Skip to content
Snippets Groups Projects

chore(deps): update dependency gunicorn to v23 - autoclosed

Closed Renovate Bot requested to merge renovate/gunicorn-23.x into main

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
gunicorn (changelog) ==22.0.0 -> ==23.0.0 age adoption passing confidence

Release Notes

benoitc/gunicorn (gunicorn)

v23.0.0

Compare Source

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:flag_pr:3217, :flag_pr:3089, :flag_pr:3167)
  • worker_class parameter accepts a class (:flag_pr:3079)
  • fix deadlock if request terminated during chunked parsing (:flag_pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:flag_pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:flag_pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:flag_pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:flag_pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:flag_pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:flag_pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:flag_pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:flag_pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:flag_pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:flag_pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135


Configuration

:date: Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Tobias Mieves

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading