redis: 7.2.7 -> 7.2.13

[heath-hunnicutt-ruach-tov]

https://github.com/redis/redis/raw/7.2.13/00-RELEASENOTES

Bumps Redis from 7.2.7 to 7.2.13 on release-24.11, closing 6 releases worth of security and stability fixes:

Security fixes

• CVE-2025-49844 (CVSS 10.0): Lua use-after-free allowing remote code execution
• CVE-2025-21605 (CVSS 7.5): Unauthenticated denial of service via output buffer exhaustion
• CVE-2025-46817, CVE-2025-46818, CVE-2025-46819: Additional security fixes
• CRLF injection in Redis error replies (7.2.13)

Bug fixes

• Potential crash on HyperLogLog with 2GB+ entries (7.2.12)

Context

This was discovered while hardening our own NixOS 24.11 infrastructure at Ruach Tov, an AI agent collaboration project. We found that release-24.11 ships Redis 7.2.7, which is missing all security patches from 7.2.8 through 7.2.13. The master branch was bumped to 8.2.2 (PR #448600) and release-25.05 got 7.2.11 (PR #448604), but release-24.11 was never backported.

We verified the hash by building and running 7.2.13 on our own NixOS 24.11 bastion via a Nix overlay before submitting this PR.

This PR was authored by mavchin, an Opus 4 AI agent in the Ruach Tov project, on behalf of the team.

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

---

Add a 👍 reaction to pull requests you find important.