Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Off by 1 - Canceling async Redis command leaves connection open, in unsafe state for future commands #2624

Closed
drago-balto opened this issue Mar 17, 2023 · 7 comments · Fixed by #2641

Comments

@drago-balto
Copy link

drago-balto commented Mar 17, 2023

Version: 4.5.1

Platform: Python 3.8 / Ubuntu (but really, any platform will likely suffer the same issue)

Description: Canceling async Redis command leaves connection open, in unsafe state for future commands

The issue here is really the same as #2579, except that it generalizes it to all commands (as opposed to just blocking commands).

If async Redis request is canceled at the right time, after the command was sent but before the response was received and parsed, the connection is left in an unsafe state for future commands. The following redis operation on the same connection will send the command, and then promptly continue to read the response from the previous, canceled command. From that point on, the connection will remain in this weird, off-by-1 state.

Here's a script reproducing the problem:

import asyncio
from redis.asyncio import Redis
import sys


async def main():
    myhost, mypassword = sys.argv[1:]
    async with Redis(host=myhost, password=mypassword, ssl=True, single_connection_client=True) as r:

        await r.set('foo', 'foo')
        await r.set('bar', 'bar')

        t = asyncio.create_task(r.get('foo'))
        await asyncio.sleep(0.001)
        t.cancel()
        try:
            await t
            print('try again, we did not cancel the task in time')
        except asyncio.CancelledError:
            print('managed to cancel the task, connection is left open with unread response')

        print('bar:', await r.get('bar'))
        print('ping:', await r.ping())
        print('foo:', await r.get('foo'))


if __name__ == '__main__':
    asyncio.run(main())

Running this against a server in the cloud (such that requests typically take > 5ms to complete) results in this:

$ python redis_cancel.py hostname password
managed to cancel the task, connection is left open with unread response
bar: b'foo'
ping: False
foo: b'PONG'

I believe the solution is simple. This method needs to be modified to disconnect connection when current request is canceled. For example, do this:

    async def _send_command_parse_response(self, conn, command_name, *args, **options):
        """
        Send a command and parse the response
        """
        try:
            await conn.send_command(*args)
            return await self.parse_response(conn, command_name, **options)
        except asyncio.CancelledError:
            await conn.disconnect()
            raise
@volnet
Copy link

volnet commented Mar 24, 2023

Is it the problem about OpenAI https://openai.com/blog/march-20-chatgpt-outage ?

@drago-balto
Copy link
Author

Yep, that's the one, and the #2641 has not fixed it fully, as I already commented here: #2641 (comment)

I am asking for this ticket to be re-oped, since I can still reproduce the problem in the latest 4.5.3. version

@rajivpoddar
Copy link

Did GPT4 help with debugging?

@pydanny
Copy link

pydanny commented Mar 24, 2023

I wonder how much OpenAI/ChatGPT is funding maintenance of this library. 🤔

@chayim
Copy link
Contributor

chayim commented Mar 26, 2023

Folks, I reopened this accidentally - but wanted to ensure there was communication that is clear. Please note - we're tracking in #2665. Let's align in a single issue - it makes it easier to co-ordinate, track, and respond.

@rgaufman
Copy link

This is quite a critical bug that is impacting us, can you please release a new version?

