Bump redis from 2.10.3 to 4.4.4 in /depends/docker-registry-core/requirements

[dependabot]

Bumps redis from 2.10.3 to 4.4.4.

Release notes

Sourced from redis's releases.

4.4.4

Changes

Upgrade urgency: SECURITY, contains fixes to security issues.

• (CVE-2023-28859) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.
• (CVE-2023-28858) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

🐛 Bug Fixes

• Fixing cancelled async futures (#2671 )

4.4.3

Changes

Update urgency: HIGH: There is a critical bug that may affect a subset of users. Upgrade!

🐛 Bug Fixes

• CWE-404 AsyncIO Race Condition Fix (#2624, #2579)

4.4.2

Changes

Note: this release include #2548 and it is suggested that users upgrade immediately.

🧪 Experimental Features

• Add support for BF.CARD (#2545)

🚀 New Features

• Add support for custom connection pool class in NodesManager (#2547)

🐛 Bug Fixes

• Allow replica to master promotion in nodes_cache (#2549)
• Security Fix: Updating graph parser for potential injection cases (#2548)

Contributors

We'd like to thank all the contributors who worked on this release!

@​Threated, @​dvora-h, @​shacharPash and @​zakaf

4.4.1

Changes

🚀 New Features

• Add dialect to FT.AGGREGATE (#2537)

... (truncated)

Changelog

Sourced from redis's changelog.

* Allow data to drain from async PythonParser when reading during a disconnect()
* Use asyncio.timeout() instead of async_timeout.timeout() for python >= 3.11 ([#2602](https://github.com/redis/redis-py/issues/2602))
* Add test and fix async HiredisParser when reading during a disconnect() ([#2349](https://github.com/redis/redis-py/issues/2349))
* Use hiredis-py pack_command if available.
* Support `.unlink()` in ClusterPipeline
* Simplify synchronous SocketBuffer state management
* Fix string cleanse in Redis Graph
* Make PythonParser resumable in case of error ([#2510](https://github.com/redis/redis-py/issues/2510))
* Add `timeout=None` in `SentinelConnectionManager.read_response`
* Documentation fix: password protected socket connection ([#2374](https://github.com/redis/redis-py/issues/2374))
* Allow `timeout=None` in `PubSub.get_message()` to wait forever
* add `nowait` flag to `asyncio.Connection.disconnect()`
* Update README.md links
* Fix timezone handling for datetime to unixtime conversions
* Fix start_id type for XAUTOCLAIM
* Remove verbose logging from cluster.py
* Add retry mechanism to async version of Connection
* Compare commands case-insensitively in the asyncio command parser
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml ([#1988](https://github.com/redis/redis-py/issues/1988)). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster & change default target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub, ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio ([#2065](https://github.com/redis/redis-py/issues/2065))
* Fix auth bug when provided with no username ([#2086](https://github.com/redis/redis-py/issues/2086))
* Fix missing ClusterPipeline._lock ([#2189](https://github.com/redis/redis-py/issues/2189))
* Added dynaminc_startup_nodes configuration to RedisCluster
* Fix reusing the old nodes' connections when cluster topology refresh is being done
* Fix RedisCluster to immediately raise AuthenticationError without a retry
* ClusterPipeline Doesn't Handle ConnectionError for Dead Hosts ([#2225](https://github.com/redis/redis-py/issues/2225))
* Remove compatibility code for old versions of Hiredis, drop Packaging dependency
* The `deprecated` library is no longer a dependency
* Failover handling improvements for RedisCluster and Async RedisCluster ([#2377](https://github.com/redis/redis-py/issues/2377))
* Fixed "cannot pickle '_thread.lock' object" bug ([#2354](https://github.com/redis/redis-py/issues/2354), [#2297](https://github.com/redis/redis-py/issues/2297))
* Added CredentialsProvider class to support password rotation
* Enable Lock for asyncio cluster mode
* Fix Sentinel.execute_command doesn't execute across the entire sentinel cluster bug ([#2458](https://github.com/redis/redis-py/issues/2458))
* Added a replacement for the default cluster node in the event of failure ([#2463](https://github.com/redis/redis-py/issues/2463))
* Fix for Unhandled exception related to self.host with unix socket ([#2496](https://github.com/redis/redis-py/issues/2496))

