Skip to content

Bump the python-major group with 2 updates#38

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/main/python-major-172e657d38
Open

Bump the python-major group with 2 updates#38
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/main/python-major-172e657d38

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps the python-major group with 2 updates: django and redis.

Updates django from 5.2.14 to 6.0.5

Commits
  • 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
  • 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
  • 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
  • ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
  • 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
  • f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
  • 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
  • 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
  • 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
  • 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
  • Additional commits viewable in compare view

Updates redis from 7.4.0 to 8.0.0

Release notes

Sourced from redis's releases.

8.0.0

Changes

🚀 Highlights

Async Cluster PubSub

This release introduces full asyncio Cluster PubSub support, bringing shard-channel capabilities (SSUBSCRIBE, SUNSUBSCRIBE, SPUBLISH) to the async RedisCluster client. The new ClusterPubSub class in redis.asyncio.cluster automatically routes shard-channel subscriptions to the correct cluster node based on key-slot hashing, manages per-node PubSub connections, and supports round-robin message retrieval across nodes. Users can create a cluster pubsub instance via RedisCluster.pubsub() and use ssubscribe(), sunsubscribe(), and get_sharded_message() just as they would with the sync cluster client.

Keyspace and subkey notifications

Redis Keyspace Notifications are now supported for standalone and cluster deployments in both sync and async modes. New classes — KeyspaceNotifications, ClusterKeyspaceNotifications, AsyncKeyspaceNotifications, and AsyncClusterKeyspaceNotifications — provide a high-level API for keyspace/keyevent subscriptions and subkey notification families: subkeyspace, subkeyevent, subkeyspaceitem, and subkeyspaceevent. Convenience methods like subscribe_keyspace(), subscribe_keyevent(), subscribe_subkeyspace(), subscribe_subkeyevent(), subscribe_subkeyspaceitem(), and subscribe_subkeyspaceevent() simplify common patterns, with channel classes for both key and subkey channels.

In cluster mode, subscriptions are managed across primary nodes because each node emits notifications only for keys it owns, with built-in topology-change handling. Sync run_in_thread() and async listen() workflows are supported.

Redis Array commands(https://redis.io/docs/latest/develop/data-types/arrays/)

redis-py now supports Redis Arrays, a preview Redis data type for sparse, index-addressable sequences of strings. New AR* command helpers cover indexed reads/writes, range scans, deletion, cursor-based insertion, ring-buffer writes, metadata, text search, and aggregation, including ARGET, ARSET, ARMGET, ARMSET, ARSCAN, ARGREP, ARRING, and AROP.

Type Hints Improvements (breaking changes)

The @overload pattern has been applied systematically across core commands (core.py), VectorSet commands, and module commands (Search, JSON, TimeSeries, Bloom filters) to provide distinct return types for sync and async clients. Previously, methods returned a combined ResponseT (i.e., Union[Awaitable[Any], Any]), which caused static analysis tools like mypy and Pyright to flag false positives. Now, sync clients see concrete return types (e.g., int, bool, list[str]) while async clients see Awaitable[...] wrappers. This is a breaking change for type-checking only—runtime behavior is unchanged, but code relying on the old union return types in type annotations may need updates. Two new protocol types, SyncClientProtocol and AsyncClientProtocol, are used in overload signatures to enable this distinction.

RESP3 by default with opt-in unified responses

redis-py 8.0.0 now uses RESP3 on the wire by default while preserving legacy RESP2-compatible Python response shapes for existing applications (#4052). Protocol-independent unified response shapes are available by setting legacy_responses=False, so affected commands return the same Python structure with RESP2 or RESP3.

Use protocol=2 to force RESP2 on the wire, protocol=3 to opt into native RESP3 response shapes, or legacy_responses=False to migrate to unified responses. See https://github.com/redis/redis-py/blob/HEAD/docs/unified_responses.rst and https://github.com/redis/redis-py/blob/HEAD/specs/unified_responses_migration_guide.md for the affected commands and migration details.

Connection and retry defaults

Default connection settings were updated: socket_timeout and socket_connect_timeout now default to 5 seconds, TCP keepalive is enabled by default, socket reads use a 32 KB buffer, connection pools default to max_connections=100, and retry defaults now use 10 attempts with exponential jitter backoff.

Note: socket_timeout can affect blocking commands such as BLPOP/BRPOP; if a command blocks longer than the client socket timeout, it may raise TimeoutError before the command timeout elapses (#2807).

🧪 Experimental Features

  • Added support for new array commands (#4055)

🚀 New Features

  • Support Cluster PubSub in asyncio (#3736)
  • Add Redis Keyspace Notifications Support for Redis Cluster (#3962)
  • Add random load balancing strategy which allows for use of the primary (#4027)
  • Add FPHA (floating-point homogeneous array) arg support to JSON.SET (#4011)
  • Added custom Claude command + XNACK command support (#4030)
  • Adding Time Series Multiple Aggregators support (#4035)
  • Adding support for new COUNT aggregator for some sorted set commands - ZINTER, ZINTERSTORE, ZUNION, ZUNIONSTORE (#4034)
  • Adding support for new INCREX command (#4067 #4077)
  • Add support for PubSub subscriptions with binary channel names and handlers (#4068)

... (truncated)

Commits
  • 733f80e Updates in default connection and retry settings (#4082)
  • a68a16c Updating Redis supported versions in README.md and lib version to 8.0.0
  • 43a41d3 Updating INCREX command arg - SATURATE now controls overflow behaviour (#4077)
  • 1496deb Preserve explicit None for client metadata config (#4081)
  • 57dc08c Avoid zero-timeout async reads in hiredis connections readiness checks and re...
  • cd54ddd fix(typing): correct type annotation for XReadResponse (#4046)
  • ab2d41f Add support for PubSub subscriptions with binary channel names and handlers (...
  • ef24dc9 Randomize cluster startup node order during topology refresh (#4060)
  • b604015 Add CLAUDE.md and /sync-claude-md skill for managing (#4066)
  • 2b8b4fc Fix flaky tests (#4071)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-major group with 2 updates
5bd7b6d 
Bumps the python-major group with 2 updates: [django](https://github.com/django/django) and [redis](https://github.com/redis/redis-py).


Updates `django` from 5.2.14 to 6.0.5
- [Commits](django/django@5.2.14...6.0.5)

Updates `redis` from 7.4.0 to 8.0.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v7.4.0...v8.0.0)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 6.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-major
- dependency-name: redis
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants