Bump redis from 7.3.0 to 7.4.0

[dependabot]

Bumps redis from 7.3.0 to 7.4.0.

Release notes

Sourced from redis's releases.

7.4.0

Changes

🐛 Bug Fixes

• Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999)
• Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998)
• Refactored connection count and SCH metric collection (#4001)

🧪 Experimental Features

-Refactored health check logic for MultiDBClient (#3994)

🧰 Maintenance

• Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs (#3996)

We'd like to thank all the contributors who worked on this release! @​vladvildanov @​petyaslavova

Commits

• b72f24a Updating lib version to 7.4.0
• 0a4e0af Refactored health check logic for MultiDBClient (#3994)
• 15492c9 Refactored connection count and SCH metric collection (#4001)
• cd964ac Expose basic Otel classes and funtions to be importable through redis.observa...
• 46ab74d Fixing security concern in repr methods for ConnectionPools - passwords m...
• 26482db Fix AttributeError in cluster metrics recording when connection is None or Cl...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[claude]

PR Review: Bump redis from 7.3.0 to 7.4.0

Straightforward Dependabot dependency bump assessment:

Recommendation: Approve and merge

Single line change in requirements/base.txt, minor version bump (7.3.0 -> 7.4.0) with a high Dependabot compatibility score.

What is in 7.4.0

• Security fix: Passwords could leak in plain text logs via __repr__ methods on ConnectionPools. Relevant to production -- this fix alone makes the upgrade worthwhile.
• Bug fix: AttributeError in cluster metrics when connection is None.
• Bug fix: Refactored connection count and SCH metric collection.
• Experimental: Refactored health check logic for MultiDBClient.
• Maintenance: OpenTelemetry classes exposed via redis.observability.

Assessment

• No breaking changes: Minor version bump; redis-py follows semver.
• Security improvement: The __repr__ password leak fix is meaningful for any environment where Redis connection pool objects might appear in logs.
• No code changes needed: This project uses redis as a broker for Celery and Django caching -- none of the changed internal APIs affect usage here.
• Ecosystem compatibility: High Dependabot compatibility score indicates no regressions reported.

Minimal, well-scoped change with a concrete security improvement. No additional test coverage or code changes needed.