[Snyk] Upgrade ioredis from 4.16.3 to 4.28.5

[WontonSam]

Snyk has created this PR to upgrade ioredis from 4.16.3 to 4.28.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 42 versions ahead of your current version.

• The recommended version was released on 2 years ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-IOREDIS-1567196	128	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	128	Proof of Concept

Release notes

Package name: ioredis

• 4.28.5 - 2022-02-06
  

  4.28.5 (2022-02-06)

  Bug Fixes

  • Reset loaded script hashes to force a reload of scripts after reconnect of redis (#1497) (f357a31)
• 4.28.4 - 2022-02-02
  

  4.28.4 (2022-02-02)

  Bug Fixes

  • make sure timers is cleared on exit (#1502) (cfb04a0)
• 4.28.3 - 2022-01-11
  

  4.28.3 (2022-01-11)

  Bug Fixes

  • fix exceptions on messages of client side cache (#1479) (02adca4)
• 4.28.2 - 2021-12-01
  

  4.28.2 (2021-12-01)

  Bug Fixes

  • add Redis campaign (#1475) (3f3d8e9)
  • fix a memory leak with autopipelining. (#1470) (f5d8b73)
  • unhandled Promise rejections in pipeline.exec [skip ci] (#1466) (e5615da)
• 4.28.1 - 2021-11-23
  

  4.28.1 (2021-11-23)

  Bug Fixes

  • handle possible unhandled promise rejection with autopipelining+cluster (#1467) (6ad285a), closes #1466
• 4.28.0 - 2021-10-13
  

  4.28.0 (2021-10-13)

  Features

  • tls: add TLS profiles for easier configuration (#1441) (4680211)
• 4.27.11 - 2021-10-11
  

  4.27.11 (2021-10-11)

  Bug Fixes

  • make export interface compatible with jest (#1445) (2728dbe)
• 4.27.10 - 2021-10-04
  

  4.27.10 (2021-10-04)

  Bug Fixes

  • cluster: lazyConnect with pipeline (#1408) (b798107)
• 4.27.9 - 2021-08-30
  

  4.27.9 (2021-08-30)

  Bug Fixes

  • Fix undefined property warning in executeAutoPipeline (#1425) (f898672)
  • improve proto checking for hgetall [skip ci] (#1418) (cba83cb)
• 4.27.8 - 2021-08-18
  

  4.27.8 (2021-08-18)

  Bug Fixes

  • handle malicious keys for hgetall (#1416) (7d73b9d), closes #1267
• 4.27.7 - 2021-08-01
• 4.27.6 - 2021-06-13
• 4.27.5 - 2021-06-05
• 4.27.4 - 2021-06-04
• 4.27.3 - 2021-05-22
• 4.27.2 - 2021-05-04
• 4.27.1 - 2021-04-24
• 4.27.0 - 2021-04-24
• 4.26.0 - 2021-04-08
• 4.25.0 - 2021-04-02
• 4.24.6 - 2021-03-31
• 4.24.5 - 2021-03-27
• 4.24.4 - 2021-03-24
• 4.24.3 - 2021-03-21
• 4.24.2 - 2021-03-14
• 4.24.1 - 2021-03-14
• 4.24.0 - 2021-03-14
• 4.23.1 - 2021-03-14
• 4.23.0 - 2021-02-25
• 4.22.0 - 2021-02-06
• 4.21.0 - 2021-02-06
• 4.20.0 - 2021-02-05
• 4.19.4 - 2020-12-13
• 4.19.3 - 2020-12-13
• 4.19.2 - 2020-10-31
• 4.19.1 - 2020-10-28
• 4.19.0 - 2020-10-23
• 4.18.0 - 2020-07-25
• 4.17.3 - 2020-05-30
• 4.17.2 - 2020-05-30
• 4.17.1 - 2020-05-16
• 4.17.0 - 2020-05-16
• 4.16.3 - 2020-04-21

from ioredis GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.