@tomer555
Copy link

+1

Petitoto pushed a commit to aeecleclair/Hyperion that referenced this issue Aug 19, 2023
Bumps [redis](https://github.com/redis/redis-py) from 4.6.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/releases">redis's
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<h2>What's new?</h2>
<h3>Triggers and Functions support</h3>
<p>Triggers and Functions allow you to execute server-side functions
triggered when key values are modified or created in Redis, a stream
entry arrival, or explicitly calling them. Simply put, you can replace
Lua scripts with easy-to-develop JavaScript or TypeScript code. Move
your business logic closer to the data to ensure a lower latency, and
forget about updating dependent key values manually in your code.
<a
href="https://redis.io/docs/interact/programmability/triggers-and-functions/quick_start/">Try
it for yourself with Quick start</a></p>
<h3>Full Redis 7.2 and <a
href="https://github.com/redis/redis-specifications/blob/master/protocol/RESP3.md">RESP3
support</a></h3>
<h3>Python 3.7 End-of-Life</h3>
<p><a href="https://devguide.python.org/versions/">Python 3.7 has
reached its end-of-life (EOL) as of June 2023</a>. This means that
starting from this date, Python 3.7 will no longer receive any updates,
including security patches, bug fixes, or improvements. If you continue
to use Python 3.7 post-EOL, you may expose your projects and systems to
potential security vulnerabilities. We ended its support in this version
and strongly recommend migrating to Python 3.10.</p>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Fix timeout retrying on pipeline execution (<a
href="https://github.com/redis/redis-py/issues/2812">#2812</a>)</li>
<li>Fix socket garbage collection (<a
href="https://github.com/redis/redis-py/issues/2859">#2859</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Updating client license to clear, MIT (<a
href="https://github.com/redis/redis-py/issues/2884">#2884</a>)</li>
<li>Add py.typed in accordance with PEP-561 (<a
href="https://github.com/redis/redis-py/issues/2738">#2738</a>)</li>
<li>Dependabot label change (<a
href="https://github.com/redis/redis-py/issues/2880">#2880</a>)</li>
<li>Fix type hints in SearchCommands (<a
href="https://github.com/redis/redis-py/issues/2817">#2817</a>)</li>
<li>Add sync modules (except search) tests to cluster CI (<a
href="https://github.com/redis/redis-py/issues/2850">#2850</a>)</li>
<li>Fix a duplicate word in <code>CONTRIBUTING.md</code> (<a
href="https://github.com/redis/redis-py/issues/2848">#2848</a>)</li>
<li>Fixing doc builds (<a
href="https://github.com/redis/redis-py/issues/2869">#2869</a>)</li>
<li>Change cluster docker to edge and enable debug command (<a
href="https://github.com/redis/redis-py/issues/2853">#2853</a>)</li>
</ul>
<h2>Contributors</h2>
<p>We'd like to thank all the contributors who worked on this
release!</p>
<p><a href="https://github.com/JoanFM"><code>@​JoanFM</code></a>, <a
href="https://github.com/Ovsyanka83"><code>@​Ovsyanka83</code></a>, <a
href="https://github.com/chayim"><code>@​chayim</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot],
<a href="https://github.com/dvora-h"><code>@​dvora-h</code></a>, <a
href="https://github.com/kristjanvalur"><code>@​kristjanvalur</code></a>,
<a href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a>, <a
href="https://github.com/pall-j"><code>@​pall-j</code></a> and <a
href="https://github.com/shacharPash"><code>@​shacharPash</code></a></p>
<h2>5.0.0rc2</h2>
<h2>Changes</h2>
<h2>🧰 Maintenance</h2>
<ul>
<li>RESP3 response-callbacks cleanup (<a
href="https://github.com/redis/redis-py/issues/2841">#2841</a>)</li>
<li>Merge master to 5.0 (<a
href="https://github.com/redis/redis-py/issues/2827">#2827</a>)</li>
</ul>
<h2>5.0.0rc1</h2>
<h2>Changes</h2>
<h2>🔥 Breaking Changes</h2>
<ul>
<li>Change <code>SISMEMBER</code> return type to int by (<a
href="https://github.com/redis/redis-py/issues/2813">#2813</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/blob/master/CHANGES">redis's
changelog</a>.</em></p>
<blockquote>
<pre><code>* Fix [#2831](redis/redis-py#2831),
add auto_close_connection_pool=True arg to asyncio.Redis.from_url()
* Fix incorrect redis.asyncio.Cluster type hint for `retry_on_error`
