Bump @redis/client from 5.11.0 to 6.0.0

[dependabot]

Bumps @redis/client from 5.11.0 to 6.0.0.

Release notes

Sourced from @​redis/client's releases.

redis@6.0.0

Changes

This is the first major release of node-redis since 5.x. The headline change is RESP3 by default, alongside broader Redis 8.8 command coverage, pubsub/cluster reliability fixes, and a bumped minimum Node.js version.

Key changes

• RESP3 is the default protocol — opt back into RESP2 explicitly if you need the old wire format
• Node.js 20 is the new minimum supported runtime
• Redis 8.8 coverage — new array commands, INCREX / INCREXBYFLOAT, ZINTER/ZUNION COUNT aggregator, XNACK, CLIENT UNBLOCK
• Sentinel & cluster pubsub fixes for failover-moved connections and sharded topology recovery
• Stack modules exposed on pool type and the core client classes are now publicly re-exported

🔥 Breaking Changes

See the v5 → v6 migration guide for migration steps.

• RESP3 is now the default protocol (#3215)
• Node.js 20 is now the minimum supported version (#3293)
• New default values for keepAliveInitialDelay (30s) and commandTimeout (5s) (#3292)

🔒 Security

• entraid: bump @azure/msal-node to 5.x to drop vulnerable transitive uuid (CVE-2026-41907) (#3269)

🚀 New Features

• Add CLIENT UNBLOCK command (#3266)
• Add XNACK command with options (#3238)
• Add Redis 8.8 array commands (#3285)
• Add INCREX and INCREXBYFLOAT commands (#3288)
• Add COUNT aggregator to ZINTER / ZINTERSTORE / ZUNION / ZUNIONSTORE (#3243)
• Add FPHA option to JSON.SET (#3235)
• time-series: add multi-aggregation range APIs (#3249)
• Add duplicate() method to RedisSentinel (#3212)
• Parse unix:// URLs in parseURL (#3271)
• Expose RedisClient, RedisCluster, RedisSentinel and pool classes (#3251)
• Expose stack modules on the pool type (#3267)

🐛 Bug Fixes

• sentinel: use mapped address when failover moves pubsub connections (#3190)
• cluster: recover sharded pubsub topology after node reconnects (#3223)
• client: swallow synchronous EPIPE from writeAfterFIN (#3283)
• search: allow LOAD * in FT.AGGREGATE (#3241)
• otel: record client connection errors (#3259)
• entraid: bump @azure/msal-node to 5.x to drop vulnerable uuid transitive (#3269)
• Fix wrapper command options handling (#3295)
• Non-functional typo fixes (#3244)

📚 Documentation

... (truncated)

Commits

• 4813d1c Release json@6.0.0
• 2cbd719 Release bloom@6.0.0
• d0a53bb Release client@6.0.0
• c91e667 chore: widen @​redis/client peer-dep to allow 6.x for major release (#3296)
• f784b17 feat(client): align default keepAliveInitialDelay and commandTimeout (#3292)
• 9fa8a5b fix: wrapper command options (#3295)
• 2c0b6b5 docs(migration): document Node.js 20 minimum version requirement (#3293)
• 4f1b9d1 chore(deps): bump tmp and @​inquirer/editor (#3294)
• 90d5979 feat(client): add INCREX and INCREXBYFLOAT commands (#3288)
• 81bdca2 chore: add min-release-age cooldown to .npmrc (#3286)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6ffe175

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​redis/​client@​5.11.0 ⏵ 6.0.0			+1

View full report