• 4.1.3 (Feb 8, 2022)
  • Fix flushdb and flushall (#1926)
  • Add redis5 and redis4 dockers (#1871)
  • Change json.clear test multi to be up to date with redisjson (#1922)
  • Fixing volume for unstable_cluster docker (#1914)
  • Update changes file with changes since 4.0.0-beta2 (#1915)
• 4.1.2 (Jan 27, 2022)

... (truncated)

Commits

• 49d9cb7 Version 4.4.4 (#2671)
• b3c89ac AsyncIO Race Condition Fix (#2640)
• 8592cac version 4.4.2 (#2550)
• be84b93 Add support to BF.CARD (#2545)
• 7dd73a3 add support for custom connection pool class in NodesManager (#2547)
• bae6385 allow replica to master promotion in nodes_cache (#2549)
• 4a825bc String cleanse (#2548)
• f46d7f3 Version 4.4.1 (#2544)
• c7600b4 add type checking for graph eq (#2531)
• decd1f6 ValueError must be AttributeError in init.py (#2542)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[ImagineBuildBot]

Scan submitted to Checkmarx

[ImagineBuildBot]

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 84 vulnerabilities
 25 High
 56 Medium
 3 Low
 0 Info

Checkmarx Scan Summary

Severity	Count
High	25
Medium	56
Low	3
Informational	0

Violation Summary

 15 High
 1 Low
 45 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines	Severity	Category	File	Link
80 82	Medium	Uncontrolled_Format_String	docker_registry/lib/checksums.py	Checkmarx
131	Medium	Uncontrolled_Format_String	scripts/create_ancestry.py	Checkmarx
102 104	Medium	Uncontrolled_Format_String	scripts/import_old_tags.py	Checkmarx
62	Medium	Uncontrolled_Format_String	scripts/dump_repos_data.py	Checkmarx
17	Medium	Stored_Command_Injection	setup.py	Checkmarx
177 283 398 418	Medium	SSRF	docker_registry/images.py	Checkmarx
104	Medium	SSRF	scripts/import_old_tags.py	Checkmarx
75	Medium	Path_Traversal	scripts/dump_repos_data.py	Checkmarx
183	Medium	Path_Traversal	scripts/bandwidth_parser.py	Checkmarx
82 83	Medium	Path_Traversal	docker_registry/lib/checksums.py	Checkmarx
84	Medium	Path_Traversal	docker_registry/lib/config.py	Checkmarx
177	Medium	Open_Redirect	docker_registry/images.py	Checkmarx
24	Medium	Missing_HSTS_Header	docker_registry/app.py	Checkmarx
48	Medium	Filtering_Sensitive_Logs	depends/docker-registry-core/docker_registry/core/lru.py	Checkmarx
172 173 176 177 178 179 186 187 194 197	Medium	Filtering_Sensitive_Logs	docker_registry/toolkit.py	Checkmarx
30 38	Medium	Filtering_Sensitive_Logs	scripts/bandwidth_parser.py	Checkmarx
38 108	Medium	CSRF	docker_registry/index.py	Checkmarx
177 283 301 398 418	Medium	CSRF	docker_registry/images.py	Checkmarx
19	Medium	CSRF	docker_registry/search.py	Checkmarx
58 87 101 119 146	Medium	CSRF	docker_registry/tags.py	Checkmarx
104	Low	Trust_Boundary_Violation_in_Session_Variables	scripts/import_old_tags.py	Checkmarx
177 283 301 398 418	High	Reflected_XSS_All_Clients	docker_registry/images.py	Checkmarx
20	High	Reflected_XSS_All_Clients	docker_registry/search.py	Checkmarx
108	High	Reflected_XSS_All_Clients	docker_registry/index.py	Checkmarx
52	High	Reflected_XSS_All_Clients	docker_registry/app.py	Checkmarx
87 101 119 146 230	High	Reflected_XSS_All_Clients	docker_registry/tags.py	Checkmarx
104	High	Connection_String_Injection	scripts/import_old_tags.py	Checkmarx
30	High	Command_Injection	docker_registry/server/env.py	Checkmarx