* Fix dead weakref in sentinel connection causing ReferenceError
([#2767](redis/redis-py#2767))
* Fix [#2768](redis/redis-py#2768), Fix
KeyError: 'first-entry' in parse_xinfo_stream.
* Fix [#2749](redis/redis-py#2749), remove
unnecessary __del__ logic to close connections.
* Fix [#2754](redis/redis-py#2754), adding a
missing argument to SentinelManagedConnection
* Fix `xadd` command to accept non-negative `maxlen` including 0
* Revert [#2104](redis/redis-py#2104),
[#2673](redis/redis-py#2673), add
`disconnect_on_error` option to `read_response()` (issues
[#2506](redis/redis-py#2506),
[#2624](redis/redis-py#2624))
* Add `address_remap` parameter to `RedisCluster`
* Fix incorrect usage of once flag in async Sentinel
* asyncio: Fix memory leak caused by hiredis
([#2693](redis/redis-py#2693))
* Allow data to drain from async PythonParser when reading during a
disconnect()
* Use asyncio.timeout() instead of async_timeout.timeout() for python
&gt;= 3.11 ([#2602](redis/redis-py#2602))
* Add a Dependabot configuration to auto-update GitHub action versions.
* Add test and fix async HiredisParser when reading during a
disconnect() ([#2349](redis/redis-py#2349))
* Use hiredis-py pack_command if available.
* Support `.unlink()` in ClusterPipeline
* Simplify synchronous SocketBuffer state management
* Fix string cleanse in Redis Graph
* Make PythonParser resumable in case of error
([#2510](redis/redis-py#2510))
* Add `timeout=None` in `SentinelConnectionManager.read_response`
* Documentation fix: password protected socket connection
([#2374](redis/redis-py#2374))
* Allow `timeout=None` in `PubSub.get_message()` to wait forever
* add `nowait` flag to `asyncio.Connection.disconnect()`
* Update README.md links
* Fix timezone handling for datetime to unixtime conversions
* Fix start_id type for XAUTOCLAIM
* Remove verbose logging from cluster.py
* Add retry mechanism to async version of Connection
* Compare commands case-insensitively in the asyncio command parser
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml
([#1988](redis/redis-py#1988)). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster &amp; change default
target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub,
ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio
([#2065](redis/redis-py#2065))
* Fix auth bug when provided with no username
([#2086](redis/redis-py#2086))
* Fix missing ClusterPipeline._lock
([#2189](redis/redis-py#2189))
* Added dynaminc_startup_nodes configuration to RedisCluster
* Fix reusing the old nodes' connections when cluster topology refresh
is being done
* Fix RedisCluster to immediately raise AuthenticationError without a
retry
* ClusterPipeline Doesn't Handle ConnectionError for Dead Hosts
([#2225](redis/redis-py#2225))
* Remove compatibility code for old versions of Hiredis, drop Packaging
dependency
* The `deprecated` library is no longer a dependency
* Failover handling improvements for RedisCluster and Async RedisCluster
([#2377](redis/redis-py#2377))
* Fixed &quot;cannot pickle '_thread.lock' object&quot; bug
([#2354](redis/redis-py#2354),
[#2297](redis/redis-py#2297))
* Added CredentialsProvider class to support password rotation
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/redis/redis-py/commit/28cc65c18cc4fb37ef14497c963eb181dba8d25d"><code>28cc65c</code></a>
Updating all client licenses to clearly be MIT (<a
href="https://github.com/redis/redis-py/issues/2884">#2884</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/2f679261b7ef0e7372868cacd8ba8721406eb495"><code>2f67926</code></a>
Version 5.0.0 (<a
href="https://github.com/redis/redis-py/issues/2874">#2874</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/f121cf29e7d7fb5c85c5915ba5ce10a20826e8c0"><code>f121cf2</code></a>
Add support for <code>CLIENT SETINFO</code> (<a
href="https://github.com/redis/redis-py/issues/2857">#2857</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/d5c2d1d42ed9f653d450e6127cb6f673f43fb2d0"><code>d5c2d1d</code></a>
Adding support for triggered functions (TFUNCTION) (<a
href="https://github.com/redis/redis-py/issues/2861">#2861</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/b0abd555770bba42c57881b488b5fe5b188f088e"><code>b0abd55</code></a>
RESP 3 feature documentation (<a
