[TT-15984] Update config description and updated go-redis

[lghiur]

This PR addresses:

• the review from the tyk-docs PR https://github.com/TykTechnologies/tyk-docs/pull/7078
• the low CVE discovered on 1.13.0-rc3 image https://tyktechnologies.github.io/list-docker-cves/pump/v1.13.0-rc3/

Description

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• Make sure you are requesting to pull a topic/feature/bugfix branch (right side). If pulling from your own
  fork, don't request your master!
• Make sure you are making a pull request against the master branch (left side). Also, you should start
  your branch off our latest master.
• My change requires a change to the documentation.
  • If you've changed APIs, describe what needs to be updated in the documentation.
• I have updated the documentation accordingly.
• Modules and vendor dependencies have been updated; run go mod tidy && go mod vendor
• I have added tests to cover my changes.
• All new and existing tests passed.
• Check your code additions will not fail linting checks:
  • go fmt -s
  • go vet

Ticket Details

TT-15984

Status	In Code Review
Summary	[Release prep] Tyk Pump 1.13.0

Generated at: 2025-10-23 12:23:12

[probelabs]

🔍 Code Analysis Results

This PR has two main objectives: updating the go-redis dependency to mitigate a CVE and improving the descriptions of configuration options for better clarity.

Files Changed Analysis

The changes are focused and minimal, affecting four files:

• config.go: This file has the most changes. Comments for several configuration options within the PumpConfig and TykPumpConfiguration structs have been rewritten to be more descriptive and user-friendly. For example, the purpose of PurgeDelay and OmitDetailedRecording is now explained in more detail. Additionally, comments related to struct field memory alignment have been removed.
• pumps/mongo_aggregate.go: The comment for the UseMixedCollection field in MongoAggregateConf has been updated to more clearly explain which collections are used when the option is enabled.
• go.mod & go.sum: These files reflect the upgrade of the github.com/redis/go-redis/v9 dependency from version v9.3.1 to v9.7.3.

Architecture & Impact Assessment

• What this PR accomplishes: This PR enhances the project by improving security and maintainability. It addresses a low-severity CVE by updating a dependency and makes the system's configuration easier to understand for developers and operators.
• Key technical changes introduced:
  • Dependency Upgrade: The go-redis library is updated to v9.7.3.
  • Improved Documentation: In-code comments for configuration structs have been significantly improved, serving as documentation-as-code.
• Affected system components:
  • Configuration: The comment changes improve the developer experience but have no impact on the runtime behavior of the application. The removal of struct alignment comments cleans up the code, but removes hints for developers about maintaining performance-optimal struct layouts.
  • Analytics Storage (Redis): The go-redis library is the client used to fetch analytics data from Redis. The update is a minor version bump, which is unlikely to introduce breaking changes and should seamlessly replace the older version while patching the vulnerability. The overall risk to system stability is very low.

A diagram is not necessary as the changes are minor and do not alter the system's architecture or data flow.

Scope Discovery & Context Expansion

The scope of this PR is well-contained.

• The dependency update to go-redis is the only change with a potential, albeit minimal, runtime impact. This library is central to how Tyk Pump retrieves analytics from its temporary Redis store. The minor version change suggests the update is safe and primarily for security patching.
• The comment updates in config.go and pumps/mongo_aggregate.go are purely for documentation and have no functional effect. The impact is localized to these files.

Given the focused nature of the changes, no further exploration of the codebase is required to assess the impact.

Metadata

• Review Effort: 1 / 5
• Primary Label: chore

---

Powered by Visor from Probelabs

Last updated: 2025-10-23T12:26:08.217Z | Triggered by: synchronize | Commit: af2f159

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

🔍 Code Analysis Results

✅ Security Check Passed

No security issues found – changes LGTM.

✅ Architecture Check Passed

No architecture issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

✅ Quality Check Passed

No quality issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2025-10-23T12:26:09.533Z | Triggered by: synchronize | Commit: af2f159

💡 TIP: You can chat with Visor using /visor ask <your question>

[lghiur]

/release to release-1.13

[lghiur]

/release to release-1.13.0

[tykbot]

Working on it! Note that it can take a few minutes.

[tykbot]

Working on it! Note that it can take a few minutes.

[tykbot]

@lghiur Created merge PRs

[tykbot]

@lghiur Created merge PRs