Bump redis from 4.1.0 to 4.5.4

[dependabot[bot]]

Bumps redis from 4.1.0 to 4.5.4.

Release notes

Sourced from redis's releases.

4.5.4

Changes

Upgrade urgency: SECURITY, contains fixes to security issues.

• (CVE-2023-28859) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.
• (CVE-2023-28858) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

🐛 Bug Fixes

• Fixing cancelled async futures (#2666)
• Fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
• Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630)

🧰 Maintenance

• Minor fixes for #2666 and enhanced async test (#2673)
• Fix issue 2660: PytestUnraisableExceptionWarning from asycio client (#2669)
• Removing accidentally checked in files (#2642)

Contributors

We'd like to thank all the contributors who worked on this release!

@​bellini666, @​chayim, @​dvora-h, @​shacharPash and @​woutdenolf

4.5.3

Changes

Update urgency: HIGH: There is a critical bug that may affect a subset of users. Upgrade!

🐛 Bug Fixes

• CWE-404 AsyncIO Race Condition Fix (#2624, #2579)

4.5.2

Changes

🚀 New Features

• Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588)
• Added queue_class to REDIS_ALLOWED_KEYS (#2577)
• Made search document subscriptable (#2615)
• Sped up the protocol parsing (#2596)

🐛 Bug Fixes

• Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582)
• Replace async_timeout by asyncio.timeout (#2602)
• Update json().arrindex() default values (#2611)

... (truncated)

Changelog

Sourced from redis's changelog.

* Allow data to drain from async PythonParser when reading during a disconnect()
* Use asyncio.timeout() instead of async_timeout.timeout() for python >= 3.11 ([#2602](https://github.com/redis/redis-py/issues/2602))
* Add test and fix async HiredisParser when reading during a disconnect() ([#2349](https://github.com/redis/redis-py/issues/2349))
* Use hiredis-py pack_command if available.
* Support `.unlink()` in ClusterPipeline
* Simplify synchronous SocketBuffer state management
* Fix string cleanse in Redis Graph
* Make PythonParser resumable in case of error ([#2510](https://github.com/redis/redis-py/issues/2510))
* Add `timeout=None` in `SentinelConnectionManager.read_response`
* Documentation fix: password protected socket connection ([#2374](https://github.com/redis/redis-py/issues/2374))
* Allow `timeout=None` in `PubSub.get_message()` to wait forever
* add `nowait` flag to `asyncio.Connection.disconnect()`
* Update README.md links
* Fix timezone handling for datetime to unixtime conversions
* Fix start_id type for XAUTOCLAIM
* Remove verbose logging from cluster.py
* Add retry mechanism to async version of Connection
* Compare commands case-insensitively in the asyncio command parser
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml ([#1988](https://github.com/redis/redis-py/issues/1988)). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster & change default target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub, ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio ([#2065](https://github.com/redis/redis-py/issues/2065))
* Fix auth bug when provided with no username ([#2086](https://github.com/redis/redis-py/issues/2086))
* Fix missing ClusterPipeline._lock ([#2189](https://github.com/redis/redis-py/issues/2189))
* Added dynaminc_startup_nodes configuration to RedisCluster
* Fix reusing the old nodes' connections when cluster topology refresh is being done
* Fix RedisCluster to immediately raise AuthenticationError without a retry
* ClusterPipeline Doesn't Handle ConnectionError for Dead Hosts ([#2225](https://github.com/redis/redis-py/issues/2225))
* Remove compatibility code for old versions of Hiredis, drop Packaging dependency
* The `deprecated` library is no longer a dependency
* Failover handling improvements for RedisCluster and Async RedisCluster ([#2377](https://github.com/redis/redis-py/issues/2377))
* Fixed "cannot pickle '_thread.lock' object" bug ([#2354](https://github.com/redis/redis-py/issues/2354), [#2297](https://github.com/redis/redis-py/issues/2297))
* Added CredentialsProvider class to support password rotation
* Enable Lock for asyncio cluster mode
* Fix Sentinel.execute_command doesn't execute across the entire sentinel cluster bug ([#2458](https://github.com/redis/redis-py/issues/2458))
* Added a replacement for the default cluster node in the event of failure ([#2463](https://github.com/redis/redis-py/issues/2463))
* Fix for Unhandled exception related to self.host with unix socket ([#2496](https://github.com/redis/redis-py/issues/2496))

• 4.1.3 (Feb 8, 2022)
  • Fix flushdb and flushall (#1926)
  • Add redis5 and redis4 dockers (#1871)
  • Change json.clear test multi to be up to date with redisjson (#1922)
  • Fixing volume for unstable_cluster docker (#1914)
  • Update changes file with changes since 4.0.0-beta2 (#1915)
• 4.1.2 (Jan 27, 2022)

... (truncated)

Commits

• e1017fd Version 4.5.4 (#2674)
• ef3f086 Fix async (#2673)
• 5acbde3 Fixing cancelled async futures (#2666)
• 6d886d7 Fix issue 2660: PytestUnraisableExceptionWarning from asycio client (#2669)
• 326bb1c removing useless files (#2642)
• 4856813 UnixDomainSocketConnection missing constructor argument (#2630)
• 4802530 fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
• 66a4d6b AsyncIO Race Condition Fix (#2641)
• 318b114 Version 4.5.2 (#2627)
• 1b2f408 Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)