href="https://github.com/redis/redis-py/issues/2872">#2872</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/a532f89adcd5b790e2811588a2d7c34a79b095d5"><code>a532f89</code></a>
Add py.typed in accordance with PEP-561 (<a
href="https://github.com/redis/redis-py/issues/2738">#2738</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/673617d2cbac265c6c8d43280d5e6898df4572b6"><code>673617d</code></a>
Bump actions/upload-artifact from 2 to 3 (<a
href="https://github.com/redis/redis-py/issues/2877">#2877</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/0ed807777cfab129904fd72fbada793f21ea0a9c"><code>0ed8077</code></a>
Bump pypa/gh-action-pip-audit from 1.0.0 to 1.0.8 (<a
href="https://github.com/redis/redis-py/issues/2879">#2879</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/38c7de617a482c9dd2d40699fbdd7ce44736cae9"><code>38c7de6</code></a>
Dependabot label change (<a
href="https://github.com/redis/redis-py/issues/2880">#2880</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/8370c4ac20835002fd1044e1742986072f19289c"><code>8370c4a</code></a>
Add a Dependabot config to auto-update GitHub action versions (<a
href="https://github.com/redis/redis-py/issues/2847">#2847</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/redis/redis-py/compare/v4.6.0...v5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=redis&package-manager=pip&previous-version=4.6.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
oleobal pushed a commit to Substra/substra-backend that referenced this issue Sep 11, 2023
Bumps [redis](https://github.com/redis/redis-py) from 4.5.4 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/releases">redis's
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<h2>What's new?</h2>
<h3>Triggers and Functions support</h3>
<p>Triggers and Functions allow you to execute server-side functions
triggered when key values are modified or created in Redis, a stream
entry arrival, or explicitly calling them. Simply put, you can replace
Lua scripts with easy-to-develop JavaScript or TypeScript code. Move
your business logic closer to the data to ensure a lower latency, and
forget about updating dependent key values manually in your code.
<a
href="https://redis.io/docs/interact/programmability/triggers-and-functions/quick_start/">Try
it for yourself with Quick start</a></p>
<h3>Full <a href="https://redis.com/blog/introducing-redis-7-2/">Redis
7.2</a> and <a
href="https://github.com/redis/redis-specifications/blob/master/protocol/RESP3.md">RESP3
support</a></h3>
<h3>Python 3.7 End-of-Life</h3>
<p><a href="https://devguide.python.org/versions/">Python 3.7 has
reached its end-of-life (EOL) as of June 2023</a>. This means that
starting from this date, Python 3.7 will no longer receive any updates,
including security patches, bug fixes, or improvements. If you continue
to use Python 3.7 post-EOL, you may expose your projects and systems to
potential security vulnerabilities. We ended its support in this version
and strongly recommend migrating to Python 3.10.</p>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Fix timeout retrying on pipeline execution (<a
href="https://github.com/redis/redis-py/issues/2812">#2812</a>)</li>
<li>Fix socket garbage collection (<a
href="https://github.com/redis/redis-py/issues/2859">#2859</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Updating client license to clear, MIT (<a
href="https://github.com/redis/redis-py/issues/2884">#2884</a>)</li>
<li>Add py.typed in accordance with PEP-561 (<a
href="https://github.com/redis/redis-py/issues/2738">#2738</a>)</li>
<li>Dependabot label change (<a
href="https://github.com/redis/redis-py/issues/2880">#2880</a>)</li>
<li>Fix type hints in SearchCommands (<a
href="https://github.com/redis/redis-py/issues/2817">#2817</a>)</li>
<li>Add sync modules (except search) tests to cluster CI (<a
href="https://github.com/redis/redis-py/issues/2850">#2850</a>)</li>
<li>Fix a duplicate word in <code>CONTRIBUTING.md</code> (<a
href="https://github.com/redis/redis-py/issues/2848">#2848</a>)</li>
<li>Fixing doc builds (<a
href="https://github.com/redis/redis-py/issues/2869">#2869</a>)</li>
<li>Change cluster docker to edge and enable debug command (<a
href="https://github.com/redis/redis-py/issues/2853">#2853</a>)</li>
</ul>
<h2>Contributors</h2>
<p>We'd like to thank all the contributors who worked on this
