flo/gaehsnitz
1
0
Fork 0
Code Issues 1 Pull Requests 4 Projects Releases Wiki Activity

Update dependency gunicorn to v25.3.0 #21

Merged
flo merged 1 commits from renovate/gunicorn-25.x into main 2026-03-30 17:18:03 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
flo commented 2026-03-25 07:01:09 +00:00
Owner
Copy Link

This PR contains the following updates:

Package Change Age Confidence
gunicorn (changelog) ==25.1.0 -> ==25.3.0 age confidence

Release Notes

benoitc/gunicorn (gunicorn)

v25.3.0: Gunicorn 25.3.0

Compare Source

Bug Fixes

  • HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2
    ASGI requests, causing JSON parsing errors with "Extra data" messages
    (#​3558)

  • ASGI Chunked EOF Handling: Add finish() method to callback parser to handle
    chunked encoding edge case where connection closes before final CRLF after zero-chunk

  • HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string
    instead of list syntax (#​3561)

  • Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112
    (#​3556)

  • Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented,
    instead of using default maximum. Works with both Python and fast C parser.
    (#​3563)

Security

  • ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
    • Reject duplicate Content-Length headers
    • Reject requests with both Content-Length and Transfer-Encoding
    • Reject chunked transfer encoding in HTTP/1.0
    • Reject stacked chunked encoding
    • Validate Transfer-Encoding values
    • Strict chunk size validation

Changes

  • Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property
    and InvalidChunkExtension validation for bare CR rejection

  • ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

  • Docker Images: Update to Python 3.14

v25.2.0: Gunicorn 25.2.0

Compare Source

New Features
  • Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers
    • Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'
    • Falls back to Python parser in auto mode if version not met
    • Proper HTTP status codes for limit errors (414, 431)
Bug Fixes

  • uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#​3552, PR #​3554)

  • FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. (#​3396, PR #​3550)

Performance
  • ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance
    • Callback-based parsing with direct bytearray buffer operations
    • Use bytearray.find() directly instead of converting to bytes first
    • Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs O(n))

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [gunicorn](https://github.com/benoitc/gunicorn) ([changelog](https://gunicorn.org/news/)) | `==25.1.0` -> `==25.3.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/gunicorn/25.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/gunicorn/25.1.0/25.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>benoitc/gunicorn (gunicorn)</summary> ### [`v25.3.0`](https://github.com/benoitc/gunicorn/releases/tag/25.3.0): Gunicorn 25.3.0 [Compare Source](https://github.com/benoitc/gunicorn/compare/25.2.0...25.3.0) #### Bug Fixes - **HTTP/2 ASGI Body Duplication**: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages ([#&#8203;3558](https://github.com/benoitc/gunicorn/issues/3558)) - **ASGI Chunked EOF Handling**: Add `finish()` method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk - **HTTP/2 Documentation**: Fix `http_protocols` examples to use comma-separated string instead of list syntax ([#&#8203;3561](https://github.com/benoitc/gunicorn/issues/3561)) - **Chunked Encoding**: Reject chunk extensions containing bare CR bytes per RFC 9112 ([#&#8203;3556](https://github.com/benoitc/gunicorn/discussions/3556)) - **Request Line Limit**: Fix `--limit-request-line 0` to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. ([#&#8203;3563](https://github.com/benoitc/gunicorn/issues/3563)) #### Security - **ASGI Parser Header Validation**: Add security checks per RFC 9110/9112: - Reject duplicate Content-Length headers - Reject requests with both Content-Length and Transfer-Encoding - Reject chunked transfer encoding in HTTP/1.0 - Reject stacked chunked encoding - Validate Transfer-Encoding values - Strict chunk size validation #### Changes - **Fast HTTP Parser**: Update to gunicorn\_h1c >= 0.6.3 for `asgi_headers` property and `InvalidChunkExtension` validation for bare CR rejection - **ASGI PROXY Protocol**: Add PROXY protocol v1/v2 support to callback parser - **Docker Images**: Update to Python 3.14 ### [`v25.2.0`](https://github.com/benoitc/gunicorn/releases/tag/25.2.0): Gunicorn 25.2.0 [Compare Source](https://github.com/benoitc/gunicorn/compare/25.1.0...25.2.0) ##### New Features - **Fast HTTP Parser (gunicorn\_h1c 0.4.1)**: Integrate new exception types and limit parameters from gunicorn\_h1c 0.4.1 for both WSGI and ASGI workers - Requires gunicorn\_h1c >= 0.4.1 for `http_parser='fast'` - Falls back to Python parser in `auto` mode if version not met - Proper HTTP status codes for limit errors (414, 431) ##### Bug Fixes - **uWSGI Async Workers**: Fix `InvalidUWSGIHeader: incomplete header` error when using gevent or gthread workers with uwsgi protocol behind nginx. ([#&#8203;3552](https://github.com/benoitc/gunicorn/issues/3552), [PR #&#8203;3554](https://github.com/benoitc/gunicorn/pull/3554)) - **FileWrapper Iterator Protocol**: Add `__iter__` and `__next__` methods to `FileWrapper` for full PEP 3333 compliance. ([#&#8203;3396](https://github.com/benoitc/gunicorn/issues/3396), [PR #&#8203;3550](https://github.com/benoitc/gunicorn/pull/3550)) ##### Performance - **ASGI HTTP Parser Optimizations**: Improve ASGI worker HTTP parsing performance - Callback-based parsing with direct `bytearray` buffer operations - Use `bytearray.find()` directly instead of converting to bytes first - Use index-based iteration for header parsing instead of `list.pop(0)` (O(1) vs O(n)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMy4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
flo added 1 commit 2026-03-25 07:01:10 +00:00
Update dependency gunicorn to v25.2.0 5fee3f0fa1
flo force-pushed renovate/gunicorn-25.x from 5fee3f0fa1 to d8ceb6af8e 2026-03-27 07:01:08 +00:00 Compare
flo changed title from Update dependency gunicorn to v25.2.0 to Update dependency gunicorn to v25.3.0 2026-03-27 07:01:09 +00:00
flo merged commit b3be4c6be1 into main 2026-03-30 17:18:03 +00:00
flo deleted branch renovate/gunicorn-25.x 2026-03-30 17:18:03 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
flo
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: flo/gaehsnitz#21
Delete Branch "renovate/gunicorn-25.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?