container-images/python-api-server
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Activity Actions

chore(deps): update dependency gunicorn to v23 #37

Merged
mg merged 1 commit from renovate/gunicorn-23.x into master 2024-08-12 23:56:49 +02:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate commented 2024-08-12 10:31:40 +02:00
Collaborator
Copy link

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
gunicorn (changelog) ==22.0.0 -> ==23.0.0 age adoption passing confidence

Release Notes

benoitc/gunicorn (gunicorn)

v23.0.0

Compare Source

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [gunicorn](https://github.com/benoitc/gunicorn) ([changelog](https://docs.gunicorn.org/en/stable/news.html)) | `==22.0.0` -> `==23.0.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/gunicorn/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/gunicorn/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/gunicorn/22.0.0/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/gunicorn/22.0.0/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>benoitc/gunicorn (gunicorn)</summary> ### [`v23.0.0`](https://github.com/benoitc/gunicorn/releases/tag/23.0.0) [Compare Source](https://github.com/benoitc/gunicorn/compare/22.0.0...23.0.0) Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety You're invited to upgrade asap your own installation. # 23.0.0 - 2024-08-10 - minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`) - worker_class parameter accepts a class (:pr:`3079`) - fix deadlock if request terminated during chunked parsing (:pr:`2688`) - permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`) - permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`) - sdist generation now explicitly excludes sphinx build folder (:pr:`3257`) - decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`) - raise correct Exception when encounting invalid chunked requests (:pr:`3258`) - the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`) - include IPv6 loopback address `[::1]` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`) \*\* NOTE \*\* - The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release - Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted - Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0 \*\* Breaking changes \*\* - refuse requests where the uri field is empty (:pr:`3255`) - refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`) - remove temporary `--tolerate-dangerous-framing` switch from 22.0 (:pr:`3260`) - If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies. Fix CVE-2024-1135 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMy4xIiwidXBkYXRlZEluVmVyIjoiMzguMjMuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
renovate added 1 commit 2024-08-12 10:31:40 +02:00
chore(deps): update dependency gunicorn to v23
Some checks failed
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/push/build Pipeline failed
Details
ci/woodpecker/pr/build Pipeline was successful
Details
ci/woodpecker/pull_request_closed/lint Pipeline was successful
Details
ci/woodpecker/pull_request_closed/build Pipeline was successful
Details
7bebf6df87
mg merged commit 97052bbe45 into master 2024-08-12 23:56:49 +02:00
mg deleted branch renovate/gunicorn-23.x 2024-08-12 23:56:52 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: container-images/python-api-server#37
No description provided.
Delete branch "renovate/gunicorn-23.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?