search

antonioribeiro / health

Laravel Health Panel
BSD 3-Clause "New" or "Revised" License
1.94k stars 198 forks source link

Bump predis/predis from 1.1.1 to 1.1.6 #203

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps predis/predis from 1.1.1 to 1.1.6.

Release notes

Sourced from predis/predis's releases.

Predis v1.1.6

That was fast, but we had a bug in v1.1.5 so we needed to release a fix ASAP.

FIX: reverted support for sentinels authentication implemented in v1.1.5 as it was bugged (see ISSUE #658), sorry for the trouble. This is now postponed as it requires a more thorough investigation.

Predis v1.1.5

Here we have a new patch release!

NOTE: We are still missing handlers for commands added in Redis 4, 5 and 6. We will get on par eventually, in the meanwhile you can define your own ones or use Predis\Client::executeRaw(). Read this post for details about how to properly implement support for new commands if you would like to add missing ones and share your work with us by creating pull requests, contributions are always greatly appreciated!

  • NOTE intentionally commented out, please read the release notes for v1.1.6 FIX: authentication for sentinels is now supported, previously it was not possible to specify a password for sentinels as its value was stripped during initialization because sentinels did not support authentication until Redis 5. Please note that with the current implementation each sentinel must have its own password parameter set in the parameters list despite this password is the same for all sentinels (read how requirepass works on the Redis docs). In this case you should avoid using the global parameters client option used to set default parameters for every connection created by Predis as this would end up using the same password even when connecting to actual Redis nodes. We are investiganting how to make it easier to specify the required password to access sentinels only once instead of repeating it for each sentinel.

  • FIX: the username is now correctly retrieved from the userinfo fragment of the URI when using the redis scheme and a username:password pair is present. Values retrieved from the userinfo fragment always override the ones specified in username and password if those fields are present in the query string.

  • FIX: Predis\Connection\WebdisConnection was unable to connect to Webdis when using an IPv4 address in the URL and this is probably due to some change in cURL internals since the last time we tested it.

  • FIX: an exception is thrown when passing FALSE or any value evaluating to FALSE to the replication client option. This was supposed to be unsupported, in fact it actually breaks client initialization and raises a PHP warning. Now the user is alerted with an InvalidArgumentException and a proper message. (PR #381).

Predis v1.1.4

Here is a new patch release for v1.1 with more improvements and fixes.

NOTE: We are still missing handlers for commands added in Redis 4, 5 and 6. We will get on par eventually, in the meanwhile you can define your own ones or use Predis\Client::executeRaw(). Read this post for details about how to properly implement support for new commands if you would like to add missing ones and share your work with us by creating pull requests, contributions are always greatly appreciated!

  • The client can now handle ACL authentication when connecting to Redis 6, just pass both username and password to connection parameters and Predis switches to using the augmented variant of AUTH:

    // When using an URI string for parameters:
$client = new Predis\Client('tcp://127.0.0.1?username=myuser&password=mypassword');

    // When using a named array for parameters:
$client = new Predis\Client([
'username' => 'myuser',
'password' => 'mypassword',
]);

    As usual Redis servers protected only by a password can still be accessed with just the password parameter. See the Redis documentation for more details about Redis ACLs.

  • FIX: NULL or zero-length string values in password and database do not trigger spurious AUTH and SELECT commands anymore when connecting to Redis.

    // Won't trigger `AUTH` and `SELECT`:
$client = new Predis\Client('tcp://127.0.0.1?password=&database=');

    // Won't trigger AUTH and SELECT:
$client = new Predis\Client([
'password' => null,
'database' => '',
]);

Changelog

Sourced from predis/predis's changelog.

v1.1.6 (2020-09-11)

  • FIX: reverted support for sentinels authentication implemented in v1.1.5 as it was bugged (see ISSUE #658), sorry for the trouble. This is now postponed as it requires a more thorough investigation.

v1.1.5 (2020-09-10)

  • FIX:authentication for sentinels is now supported, previously it was not possible to specify a password for sentinels as its value was stripped during initialization because sentinels did not support authentication until Redis 5. Please note that with the current implementation each sentinel must have its own password parameter set in the parameters list despite this password is the same for all sentinels (read how requirepass works on the Redis docs). In this case you should avoid using the global parameters client option used to set default parameters for every connection created by Predis as this would end up using the same password even when connecting to actual Redis nodes.

  • FIX: the username is now correctly retrieved from the userinfo fragment of the URI when using the "redis" scheme and a "username:password" pair is present. Values retrieved from the userinfo fragment always override the ones specified in username and password if those fields are present in the query string.

  • FIX: Predis\Connection\WebdisConnection was unable to connect to Webdis when using an IPv4 address in the URL and this is probably due to some change in cURL internals since the last time we tested it.

  • FIX: an exception is thrown whe passing FALSE or any value evaluating to FALSE to the replication client option. This was supposed to be unsupported, in fact it actually breaks client initialization and raises a PHP warning. Now the user is alerted with an InvalidArgumentException and a proper message. (PR #381).

v1.1.4 (2020-08-31)

  • Improved @method annotations for methods responding to Redis commands defined by Predis\ClientInterface and Predis\ClientContextInterface. (PR #456 and PR #497, other fixes applied after further analysys).

  • FIX: the client can now handle ACL authentication when connecting to Redis 6.x simply by passing both username and password to connection parameters. See the Redis docs for details on this topic.

  • FIX: NULL or zero-length string values passed to password and database in the connection parameters list do not trigger spurious AUTH and SELECT

Commits
  • 9930e93 Update CHANGELOG and bump VERSION.
  • 16957f3 Revert support for redis-sentinel authentication.
  • 9e5371f Back to development.
  • 8ca99f9 Update CHANGELOG and bump VERSION (v1.1.5)
  • c778843 Fix zrevrangebyscore pipeline annotation
  • dca2012 Fix CHANGELOG for broken Markdown rendering.
  • 2e76410 Support password-based authentication for sentinel instances.
  • ca468b7 Throw exception on FALSE passed to "replication" option.
  • 4a7fb55 [tests] Add utility method to skip tests on CI environment.
  • fdf663e Fix WebdisConnection with IPv4 hosts.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 3 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.