search

SpamExperts / pyzor

Pyzor is a Python implementation of a spam-blocking networked system that use spam signatures to identify them.
GNU General Public License v2.0
139 stars 31 forks source link

Bump redis from 4.0.2 to 4.5.5 #162

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps redis from 4.0.2 to 4.5.5.

Release notes

Sourced from redis's releases.

4.5.5

Changes

🚀 New Features

  • Add support for CLIENT NO-TOUCH (#2745)
  • Add support for CLUSTER MYSHARDID (#2704)
  • Add "address_remap" feature to RedisCluster (#2726)
  • Add WITHSCORES argument to ZREVRANK command (#2725)
  • Improve error output for master discovery (#2720)

🐛 Bug Fixes

  • Fix XADD: allow non negative maxlen (#2739)
  • Fix create single connection client from url (#2752)
  • Optionally disable disconnects in read_response (#2695)
  • Fix SLOWLOG GET return value (#2732)
  • Fix potential race condition during disconnection (#2719)
  • Return response in case of KeyError (#2628)
  • Fix incorrect usage of once flag in async Sentinel (#2718)
  • Fix memory leak caused by hiredis in asyncio case (#2694)
  • Really do not use asyncio's timeout lib before 3.11.2 (#2699)

🧰 Maintenance

  • Clean PytestUnraisableExceptionWarning from asycio client (#2731)
  • Add RedisCluster.remap_host_port, Update tests for CWE 404 (#2706)
  • Updated AWS Elasticache IAM connection example (#2702)
  • Update CONTRIBUTING guidelines (#2736)
  • Fix ClusterCommandProtocol type (#2729)
  • Fix TOPK list example. (#2724)
  • Improving vector similarity search example (#2661)
  • Update example of Redisearch creating index (#2703)

Contributors

We'd like to thank all the contributors who worked on this release!

@​AYMENJD, @​Anthchirp, @​Avasam, @​NickG123, @​SoulPancake, @​aciddust, @​chayim, @​cristianmatache, @​dvora-h, @​felipou, @​kristjanvalur, @​mirekdlugosz, @​mzdehbashi-github, @​oranav, @​scoopex, @​shacharPash and @​tylerhutcherson

4.5.4

Changes

Upgrade urgency: SECURITY, contains fixes to security issues.

  • (CVE-2023-28859) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.
  • (CVE-2023-28858) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

🐛 Bug Fixes

  • Fixing cancelled async futures (#2666)

... (truncated)

Changelog

Sourced from redis's changelog.

* Fix `xadd` command to accept non-negative `maxlen` including 0
* Revert [#2104](https://github.com/redis/redis-py/issues/2104), [#2673](https://github.com/redis/redis-py/issues/2673), add `disconnect_on_error` option to `read_response()` (issues [#2506](https://github.com/redis/redis-py/issues/2506), [#2624](https://github.com/redis/redis-py/issues/2624))
* Add `address_remap` parameter to `RedisCluster`
* Fix incorrect usage of once flag in async Sentinel
* asyncio: Fix memory leak caused by hiredis ([#2693](https://github.com/redis/redis-py/issues/2693))
* Allow data to drain from async PythonParser when reading during a disconnect()
* Use asyncio.timeout() instead of async_timeout.timeout() for python >= 3.11 ([#2602](https://github.com/redis/redis-py/issues/2602))
* Add test and fix async HiredisParser when reading during a disconnect() ([#2349](https://github.com/redis/redis-py/issues/2349))
* Use hiredis-py pack_command if available.
* Support `.unlink()` in ClusterPipeline
* Simplify synchronous SocketBuffer state management
* Fix string cleanse in Redis Graph
* Make PythonParser resumable in case of error ([#2510](https://github.com/redis/redis-py/issues/2510))
* Add `timeout=None` in `SentinelConnectionManager.read_response`
* Documentation fix: password protected socket connection ([#2374](https://github.com/redis/redis-py/issues/2374))
* Allow `timeout=None` in `PubSub.get_message()` to wait forever
* add `nowait` flag to `asyncio.Connection.disconnect()`
* Update README.md links
* Fix timezone handling for datetime to unixtime conversions
* Fix start_id type for XAUTOCLAIM
* Remove verbose logging from cluster.py
* Add retry mechanism to async version of Connection
* Compare commands case-insensitively in the asyncio command parser
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml ([#1988](https://github.com/redis/redis-py/issues/1988)). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster & change default target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub, ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio ([#2065](https://github.com/redis/redis-py/issues/2065))
* Fix auth bug when provided with no username ([#2086](https://github.com/redis/redis-py/issues/2086))
* Fix missing ClusterPipeline._lock ([#2189](https://github.com/redis/redis-py/issues/2189))
* Added dynaminc_startup_nodes configuration to RedisCluster
* Fix reusing the old nodes' connections when cluster topology refresh is being done
* Fix RedisCluster to immediately raise AuthenticationError without a retry
* ClusterPipeline Doesn't Handle ConnectionError for Dead Hosts ([#2225](https://github.com/redis/redis-py/issues/2225))
* Remove compatibility code for old versions of Hiredis, drop Packaging dependency
* The `deprecated` library is no longer a dependency
* Failover handling improvements for RedisCluster and Async RedisCluster ([#2377](https://github.com/redis/redis-py/issues/2377))
* Fixed "cannot pickle '_thread.lock' object" bug ([#2354](https://github.com/redis/redis-py/issues/2354), [#2297](https://github.com/redis/redis-py/issues/2297))
* Added CredentialsProvider class to support password rotation
* Enable Lock for asyncio cluster mode
* Fix Sentinel.execute_command doesn't execute across the entire sentinel cluster bug ([#2458](https://github.com/redis/redis-py/issues/2458))
* Added a replacement for the default cluster node in the event of failure ([#2463](https://github.com/redis/redis-py/issues/2463))
* Fix for Unhandled exception related to self.host with unix socket ([#2496](https://github.com/redis/redis-py/issues/2496))
* Improve error output for master discovery 
* Make `ClusterCommandsProtocol` an actual Protocol

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
jbnable commented 1 year ago

Logo Checkmarx One – Scan Summary & Detailse3f4aa04-524a-40a0-bd55-e8c55a321e81

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-30861 Python-Flask-1.1.2 Vulnerable Package
dependabot[bot] commented 1 year ago

Superseded by #163.