release!</p>
<p><a href="https://github.com/JoanFM"><code>@​JoanFM</code></a>, <a
href="https://github.com/Ovsyanka83"><code>@​Ovsyanka83</code></a>, <a
href="https://github.com/chayim"><code>@​chayim</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot],
<a href="https://github.com/dvora-h"><code>@​dvora-h</code></a>, <a
href="https://github.com/kristjanvalur"><code>@​kristjanvalur</code></a>,
<a href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a>, <a
href="https://github.com/pall-j"><code>@​pall-j</code></a> and <a
href="https://github.com/shacharPash"><code>@​shacharPash</code></a></p>
<h2>5.0.0rc2</h2>
<h2>Changes</h2>
<h2>🧰 Maintenance</h2>
<ul>
<li>RESP3 response-callbacks cleanup (<a
href="https://github.com/redis/redis-py/issues/2841">#2841</a>)</li>
<li>Merge master to 5.0 (<a
href="https://github.com/redis/redis-py/issues/2827">#2827</a>)</li>
</ul>
<h2>5.0.0rc1</h2>
<h2>Changes</h2>
<h2>🔥 Breaking Changes</h2>
<ul>
<li>Change <code>SISMEMBER</code> return type to int by (<a
href="https://github.com/redis/redis-py/issues/2813">#2813</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/blob/master/CHANGES">redis's
changelog</a>.</em></p>
<blockquote>
<pre><code>* Fix [#2831](redis/redis-py#2831),
add auto_close_connection_pool=True arg to asyncio.Redis.from_url()
* Fix incorrect redis.asyncio.Cluster type hint for `retry_on_error`
* Fix dead weakref in sentinel connection causing ReferenceError
([#2767](redis/redis-py#2767))
* Fix [#2768](redis/redis-py#2768), Fix
KeyError: 'first-entry' in parse_xinfo_stream.
* Fix [#2749](redis/redis-py#2749), remove
unnecessary __del__ logic to close connections.
* Fix [#2754](redis/redis-py#2754), adding a
missing argument to SentinelManagedConnection
* Fix `xadd` command to accept non-negative `maxlen` including 0
* Revert [#2104](redis/redis-py#2104),
[#2673](redis/redis-py#2673), add
`disconnect_on_error` option to `read_response()` (issues
[#2506](redis/redis-py#2506),
[#2624](redis/redis-py#2624))
* Add `address_remap` parameter to `RedisCluster`
* Fix incorrect usage of once flag in async Sentinel
* asyncio: Fix memory leak caused by hiredis
([#2693](redis/redis-py#2693))
* Allow data to drain from async PythonParser when reading during a
disconnect()
* Use asyncio.timeout() instead of async_timeout.timeout() for python
&gt;= 3.11 ([#2602](redis/redis-py#2602))
* Add a Dependabot configuration to auto-update GitHub action versions.
* Add test and fix async HiredisParser when reading during a
disconnect() ([#2349](redis/redis-py#2349))
* Use hiredis-py pack_command if available.
* Support `.unlink()` in ClusterPipeline
* Simplify synchronous SocketBuffer state management
* Fix string cleanse in Redis Graph
* Make PythonParser resumable in case of error
([#2510](redis/redis-py#2510))
* Add `timeout=None` in `SentinelConnectionManager.read_response`
* Documentation fix: password protected socket connection
([#2374](redis/redis-py#2374))
* Allow `timeout=None` in `PubSub.get_message()` to wait forever
* add `nowait` flag to `asyncio.Connection.disconnect()`
* Update README.md links
* Fix timezone handling for datetime to unixtime conversions
* Fix start_id type for XAUTOCLAIM
* Remove verbose logging from cluster.py
* Add retry mechanism to async version of Connection
* Compare commands case-insensitively in the asyncio command parser
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml
([#1988](redis/redis-py#1988)). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster &amp; change default
target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub,
ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio
([#2065](redis/redis-py#2065))
* Fix auth bug when provided with no username
([#2086](redis/redis-py#2086))
* Fix missing ClusterPipeline._lock
([#2189](redis/redis-py#2189))
* Added dynaminc_startup_nodes configuration to RedisCluster
* Fix reusing the old nodes' connections when cluster topology refresh
is being done
* Fix RedisCluster to immediately raise AuthenticationError without a
retry
* ClusterPipeline Doesn't Handle ConnectionError for Dead Hosts
([#2225](redis/redis-py#2225))
* Remove compatibility code for old versions of Hiredis, drop Packaging
dependency
* The `deprecated` library is no longer a dependency
