chore(deps): update dependency gunicorn to v22 (#7)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [gunicorn](https://github.com/benoitc/gunicorn) ([changelog](https://docs.gunicorn.org/en/stable/news.html)) | major | `==21.2.0` -> `==22.0.0` |

---

### Release Notes

<details>
<summary>benoitc/gunicorn (gunicorn)</summary>

### [`v22.0.0`](https://github.com/benoitc/gunicorn/releases/tag/22.0.0): Gunicorn 22.0 has been released

[Compare Source](https://github.com/benoitc/gunicorn/compare/21.2.0...22.0.0)

**Gunicorn 22.0.0 has been released.** This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

    22.0.0 - 2024-04-17
    ===================

    - use `utime` to notify workers liveness
    - migrate setup to pyproject.toml
    - fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    - parsing additional requests is no longer attempted past unsupported request framing
    - on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    - requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    - Trailer fields are no longer inspected for headers indicating secure scheme
    - support Python 3.12

    ** Breaking changes **

    - minimum version is Python 3.7
    - the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    - requests specifying unsupported transfer coding (order) are refused by default (rare)
    - HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    - HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    - HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    - HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    - HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    - HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    - requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    - empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

    ** SECURITY **

    - fix CVE-2024-1135

1.  Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
2.  Packages: https://pypi.org/project/gunicorn/

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMDAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjMwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Reviewed-on: #7
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
This commit is contained in:
Renovate Bot 2024-04-17 11:45:58 +02:00 committed by Michael Grote
parent a9b40d7474
commit f758ec9d2a

View file

@ -1,5 +1,5 @@
Flask==3.0.3
Flask-Cors==4.0.0
gunicorn==21.2.0
gunicorn==22.0.0
requests==2.31.0
flasgger==0.9.7.1