Update Redis dependency >4.0
Closed this issue · 0 comments
salomon-smekecohen commented
The redis version pin in baseplate includes the <4.0.0 clause. Redis has a vulnerability in 3.x versions.
See the following for a quick scan of potential incompatibilities from the changelog:
- BACKWARDS INCOMPATIBLE: All values within Redis URLs are unquoted via
urllib.parse.unquote. Prior versions of redis-py supported this by
specifying thedecode_components
flag to thefrom_url
functions.
This is now done by default and cannot be disabled. #589 - POTENTIALLY INCOMPATIBLE: Redis commands were moved into a mixin
(see commands.py). Anyone importingredis.client
to access commands
directly should importredis.commands
. #1534, #1550