Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump gunicorn from 22.0.0 to 23.0.0 #3086

Open
wants to merge 38 commits into
base: dev
Choose a base branch
from
Open

Bump gunicorn from 22.0.0 to 23.0.0 #3086

wants to merge 38 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 22, 2025
edited
Loading

Bumps gunicorn from 22.0.0 to 23.0.0.

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT_NAME=/subfolder
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

ABrain7710 and others added 30 commits March 8, 2025 14:08
@ABrain7710
fix pr events uniqueness
247b3bf
@ABrain7710
update revision number
4ed1a26
@ABrain7710
incrementally update database
cff1bdc
@ABrain7710
add index log
025192b
@ABrain7710
only print if there are rows that need updated
e00d172
@sgoggins
Update README.md
53748c4 
Signed-off-by: Sean P. Goggins <outdoors@acm.org>
@sgoggins
Update metadata.py
e67cf0c 
Signed-off-by: Sean P. Goggins <outdoors@acm.org>
@sgoggins
Merge pull request #3046 from chaoss/events-fix
65e08c9 
Events fix for Augur instance anomalies (One instance with an issue. We think this fixes that, and provides a more performant index going forward).
@MoralCode
remove podman compose
1b4b6cd 
it seems to be broken and not kept up to date with the docker compose file

Signed-off-by: Adrian Edwards <adrian@adriancedwards.com>
@MoralCode
Delete Vagrantfile
2b5981c 
Signed-off-by: Adrian Edwards <adrian@adriancedwards.com>
@sgoggins
Update gsoc-ideas.md
3ae2c20 
Signed-off-by: Sean P. Goggins <outdoors@acm.org>
@sgoggins
Update gsoc-ideas.md
7deb0f1 
Signed-off-by: Sean P. Goggins <outdoors@acm.org>
@MoralCode
add flower section to the docker compose
d8d40a2 
Signed-off-by: Adrian Edwards <adrian@adriancedwards.com>
@sgoggins
Update CONTRIBUTING.md
a96b838 
Signed-off-by: Sean P. Goggins <outdoors@acm.org>
@sgoggins
fixing install-dev command by removal
b475105 
Signed-off-by: Sean P. Goggins <s@goggins.com>
@sgoggins
Merge pull request #3066 from MoralCode/flower-compose
3a26e54 
add flower section to the docker compose
@sgoggins
Merge pull request #3060 from MoralCode/dedupe-compose
4dbc908 
remove duplicate compose file
@sgoggins
Merge pull request #3061 from MoralCode/remove-vagrant
661f03e 
Remove Vagrantfile
@IsaacMilarky
log stderr in called process for facade commit count
64cc5e1 
Signed-off-by: Isaac Milarsky <imilarsky@gmail.com>
@ABrain7710
stop using keys once they have 100 requests remaining
f4dad21
@ABrain7710
set to 50
192f87d
@MoralCode
adjust path that scc gets copied to
73a4c6a 
Signed-off-by: Adrian Edwards <adrian@adriancedwards.com>
@sgoggins
Merge pull request #3070 from chaoss/log-facade-git-128
9792586 
log stderr in called process for facade commit count
@sgoggins
Merge pull request #3071 from chaoss/leave-room-on-keys
99c73c1 
Leave room on github api key rate limit
@sgoggins
Merge pull request #3068 from chaoss/docs-patch-spg-1
230925e 
fixing install-dev command by removal
@sgoggins
Merge pull request #3067 from chaoss/sgoggins-patch-2-contributing.doc
84ac28d 
Update CONTRIBUTING.md
@sgoggins
Merge pull request #3055 from MoralCode/patch-3053
a234b9f 
adjust path that scc gets copied to
@sgoggins
version update
a414ab1 
Signed-off-by: Sean P. Goggins <s@goggins.com>
@sgoggins
Merge pull request #3074 from chaoss/version0.85.3
0b829bb 
version update
fix syntax error
a71fde9 
Signed-off-by: Marcel Beyer <marcel.beyer@disqu.de>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 22, 2025
@dependabot dependabot bot requested a review from sgoggins as a code owner March 22, 2025 03:24
cdolfi and others added 7 commits March 26, 2025 19:01
@cdolfi
docker simplification and version upgrade
5e1fa51
@JohnStrunk
Rework CI container builds
ec1f374 
- Move from custom scripting to re-usable actions
- Add workflow_dispatch so build can be triggered manually

Signed-off-by: John Strunk <jstrunk@redhat.com>
@cdolfi
update version and compose
f0b8def
@cdolfi
Merge pull request #3094 from cdolfi/docker_mac_fix
8dcc0bf 
update version and compose
@sgoggins
Merge pull request #3093 from JohnStrunk/action-docker-build
648ce67 
Rework CI container builds
@sgoggins
Merge pull request #3095 from chaoss/docker_mac_fix
31ea276 
Docker mac fix
- tested on OSX
- tested on Ubuntu 22.x
@dependabot
Bump gunicorn from 22.0.0 to 23.0.0
3629c7e 
Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 22.0.0 to 23.0.0.
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@22.0.0...23.0.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/gunicorn-23.0.0 branch from 5c50bab to 3629c7e Compare April 1, 2025 14:15
@sgoggins sgoggins changed the base branch from main to dev April 1, 2025 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgoggins sgoggins Awaiting requested review from sgoggins sgoggins is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ABrain7710 @sgoggins @MoralCode @IsaacMilarky @cdolfi @JohnStrunk