chore(deps): bump redis from 7.1.0 to 7.2.0

[dependabot]

Bumps redis from 7.1.0 to 7.2.0.

Release notes

Sourced from redis's releases.

7.2.0

Changes

Redis 8.6 Support Added support for Redis 8.6, including new commands and features for streams idempotent production and HOTKEYS.

Smart Client Handoff (Maintenance Notifications) for Cluster note: Pending a Redis Enterprise version release

This release introduces comprehensive support for Redis Enterprise Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

Relaxing timeouts during migration (SMIGRATING) to prevent false failures Triggering cluster state reloads upon completion (SMIGRATED) Enabling seamless operations during Redis Enterprise maintenance windows

OpenTelemetry Native Metrics Support Added comprehensive OpenTelemetry metrics support following the OpenTelemetry Database Client Semantic Conventions. Metric groups include:

• Command metrics: Operation duration with retry tracking
• Connection basic: Connection count and creation time
• Resiliency: Errors, handoffs, timeout relaxation
• Connection advanced: Wait time and use time
• Pubsub metrics: Published and received messages
• Stream metrics: Processing duration and maintenance notifications

🚀 New Features

• Added OTel instrumentation and metrics export for sync client (#3954)
• Add maintenance notifications support for OSS API cluster clients (#3946)
• Adding hotkeys commands support. (#3924)
• Adds support for the new Idempotent Producers feature in Redis 8.6 (#3926)
• Adding support for vrange command. (#3927)
• Added a local digest command to the client to execute the XXH3 locally… (#3884)
• Add DriverInfo class for upstream driver tracking (#3880)
• Add ssl_password support to async Redis client (#3878)
• Add ssl_ca_path support to async Redis client (#3879)

⚠️ Deprecations

• Adding special handling of client_tracking_on and client_tracking_off for cluster clients. Marking those two functions as deprecated for cluster - embedded client-side caching feature should be used instead. (#3858)

🐛 Bug Fixes

• Fix handling of circular MOVED redirects in cluster slot mapping (#3899)
• fix(asyncio): prevent deadlock when Lock.release() is cancelled (#3900)
• Fix unrecoverable connection state (#3905)
• Fixed potential race condition between call_later() and run_forever() (#3897)
• Fix RuntimeError in ClusterPubSub sharded message generator (#3889)
• Fix async connection pool lock contention during connection establishment (#3885)
• Fix PubSub client health check handling for sync client implementation (#3870)
• Adding retries for the overall connect - socket connect + handshake. Fix for pubsub reconnect issues. (#3863)
• Adding special handling of client_tracking_on and client_tracking_off for cluster clients. Marking those two functions as deprecated for cluster - embedded client-side caching feature should be used instead. (#3858)
• #3618 Fix client-side cache invalidation for mixed str and bytes Redis keys (#3766)

... (truncated)

Commits

• 915e8b4 Updating server version to 7.2.0
• b41e47d Added OTel instrumentation and metrics export for sync client (#3954)
• 9c8ad16 Fix type hints for spop and srandmember methods (#3943)
• 34c73c7 Add maintenance notifications support for OSS API cluster clients (#3946)
• 24974fe Renamed initial health check policies and unhealthy database argument (#3949)
• 3d6b571 Reorganize pipeline actions (#3951)
• 877d7a2 Disabled SCH in MultiDBClient underlying clients (#3938)
• 9ac9ee6 Adding hotkeys commands support. (#3924)
• 65623b7 Extending the tests to validate more supported scorers for hybrid search. Add...
• 2b2f2cf Adds support for the new Idempotent Producers feature in Redis 8.6 (#3926)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rtibblesbot]

Dependency Update Review

Package: redis 7.1.0 → 7.2.0
Semver risk: Minor
Dependency type: Production (used via django-redis for caching, and as Celery broker)
CI status: Passing

Changelog Analysis

Sources consulted:

• Release notes v7.2.0
• Compare v7.1.0...v7.2.0

Breaking changes: None.

Deprecations: client_tracking_on / client_tracking_off deprecated for cluster clients — not relevant here since Studio uses django-redis with a standard Redis backend, not cluster mode.

Security fixes: None.

Other notable changes:

• Redis 8.6 command support (streams idempotent production, HOTKEYS, vrange)
• OpenTelemetry native metrics support
• Smart Client Handoff for Redis Enterprise cluster maintenance
• Multiple bug fixes: async lock deadlock prevention, connection pool lock contention, PubSub health check handling, retry logic improvements

Compatibility Assessment

• Project uses affected APIs: No — Studio uses redis through django-redis (cache backend) and Celery (broker). No direct use of deprecated cluster tracking APIs.
• Peer dependency changes: None
• Code changes required: None
• Prior failed attempts: None found

Recommendation

APPROVE — Standard minor bump with no breaking changes, no deprecations affecting this project, and CI passing. The bug fixes (connection pool contention, retry logic) are beneficial for production stability.

---

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

• Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
• Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
• Architecture: duplicated concerns, minimal interfaces, composition over inheritance
• Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
• Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
• Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
• Checked CI status and linked issue acceptance criteria
• For UI changes: inspected screenshots for layout, visual completeness, and consistency

[rtibbles]

@dependabot rebase

[dependabot]

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.