* Failover handling improvements for RedisCluster and Async RedisCluster
([#2377](redis/redis-py#2377))
* Fixed &quot;cannot pickle '_thread.lock' object&quot; bug
([#2354](redis/redis-py#2354),
[#2297](redis/redis-py#2297))
* Added CredentialsProvider class to support password rotation
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/redis/redis-py/commit/28cc65c18cc4fb37ef14497c963eb181dba8d25d"><code>28cc65c</code></a>
Updating all client licenses to clearly be MIT (<a
href="https://github.com/redis/redis-py/issues/2884">#2884</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/2f679261b7ef0e7372868cacd8ba8721406eb495"><code>2f67926</code></a>
Version 5.0.0 (<a
href="https://github.com/redis/redis-py/issues/2874">#2874</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/f121cf29e7d7fb5c85c5915ba5ce10a20826e8c0"><code>f121cf2</code></a>
Add support for <code>CLIENT SETINFO</code> (<a
href="https://github.com/redis/redis-py/issues/2857">#2857</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/d5c2d1d42ed9f653d450e6127cb6f673f43fb2d0"><code>d5c2d1d</code></a>
Adding support for triggered functions (TFUNCTION) (<a
href="https://github.com/redis/redis-py/issues/2861">#2861</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/b0abd555770bba42c57881b488b5fe5b188f088e"><code>b0abd55</code></a>
RESP 3 feature documentation (<a
href="https://github.com/redis/redis-py/issues/2872">#2872</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/a532f89adcd5b790e2811588a2d7c34a79b095d5"><code>a532f89</code></a>
Add py.typed in accordance with PEP-561 (<a
href="https://github.com/redis/redis-py/issues/2738">#2738</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/673617d2cbac265c6c8d43280d5e6898df4572b6"><code>673617d</code></a>
Bump actions/upload-artifact from 2 to 3 (<a
href="https://github.com/redis/redis-py/issues/2877">#2877</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/0ed807777cfab129904fd72fbada793f21ea0a9c"><code>0ed8077</code></a>
Bump pypa/gh-action-pip-audit from 1.0.0 to 1.0.8 (<a
href="https://github.com/redis/redis-py/issues/2879">#2879</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/38c7de617a482c9dd2d40699fbdd7ce44736cae9"><code>38c7de6</code></a>
Dependabot label change (<a
href="https://github.com/redis/redis-py/issues/2880">#2880</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/8370c4ac20835002fd1044e1742986072f19289c"><code>8370c4a</code></a>
Add a Dependabot config to auto-update GitHub action versions (<a
href="https://github.com/redis/redis-py/issues/2847">#2847</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/redis/redis-py/compare/v4.5.4...v5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=redis&package-manager=pip&previous-version=4.5.4&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
oleobal pushed a commit to Substra/substra-backend that referenced this issue Sep 11, 2023
Bumps [redis](https://github.com/redis/redis-py) from 4.6.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/releases">redis's
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<h2>What's new?</h2>
<h3>Triggers and Functions support</h3>
<p>Triggers and Functions allow you to execute server-side functions
triggered when key values are modified or created in Redis, a stream
entry arrival, or explicitly calling them. Simply put, you can replace
Lua scripts with easy-to-develop JavaScript or TypeScript code. Move
your business logic closer to the data to ensure a lower latency, and
forget about updating dependent key values manually in your code.
<a
href="https://redis.io/docs/interact/programmability/triggers-and-functions/quick_start/">Try
it for yourself with Quick start</a></p>
<h3>Full <a href="https://redis.com/blog/introducing-redis-7-2/">Redis
7.2</a> and <a
href="https://github.com/redis/redis-specifications/blob/master/protocol/RESP3.md">RESP3
support</a></h3>
<h3>Python 3.7 End-of-Life</h3>
<p><a href="https://devguide.python.org/versions/">Python 3.7 has
reached its end-of-life (EOL) as of June 2023</a>. This means that
starting from this date, Python 3.7 will no longer receive any updates,
including security patches, bug fixes, or improvements. If you continue
to use Python 3.7 post-EOL, you may expose your projects and systems to
potential security vulnerabilities. We ended its support in this version
