From 97052bbe45553e61824b91ec6ddc188dc9e469d1 Mon Sep 17 00:00:00 2001
From: Renovate Bot
Date: Mon, 12 Aug 2024 23:56:49 +0200
Subject: chore(deps): update dependency gunicorn to v23 (#37)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [gunicorn](https://github.com/benoitc/gunicorn) ([changelog](https://docs.gunicorn.org/en/stable/news.html)) | `==22.0.0` -> `==23.0.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Release Notes
benoitc/gunicorn (gunicorn)
### [`v23.0.0`](https://github.com/benoitc/gunicorn/releases/tag/23.0.0)
[Compare Source](https://github.com/benoitc/gunicorn/compare/22.0.0...23.0.0)
Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety
You're invited to upgrade asap your own installation.
# 23.0.0 - 2024-08-10
- minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`)
- worker_class parameter accepts a class (:pr:`3079`)
- fix deadlock if request terminated during chunked parsing (:pr:`2688`)
- permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`)
- permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`)
- sdist generation now explicitly excludes sphinx build folder (:pr:`3257`)
- decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`)
- raise correct Exception when encounting invalid chunked requests (:pr:`3258`)
- the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`)
- include IPv6 loopback address `[::1]` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`)
\*\* NOTE \*\*
- The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
- Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted
- Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0
\*\* Breaking changes \*\*
- refuse requests where the uri field is empty (:pr:`3255`)
- refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`)
- remove temporary `--tolerate-dangerous-framing` switch from 22.0 (:pr:`3260`)
- If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.
Fix CVE-2024-1135
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Reviewed-on: https://git.mgrote.net/container-images/python-api-server/pulls/37
Co-authored-by: Renovate Bot
Co-committed-by: Renovate Bot
---
requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'requirements.txt')
diff --git a/requirements.txt b/requirements.txt
index ec18d55..a4b3ea9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
Flask==3.0.3
Flask-Cors==4.0.1
-gunicorn==22.0.0
+gunicorn==23.0.0
requests==2.32.3
flasgger==0.9.7.1
--
cgit v1.2.3