• Support Dragonfly.io as an alternative Redis implementation
• Fix error unpacking some compressed error backtraces [#​6241]
• Fix potential heartbeat data leak [#​6227]
• Add ability to find a currently running work by jid [#​6212, fatkodima]

v7.2.2

Compare Source

• Add Process.warmup call in Ruby 3.3+
• Batch jobs now skip transactional push [#​6160]

v7.2.1

Compare Source

• Add Sidekiq::Work type which replaces the raw Hash as the third parameter in
  Sidekiq::WorkSet#each { |pid, tid, hash| ... } [#​6145]
• DEPRECATED: direct access to the attributes within the hash block parameter above.
  The Sidekiq::Work instance contains accessor methods to get at the same data, e.g.

work["queue"] # Old
work.queue # New

• Fix Ruby 3.3 warnings around base64 gem [#​6151, earlopain]

v7.2.0

Compare Source

• sidekiq_retries_exhausted can return :discard to avoid the deadset
  and all death handlers [#​6091]
• Metrics filtering by job class in Web UI [#​5974]
• Better readability and formatting for numbers within the Web UI [#​6080]
• Add explicit error if user code tries to nest test modes [#​6078]

Sidekiq::Testing.inline! # global setting
Sidekiq::Testing.fake! do # override within block

v7.1.6

Compare Source

• The block forms of testing modes (inline, fake) are now thread-safe so you can have
  a multithreaded test suite which uses different modes for different tests. [#​6069]
• Fix breakage with non-Proc error handlers [#​6065]

v7.1.5

Compare Source

• FEATURE: Job filtering within the Web UI. This feature has been open
  sourced from Sidekiq Pro. [#​6052]
• API CHANGE Error handlers now take three arguments ->(ex, context, config).
  The previous calling convention will work until Sidekiq 8.0 but will print
  out a deprecation warning. [#​6051]
• Fix issue with the batch_size and at options in S::Client.push_bulk [#​6040]
• Fix inline testing firing batch callbacks early [#​6057]
• Use new log broadcast API in Rails 7.1 [#​6054]
• Crash if user tries to use RESP2 protocol: 2 [#​6061]

v7.1.4

Compare Source

• Fix empty retry_for logic [#​6035]

v7.1.3

Compare Source

• Add sidekiq_options retry_for: 48.hours to allow time-based retry windows [#​6029]
• Support sidekiq_retry_in and sidekiq_retries_exhausted_block in ActiveJobs (#​5994)
• Lowercase all Rack headers for Rack 3.0 [#​5951]
• Validate Sidekiq::Web page refresh delay to avoid potential DoS,
  CVE-2023-26141, thanks for reporting Keegan!

v7.1.2

Compare Source

• Mark Web UI assets as private so CDNs won't cache them [#​5936]
• Fix stackoverflow when using Oj and the JSON log formatter [#​5920]
• Remove spurious enqueued_at from scheduled ActiveJobs [#​5937]

v7.1.1

Compare Source

• Support multiple CurrentAttributes [#​5904]
• Speed up latency fetch with large queues on Redis <7 [#​5910]
• Allow a larger default client pool [#​5886]
• Ensure Sidekiq.options[:environment] == RAILS_ENV [#​5932]

v7.1.0

Compare Source

• Improve display of ActiveJob arguments in Web UI [#​5825, cover]
• Update push_bulk to push batch_size jobs at a time and allow laziness [#​5827, fatkodima]
  This allows Sidekiq::Client to push unlimited jobs as long as it has enough memory for the batch_size.
• Update perform_bulk to use push_bulk internally.
• Change return value of push_bulk to map 1-to-1 with arguments.
  If you call push_bulk(args: [[1], [2], [3]]), you will now always get
  an array of 3 values as the result: ["jid1", nil, "jid3"] where nil means
  that particular job did not push successfully (possibly due to middleware
  stopping it). Previously nil values were removed so it was impossible to tell
  which jobs pushed successfully and which did not.
• Migrate away from all deprecated Redis commands [#​5788]
  Sidekiq will now print a warning if you use one of those deprecated commands.
• Prefix all Sidekiq thread names [#​5872]

v7.0.9

Compare Source

• Restore confirmation dialogs in Web UI [#​5881, shevaun]
• Increase fetch timeout to minimize ReadTimeoutError [#​5874]
• Reverse histogram tooltip ordering [#​5868]
• Add Scottish Gaelic (gd) locale [#​5867, GunChleoc]

v7.0.8

Compare Source

• SECURITY Sanitize period input parameter on Metrics pages.
  Specially crafted values can lead to XSS. This functionality
  was introduced in 7.0.4. Thank you to spercex @​ huntr.dev [#​5694]
• Add job hash as 3rd parameter to the sidekiq_retry_in block.

v7.0.7

Compare Source

• Fix redis-client API usage which could result in stuck Redis
  connections [#​5823]
• Fix AS::Duration with sidekiq_retry_in [#​5806]
• Restore dumping config options on startup with -v [#​5822]

v7.0.6

Compare Source

• More context for debugging json unsafe errors [#​5787]

v7.0.5

Compare Source

• More context for debugging json unsafe errors [#​5787]

v7.0.4

Compare Source

• Performance and memory optimizations [#​5768, fatkodima]
• Add 1-8 hour period selector to Metrics pages [#​5694]
• Fix process display with sidekiqmon [#​5733]

v7.0.3

Compare Source

• Don't warn about memory policy on Redis Enterprise [#​5712]
• Don't allow Quiet/Stop on embedded Sidekiq instances [#​5716]
• Fix size: X for configuring the default Redis pool size [#​5702]
• Improve the display of queue weights on Busy page [#​5642]
• Freeze CurrentAttributes on a job once initially set [#​5692]

v7.0.2

Compare Source

• Improve compatibility with custom loggers [#​5673]
• Add queue weights on Busy page [#​5640]
• Add BID link on job_info page if job is part of a Batch [#​5623]
• Allow custom extensions to add rows/links within Job detail pages [#​5624]

Sidekiq::Web.custom_job_info_rows << AddAccountLink.new

class AddAccountLink
  include CGI::Util
  def add_pair(job)

### yield a (name, value) pair
### You can include HTML tags and CSS, Sidekiq does not do any

### escaping so beware user data injection! Note how we use CGI's
### `h` escape helper.
    aid = job["account_id"]
    yield "Account", "<a href='/accounts/#{h aid}'>#{h aid}</a>" if aid
  end
end

v7.0.1

Compare Source

• Allow an embedding process to reuse its own heartbeat thread
• Update zh-cn localization

v7.0.0

Compare Source

• Embedded mode!
• Capsules!!
• Job Execution metrics!!!
• See docs/7.0-Upgrade.md for release notes

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.92%. Comparing base (1bfe253) to head (4071fd0).

Additional details and impacted files

@@           Coverage Diff            @@
##           staging     #445   +/-   ##
========================================
  Coverage    99.92%   99.92%           
========================================
  Files          203      203           
  Lines         2714     2714           
========================================
  Hits          2712     2712           
  Misses           2        2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.