and strongly recommend migrating to Python 3.10.</p>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Fix timeout retrying on pipeline execution (<a
href="https://github.com/redis/redis-py/issues/2812">#2812</a>)</li>
<li>Fix socket garbage collection (<a
href="https://github.com/redis/redis-py/issues/2859">#2859</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Updating client license to clear, MIT (<a
href="https://github.com/redis/redis-py/issues/2884">#2884</a>)</li>
<li>Add py.typed in accordance with PEP-561 (<a
href="https://github.com/redis/redis-py/issues/2738">#2738</a>)</li>
<li>Dependabot label change (<a
href="https://github.com/redis/redis-py/issues/2880">#2880</a>)</li>
<li>Fix type hints in SearchCommands (<a
href="https://github.com/redis/redis-py/issues/2817">#2817</a>)</li>
<li>Add sync modules (except search) tests to cluster CI (<a
href="https://github.com/redis/redis-py/issues/2850">#2850</a>)</li>
<li>Fix a duplicate word in <code>CONTRIBUTING.md</code> (<a
href="https://github.com/redis/redis-py/issues/2848">#2848</a>)</li>
<li>Fixing doc builds (<a
href="https://github.com/redis/redis-py/issues/2869">#2869</a>)</li>
<li>Change cluster docker to edge and enable debug command (<a
href="https://github.com/redis/redis-py/issues/2853">#2853</a>)</li>
</ul>
<h2>Contributors</h2>
<p>We'd like to thank all the contributors who worked on this
release!</p>
<p><a href="https://github.com/JoanFM"><code>@​JoanFM</code></a>, <a
href="https://github.com/Ovsyanka83"><code>@​Ovsyanka83</code></a>, <a
href="https://github.com/chayim"><code>@​chayim</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>, <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot],
<a href="https://github.com/dvora-h"><code>@​dvora-h</code></a>, <a
href="https://github.com/kristjanvalur"><code>@​kristjanvalur</code></a>,
<a href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a>, <a
href="https://github.com/pall-j"><code>@​pall-j</code></a> and <a
href="https://github.com/shacharPash"><code>@​shacharPash</code></a></p>
<h2>5.0.0rc2</h2>
<h2>Changes</h2>
<h2>🧰 Maintenance</h2>
<ul>
<li>RESP3 response-callbacks cleanup (<a
href="https://github.com/redis/redis-py/issues/2841">#2841</a>)</li>
<li>Merge master to 5.0 (<a
href="https://github.com/redis/redis-py/issues/2827">#2827</a>)</li>
</ul>
<h2>5.0.0rc1</h2>
<h2>Changes</h2>
<h2>🔥 Breaking Changes</h2>
<ul>
<li>Change <code>SISMEMBER</code> return type to int by (<a
href="https://github.com/redis/redis-py/issues/2813">#2813</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/redis/redis-py/blob/master/CHANGES">redis's
changelog</a>.</em></p>
<blockquote>
<pre><code>* Fix [#2831](redis/redis-py#2831),
add auto_close_connection_pool=True arg to asyncio.Redis.from_url()
* Fix incorrect redis.asyncio.Cluster type hint for `retry_on_error`
* Fix dead weakref in sentinel connection causing ReferenceError
([#2767](redis/redis-py#2767))
* Fix [#2768](redis/redis-py#2768), Fix
KeyError: 'first-entry' in parse_xinfo_stream.
* Fix [#2749](redis/redis-py#2749), remove
unnecessary __del__ logic to close connections.
* Fix [#2754](redis/redis-py#2754), adding a
missing argument to SentinelManagedConnection
* Fix `xadd` command to accept non-negative `maxlen` including 0
* Revert [#2104](redis/redis-py#2104),
[#2673](redis/redis-py#2673), add
`disconnect_on_error` option to `read_response()` (issues
[#2506](redis/redis-py#2506),
[#2624](redis/redis-py#2624))
* Add `address_remap` parameter to `RedisCluster`
* Fix incorrect usage of once flag in async Sentinel
* asyncio: Fix memory leak caused by hiredis
([#2693](redis/redis-py#2693))
* Allow data to drain from async PythonParser when reading during a
disconnect()
* Use asyncio.timeout() instead of async_timeout.timeout() for python
&gt;= 3.11 ([#2602](redis/redis-py#2602))
* Add a Dependabot configuration to auto-update GitHub action versions.
* Add test and fix async HiredisParser when reading during a
disconnect() ([#2349](redis/redis-py#2349))
* Use hiredis-py pack_command if available.
* Support `.unlink()` in ClusterPipeline
* Simplify synchronous SocketBuffer state management
* Fix string cleanse in Redis Graph
* Make PythonParser resumable in case of error
([#2510](redis/redis-py#2510))
