chore(deps): bump redis from 7.1.0 to 8.0.1#6022
Conversation
Bumps [redis](https://github.com/redis/redis-py) from 7.1.0 to 8.0.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v7.1.0...v8.0.1) --- updated-dependencies: - dependency-name: redis dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
rtibblesbot
left a comment
There was a problem hiding this comment.
Dependabot bump of redis (production, via django-redis cache backend and Celery broker/backend) 7.1.0 → 8.0.1 — major version jump (7.x → 8.x, patched to 8.0.1).
- Breaking changes in 8.0.0: RESP3 becomes the default wire protocol (response shapes stay legacy-compatible unless
legacy_responses=False); connection defaults change (socket_timeout/socket_connect_timeoutnow 5s instead of unset, keepalive on by default,max_connectionsdefaults to 100, retries default to 10 with jitter backoff); type-hint-only@overloadchanges; new keyspace-notification classes (additive, unused here). - 8.0.1: bug-fix only (pubsub blocking fix, async cluster/pipeline connection-release fixes, hiredis fd handling) — no new breaking changes.
- Compatibility: project only touches
redis-pythroughdjango_redis.client.DefaultClient(contentcuration/contentcuration/utils/cache.py) using basichget/hset/hdel— none of the changed APIs (async/cluster/pubsub/keyspace-notifications) are used directly. No code changes required. - Peer dependencies: none affected;
django-redisversion unchanged. Unrelated resolver side-effect:google-api-core/googleapis-common-protoslose the[grpc]extra marker in the lockfile, butgrpcio/grpcio-statusremain pinned — not a functional removal. - CI: passing.
One non-blocking item flagged inline on the new socket-timeout defaults.
@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly
How was this generated?
Ran a dependency-update review pipeline over the version bump:
- Classified the bump by semver (patch / minor / major) and dependency type (production vs. development)
- Extracted the changelog and release notes across the version range
- Assessed compatibility with this project's usage and whether any code changes are required
- Treated CI as the primary safety net
- Scaled the review depth to the update's risk
- Chose the verdict from semver risk, changelog findings, and CI status
| # django | ||
| # django-postmark | ||
| redis==7.1.0 | ||
| redis==8.0.1 |
There was a problem hiding this comment.
suggestion: redis-py 8.0.0 changes client defaults so socket_timeout/socket_connect_timeout are now 5s instead of unset (blocking indefinitely). CACHES["default"]["OPTIONS"] in contentcuration/contentcuration/settings.py doesn't override these. CI won't surface this (local/fast Redis), but under real network latency or a loaded Redis instance, a call that previously blocked could now raise TimeoutError after 5s. utils/cache.py already wraps calls with retry/exception handling, so this is likely tolerated gracefully — worth a quick confirmation.
rtibbles
left a comment
There was a problem hiding this comment.
No concerns from changelog, no regressions observed in local test.
Bumps redis from 7.1.0 to 8.0.1.
Release notes
Sourced from redis's releases.
... (truncated)
Commits
7c0fd11Updating lib version to 8.0.1b7a4d7dAvoid per-check fd allocation in hiredis_socket_can_read()— usepoll()...eec778efix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#...08e01bbFixing pubsub's listen method to be blocking. (#4119)3d5257afix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)cce28ffFix hiredis readiness checks for high file descriptors (#4115)e20691cFixed async MultiDBClient with underlying RedisCluster (#4108)ea37fccFix async cluster node connection release on write errors (#4111)f4146faUpdating lib version + supported Redis versions in README.md + updating the R...d47674eBumping github-versions actions (#4102)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)