Security Alert: cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

[Tech-Dex]

It seems like cleo==1.0.0a5 which is required by redis-om==0.1.0 has an issue.

[chayim]

Thanks for raising this issue!

redis-om-python does not have direct dependencies on cleo. However, upstream dependencies did exist. The cleo DDOS issue should not be impact this library given how it was being used (or specifically how set_rows isn't being used) and was previous identified/filtered in the dependency checks.

However PR #427 exists, and agreed, we should issue a new release as this occurs - to force dependency pinning!