chore(deps)(deps): update redis requirement from <7.0.0,>=6.4.0 to >=7.4.1,<8.0.0 in /nodes/src/nodes#1155
Conversation
Updates the requirements on [redis](https://github.com/redis/redis-py) to permit the latest version. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v6.4.0...v7.4.1) --- updated-dependencies: - dependency-name: redis dependency-version: 7.4.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
area: nodes
dependabot
Bot
requested review from
Rod-Christensen,
jmaionchi and
stepmikhaylov
as code owners
dependabot
Bot
added
dependencies
🤖 Internal: Discord sync markerAuto-managed by the Discord notification workflow. Stores the linked Discord message ID. Do not edit or delete. |
…e path) Extends the pip ignore list with three deps that have repeatedly hit the requirement-update path and required manual audit work each time: - openai — #910 (1→2, audited May 2026; #981 was the re-roll; #1154 is the current 2.38→2.41 ask). The llm_vision_openai node has been audited per-bump because v2 changed the chat completions / responses surface. - cohere — #948 (5→6, audited May 2026; #1156 is the 6.1→7 ask). rerank_cohere needs ClientV2 + error class re-verification on each major. - redis — #949 (5→6, audited May 2026; #1155 is the 6.4→7.4 ask). memory_persistent uses the standard command surface; usually safe but warrants a smoke against a real Redis. Same pattern as the existing elasticsearch (#839) and google-genai (#857) entries — these slip past the semver-major ignore because they're requirement-update PRs (Dependabot rewriting `>=X,<Y` to a higher Y) not version-update PRs, and the semver-major ignore only catches `version-update:semver-major`. Bringing these in becomes an explicit human-driven PR per dep when the team is ready to do the audit, rather than a recurring Dependabot PR that sits in the queue every few weeks needing the same audit work.
|
Closing in favor of the consolidated monthly Dependabot bundle from #1197 (just merged). Next scheduled Dependabot run (2026-07-01) will re-roll this bump into the consolidated PR if still applicable — comment |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/pip/nodes/src/nodes/redis-gte-7.4.1-and-lt-8.0.0
branch
1 participant
Updates the requirements on redis to permit the latest version.
Release notes
Sourced from redis's releases.
Commits
f93955cUpdating PyJWT dependency. (#4100)582cc35Backporting flaky test fixes and dependency vulnerabilities related changes680abe9Updating lib version to 7.4.1 and supported Redis server versions in README.md7c3188bPreserve explicit None for client metadata config (#4081)b72f24aUpdating lib version to 7.4.00a4e0afRefactored health check logic for MultiDBClient (#3994)15492c9Refactored connection count and SCH metric collection (#4001)cd964acExpose basic Otel classes and funtions to be importable through redis.observa...46ab74dFixing security concern in repr methods for ConnectionPools - passwords m...26482dbFix AttributeError in cluster metrics recording when connection is None or Cl...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)