chore(deps): update dependency gunicorn to v23 #1590
Conversation
![code-review-assist[bot]](https://avatars.githubusercontent.com/in/1008254?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hi team,
I'm currently reviewing this pull request and will have a full review ready in a few minutes. In the meantime, here's a quick summary to get everyone up to speed:
This pull request, submitted by Renovate Bot, updates the gunicorn dependency across the project from version 22.0.0 to 23.0.0. The primary intent is to keep our dependencies current, leveraging the latest bug fixes and improvements offered in the newer version. The changelog highlights several bug fixes, including improvements to HTTP 1.1 support and addressing a potential deadlock issue. There are also some breaking changes noted, so careful review of those is recommended.
The key change is reflected in the requirements.txt file within the gemini/sample-apps/gemini-mesop-cloudrun directory. Specifically, line 3 of this file has been updated to reflect the new version:
- gunicorn==22.0.0
+ gunicorn==23.0.0
I'll be checking for any potential conflicts or regressions introduced by this update in my full review.
A little poem for your enjoyment:
Dependency's call,
Version numbers rise and fall,
Update, keep it safe.
Best,
Gemini
|
Gemini encountered an error creating the review. You can try again by commenting |
There was a problem hiding this comment.
Hi team,
I'm currently reviewing this pull request and will have a full review up in a few minutes. In the meantime, here's a quick summary for you and other reviewers to get up to speed:
This pull request, submitted by Renovate Bot, updates the gunicorn dependency across the project from version 22.0.0 to 23.0.0. The primary intent is to keep our dependencies current, leveraging the latest bug fixes and improvements offered in the newer version. The gunicorn 23.0.0 release includes several bug fixes, improved HTTP 1.1 support, and some breaking changes related to request validation (rejecting requests with empty URIs or invalid characters in headers). These changes enhance security and stability.
The key change is reflected in the requirements.txt file within the gemini/sample-apps/gemini-mesop-cloudrun directory. Specifically, line 3 of this file has been updated to reflect the new version:
- gunicorn==22.0.0
+ gunicorn==23.0.0
It's important to note that the release notes mention some breaking changes, so ensure your application is compatible with these updates. Pay close attention to the notes regarding forwarded-allow-ips and forwarder-headers if you are using those configurations.
Now for a little fun:
A simple change,
Quick update, clean and bright,
Code's future shines.
Let me know if you have any questions.
Best,
Gemini
|
Gemini encountered an error creating the review. You can try again by commenting |
There was a problem hiding this comment.
Hi team,
I'm currently reviewing this pull request and will have a full review for you in a few minutes. In the meantime, here's a quick summary to get everyone up to speed:
This pull request, submitted by Renovate Bot, updates the gunicorn dependency across the project from version 22.0.0 to 23.0.0. The primary intent is to keep our dependencies current, leveraging the latest bug fixes and improvements. The changelog highlights several improvements, including enhanced HTTP 1.1 support, deadlock fixes, and improved handling of various header encodings. There are also some noted breaking changes, so careful review of those is recommended.
The key change is reflected in the requirements.txt file within the gemini/sample-apps/gemini-mesop-cloudrun directory. Specifically, line 3 of this file has been modified to reflect the updated version number:
- gunicorn==22.0.0
+ gunicorn==23.0.0
I'll be checking for any potential conflicts or regressions introduced by this update in my full review.
A little poem to brighten your day:
Update the code,
Fix the bugs, make it shine,
Fresh version's delight.
Best,
Gemini
There was a problem hiding this comment.
This pull request updates the gunicorn dependency to version 23.0.0. It's good practice to keep dependencies up-to-date, and the changelog indicates improvements to HTTP 1.1 support and security fixes, including a CVE patch. Before merging, it's recommended to test the application thoroughly to ensure compatibility with the new version and that no regressions have been introduced.
The provided release notes are helpful, and the PR description is well-formatted thanks to Renovate. I've added the breaking changes from this version upgrade to the README file to inform users of potential impacts. I also added a note to the instructions in the README file to pin gunicorn to a major version to avoid unexpected breaking changes in the future.
This PR contains the following updates:
==22.0.0->==23.0.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
benoitc/gunicorn (gunicorn)
v23.0.0Compare Source
Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety
You're invited to upgrade asap your own installation.
23.0.0 - 2024-08-10
3217, :pr:3089, :pr:3167)3079)2688)3261)3261)3257)TypeError(:pr:2336)3258)3192)[::1]in default for :ref:forwarded-allow-ipsand :ref:proxy-allow-ips(:pr:3192)** NOTE **
forwarded-allow-ipssetting if you are still not seeing the SCRIPT_NAME transmittedforwarder-headerssetting if you are missing headers after upgrading from a version prior to 22.0.0** Breaking changes **
3255)3253)--tolerate-dangerous-framingswitch from 22.0 (:pr:3260)Fix CVE-2024-1135
Configuration
📅 Schedule: Branch creation - "* * 1 */3 *" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled because a matching PR was automerged previously.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.