* Add `timeout=None` in `SentinelConnectionManager.read_response`
* Documentation fix: password protected socket connection
([#2374](redis/redis-py#2374))
* Allow `timeout=None` in `PubSub.get_message()` to wait forever
* add `nowait` flag to `asyncio.Connection.disconnect()`
* Update README.md links
* Fix timezone handling for datetime to unixtime conversions
* Fix start_id type for XAUTOCLAIM
* Remove verbose logging from cluster.py
* Add retry mechanism to async version of Connection
* Compare commands case-insensitively in the asyncio command parser
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml
([#1988](redis/redis-py#1988)). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster &amp; change default
target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub,
ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio
([#2065](redis/redis-py#2065))
* Fix auth bug when provided with no username
([#2086](redis/redis-py#2086))
* Fix missing ClusterPipeline._lock
([#2189](redis/redis-py#2189))
* Added dynaminc_startup_nodes configuration to RedisCluster
* Fix reusing the old nodes' connections when cluster topology refresh
is being done
* Fix RedisCluster to immediately raise AuthenticationError without a
retry
* ClusterPipeline Doesn't Handle ConnectionError for Dead Hosts
([#2225](redis/redis-py#2225))
* Remove compatibility code for old versions of Hiredis, drop Packaging
dependency
* The `deprecated` library is no longer a dependency
* Failover handling improvements for RedisCluster and Async RedisCluster
([#2377](redis/redis-py#2377))
* Fixed &quot;cannot pickle '_thread.lock' object&quot; bug
([#2354](redis/redis-py#2354),
[#2297](redis/redis-py#2297))
* Added CredentialsProvider class to support password rotation
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/redis/redis-py/commit/28cc65c18cc4fb37ef14497c963eb181dba8d25d"><code>28cc65c</code></a>
Updating all client licenses to clearly be MIT (<a
href="https://github.com/redis/redis-py/issues/2884">#2884</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/2f679261b7ef0e7372868cacd8ba8721406eb495"><code>2f67926</code></a>
Version 5.0.0 (<a
href="https://github.com/redis/redis-py/issues/2874">#2874</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/f121cf29e7d7fb5c85c5915ba5ce10a20826e8c0"><code>f121cf2</code></a>
Add support for <code>CLIENT SETINFO</code> (<a
href="https://github.com/redis/redis-py/issues/2857">#2857</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/d5c2d1d42ed9f653d450e6127cb6f673f43fb2d0"><code>d5c2d1d</code></a>
Adding support for triggered functions (TFUNCTION) (<a
href="https://github.com/redis/redis-py/issues/2861">#2861</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/b0abd555770bba42c57881b488b5fe5b188f088e"><code>b0abd55</code></a>
RESP 3 feature documentation (<a
href="https://github.com/redis/redis-py/issues/2872">#2872</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/a532f89adcd5b790e2811588a2d7c34a79b095d5"><code>a532f89</code></a>
Add py.typed in accordance with PEP-561 (<a
href="https://github.com/redis/redis-py/issues/2738">#2738</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/673617d2cbac265c6c8d43280d5e6898df4572b6"><code>673617d</code></a>
Bump actions/upload-artifact from 2 to 3 (<a
href="https://github.com/redis/redis-py/issues/2877">#2877</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/0ed807777cfab129904fd72fbada793f21ea0a9c"><code>0ed8077</code></a>
Bump pypa/gh-action-pip-audit from 1.0.0 to 1.0.8 (<a
href="https://github.com/redis/redis-py/issues/2879">#2879</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/38c7de617a482c9dd2d40699fbdd7ce44736cae9"><code>38c7de6</code></a>
Dependabot label change (<a
href="https://github.com/redis/redis-py/issues/2880">#2880</a>)</li>
<li><a
href="https://github.com/redis/redis-py/commit/8370c4ac20835002fd1044e1742986072f19289c"><code>8370c4a</code></a>
Add a Dependabot config to auto-update GitHub action versions (<a
href="https://github.com/redis/redis-py/issues/2847">#2847</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/redis/redis-py/compare/v4.6.0...v5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=redis&package-manager=pip&previous-version=4.6.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants