Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

Bump redis from 4.3.4 to 4.4.4 #187

Merged
merged 1 commit into from
Nov 9, 2023
Merged

Bump redis from 4.3.4 to 4.4.4 #187

merged 1 commit into from
Nov 9, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 4, 2023
edited
Loading

Bumps redis from 4.3.4 to 4.4.4.

Release notes

Sourced from redis's releases.

4.4.4

Changes

Upgrade urgency: SECURITY, contains fixes to security issues.

  • (CVE-2023-28859) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.
  • (CVE-2023-28858) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

🐛 Bug Fixes

  • Fixing cancelled async futures (#2671 )

4.4.3

Changes

Update urgency: HIGH: There is a critical bug that may affect a subset of users. Upgrade!

🐛 Bug Fixes

4.4.2

Changes

Note: this release include #2548 and it is suggested that users upgrade immediately.

🧪 Experimental Features

  • Add support for BF.CARD (#2545)

🚀 New Features

  • Add support for custom connection pool class in NodesManager (#2547)

🐛 Bug Fixes

  • Allow replica to master promotion in nodes_cache (#2549)
  • Security Fix: Updating graph parser for potential injection cases (#2548)

Contributors

We'd like to thank all the contributors who worked on this release!

@​Threated, @​dvora-h, @​shacharPash and @​zakaf

4.4.1

Changes

🚀 New Features

  • Add dialect to FT.AGGREGATE (#2537)

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 4, 2023
@aaronwilliamsv1 aaronwilliamsv1 mentioned this pull request Nov 3, 2023
Closed
@aaronwilliamsv1 aaronwilliamsv1 force-pushed the dependabot-pip-redis-4.4.4 branch from 12560c6 to 85eaf7a Compare November 3, 2023 14:56
@tferns
Copy link
Contributor

tferns commented Nov 9, 2023

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot-pip-redis-4.4.4 branch from 85eaf7a to b8b8678 Compare November 9, 2023 11:43
@AbuNavsa
Copy link

AbuNavsa commented Nov 9, 2023

@dependabot recreate

@dependabot
Bump redis from 4.3.4 to 4.4.4
e420c06 
Bumps [redis](https://github.com/redis/redis-py) from 4.3.4 to 4.4.4.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.3.4...v4.4.4)

---
updated-dependencies:
- dependency-name: redis
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot-pip-redis-4.4.4 branch from b8b8678 to e420c06 Compare November 9, 2023 13:38
@tferns tferns force-pushed the dependabot-pip-redis-4.4.4 branch from 80482b6 to e420c06 Compare November 9, 2023 14:34
aaronwilliamsv1
aaronwilliamsv1 approved these changes Nov 9, 2023
View reviewed changes
Copy link
Contributor

@aaronwilliamsv1 aaronwilliamsv1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@srh-sloan srh-sloan merged commit 42d4bd9 into main Nov 9, 2023
@srh-sloan srh-sloan deleted the dependabot-pip-redis-4.4.4 branch November 9, 2023 14:35
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@srh-sloan srh-sloan srh-sloan approved these changes

@aaronwilliamsv1 aaronwilliamsv1 aaronwilliamsv1 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tferns @AbuNavsa @srh-sloan @aaronwilliamsv1