build(deps): bump gunicorn from 22.0.0 to 25.3.0#18
Conversation
dependabot
Bot
added
the
dependencies
PR SummaryLow Risk Overview Reviewed by Cursor Bugbot for commit 3f494bf. Bugbot is set up for automated code reviews on this repo. Configure here. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 77e66a6. Configure here.
| Flask-Limiter==3.8.0 | ||
| twilio==9.2.4 | ||
| gunicorn==22.0.0 | ||
| gunicorn==25.3.0 |
There was a problem hiding this comment.
Lock files not updated, CI will fail
Medium Severity
requirements.txt bumps gunicorn to 25.3.0 but both requirements.lock and requirements-dev.lock still pin gunicorn==22.0.0. The CI workflow checks that lock files are updated whenever requirements.txt changes and will exit 1 if they diverge. Even if merged, CI installs from requirements-dev.lock, so the upgrade would have no effect in practice — production would still run gunicorn 22.0.0.
Reviewed by Cursor Bugbot for commit 77e66a6. Configure here.
Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 22.0.0 to 25.3.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@22.0.0...25.3.0) --- updated-dependencies: - dependency-name: gunicorn dependency-version: 25.3.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/pip/gunicorn-25.3.0
branch
from
77e66a6 to
3f494bf
Compare
Consolidates four Dependabot major-bump PRs. Each was individually reviewed against actual usage in the codebase and found low-risk: #13 flask-limiter 3.8.0 -> 4.1.1 Only uses Limiter(key_func=..., default_limits=...) and get_remote_address — both stable across 3.x -> 4.x. Smoke-tested orbit_agent.sms_server import: OK. #15 pre-commit 3.8.0 -> 4.6.0 Requires Python >=3.9; our matrix is 3.11/3.12. Config schema in .pre-commit-config.yaml is compatible as-is. #16 rich 13.7.1 -> 15.0.0 Only uses rich.console.Console and rich.table.Table in orbit_agent/cli.py — both stable. #18 gunicorn 22.0.0 -> 25.3.0 Used only via README's CLI example; no Python imports. Also syncs .pre-commit-config.yaml hook revs to match the repo's own pinned tool versions: black: 24.8.0 -> 26.3.1 ruff: 0.6.3 -> 0.15.11 Previously the hooks installed older black/ruff than the repo uses, which could produce different formatting locally vs in CI. Verified on Python 3.12: - pytest -q: 16/16 pass - ruff check .: clean - black --check .: clean - orbit_agent.sms_server imports cleanly with Flask-Limiter 4.x The 4 corresponding Dependabot PRs (#13, #15, #16, #18) will close automatically once this merges. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Superseded by #21 (deps: batched major-version updates). All four majors are now on main; this PR is redundant. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps gunicorn from 22.0.0 to 25.3.0.
Release notes
Sourced from gunicorn's releases.
... (truncated)
Commits
9bce72cUpdate changelog with missing 25.3.0 changes2a15fdbFix pylint isinstance-second-argument-not-valid-type warning8d08aaaFix --limit-request-line 0 to mean unlimitedd40a374Fix pytest-asyncio configuration and treq_asgi hex escapesda8bd48Remove unused AsyncRequest classb00f125Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension supportbdb2ebdReject chunk extensions with bare CR bytes (RFC 9112)7057fc9Fix http_protocols documentation to use string syntaxd43acb8Update to gunicorn_h1c >= 0.6.2 for asgi_headers supportcbd27e8Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication