chore(deps): update dependency gunicorn to v23 - autoclosed
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
gunicorn (changelog) |
==22.0.0 -> ==23.0.0
|
Release Notes
benoitc/gunicorn (gunicorn)
v23.0.0
Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety
You're invited to upgrade asap your own installation.
23.0.0 - 2024-08-10
- minor docs fixes (
3217
,3089
,3167
) - worker_class parameter accepts a class (
3079
) - fix deadlock if request terminated during chunked parsing (
2688
) - permit receiving Transfer-Encodings: compress, deflate, gzip (
3261
) - permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (
3261
) - sdist generation now explicitly excludes sphinx build folder (
3257
) - decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising
TypeError
(2336
) - raise correct Exception when encounting invalid chunked requests (
3258
) - the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (
3192
) - include IPv6 loopback address
[::1]
in default for :ref:forwarded-allow-ips
and :ref:proxy-allow-ips
(3192
)
** NOTE **
- The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
- Review your :ref:
forwarded-allow-ips
setting if you are still not seeing the SCRIPT_NAME transmitted - Review your :ref:
forwarder-headers
setting if you are missing headers after upgrading from a version prior to 22.0.0
** Breaking changes **
- refuse requests where the uri field is empty (
3255
) - refuse requests with invalid CR/LR/NUL in heade field values (
3253
) - remove temporary
--tolerate-dangerous-framing
switch from 22.0 (3260
) - If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.
Fix CVE-2024-1135
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by Tobias Mieves
Merge request reports
Activity
Filter activity
added dependencies label
requested review from @tobiasff3200
mentioned in issue #3
Please register or sign in to reply