Skip to content

build(deps): bump the production-dependencies group across 1 directory with 5 updates #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: staging
Choose a base branch
from
Open

build(deps): bump the production-dependencies group across 1 directory with 5 updates #252

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2026

Bumps the production-dependencies group with 5 updates in the / directory:

Package From To
gunicorn 23.0.0 24.1.1
imap-tools 1.11.0 1.11.1
peewee 3.18.3 3.19.0
phonenumbers 9.0.21 9.0.22
websockets 15.0.1 16.0

Updates gunicorn from 23.0.0 to 24.1.1

Release notes

Sourced from gunicorn's releases.

24.1.1

Bug Fixes

  • Fix forwarded_allow_ips and proxy_allow_ips to remain as strings for backward compatibility with external tools like uvicorn. Network validation now uses strict mode to detect invalid CIDR notation (e.g., 192.168.1.1/24 where host bits are set) (#3458, [PR #3459](benoitc/gunicorn#3459))

Full Changelog: benoitc/gunicorn@24.1.0...24.1.1

Gunicorn 24.1.0

New Features

  • Official Docker Image: Gunicorn now publishes official Docker images to GitHub Container Registry ([PR #3454](benoitc/gunicorn#3454))

    • Available at ghcr.io/benoitc/gunicorn
    • Based on Python 3.12 slim image
    • Uses recommended worker formula (2 × CPU + 1)
    • Configurable via environment variables

  • PROXY Protocol v2 Support: Extended PROXY protocol implementation to support the binary v2 format in addition to the existing text-based v1 format ([PR #3451](benoitc/gunicorn#3451))

    • New --proxy-protocol modes: off, v1, v2, auto
    • auto mode (default when enabled) detects v1 or v2 automatically
    • v2 binary format is more efficient and supports additional metadata
    • Works with HAProxy, AWS NLB/ALB, and other PROXY protocol v2 sources

  • CIDR Network Support: --forwarded-allow-ips and --proxy-allow-from now accept CIDR notation (e.g., 192.168.0.0/16) for specifying trusted networks ([PR #3449](benoitc/gunicorn#3449))

  • Socket Backlog Metric: New gunicorn.socket.backlog gauge metric reports the current socket backlog size on Linux systems ([PR #3450](benoitc/gunicorn#3450))

  • InotifyReloader Enhancement: The inotify-based reloader now watches newly imported modules, not just those loaded at startup ([PR #3447](benoitc/gunicorn#3447))

Bug Fixes

Installation

pip install gunicorn==24.1.0
</tr></table>

... (truncated)

Commits
  • 375e79e release: bump version to 24.1.1
  • ad0c12d docs: add sponsors section to README
  • 70200ee chore: add GitHub Sponsors funding configuration
  • 6841804 docs: remove incorrect PR reference from Docker changelog entry
  • abce0ca docs: add 24.1.1 changelog entry for forwarded_allow_ips fix
  • e9a3f30 fix: keep forwarded_allow_ips as strings for backward compatibility (#3459)
  • d73ff4b docs: update main changelog with 24.1.0
  • 53f2c31 ci: allow docs deploy on workflow_dispatch
  • eab5f0b ci: trigger Docker publish on tags with or without v prefix
  • a20d3fb docs: add Docker image to 24.1.0 changelog
  • Additional commits viewable in compare view

Updates imap-tools from 1.11.0 to 1.11.1

Release notes

Sourced from imap-tools's releases.

v1.11.1

  • Added: __all__ in __init__ module.
  • Improved: typing annotations for mypy
Changelog

Sourced from imap-tools's changelog.

1.11.1

  • Added: all in init module.
  • Improved: typing annotations for mypy
Commits

Updates peewee from 3.18.3 to 3.19.0

Release notes

Sourced from peewee's releases.

3.19.0

  • Move to new build system using pyproject and github actions.
  • No longer build and ship the Sqlite C extensions by default. Users who prefer to use those can install via the sdist pip install peewee --no-binary :all:.

Rationale about the Sqlite C extensions -- I've started shipping pysqlite3 as a statically-linked, self-contained binary wheel. This means that when using Peewee with the statically-linked pysqlite3, you can end up in a funny situation where the peewee Sqlite extensions are linked against the system libsqlite3, and the pysqlite driver has it's own Sqlite embedded, which does not work.

If you are using the system/standard-lib sqlite3 module then the extension works properly, because everything is talking to the same libsqlite3.

Similarly if you built pysqlite3 to link against the system libsqlite3 everything also works correctly, though this is not "wheel-friendly".

So in order to use the C extensions, you can install Peewee from the sdist and do either of the following:

# Use system sqlite and standard-lib `sqlite3` module.
$ pip install peewee --no-binary :all:

OR,


Use pysqlite3 linked against the system sqlite.


$ pip install pysqlite3 peewee --no-binary :all:

I don't believe, besides myself, there were many people using these extensions so hopefully this change is not disruptive! Please let me hear about it if I'm mistaken.

Other small changes:

  • When exporting / "freezing" binary data with the playhouse.dataset JSON serializer, encode binary data as base64.
Changelog

Sourced from peewee's changelog.

3.19.0

  • Move to new build system using pyproject and github actions.
  • No longer build and ship the Sqlite C extensions by default. Users who prefer to use those can install via the sdist pip install peewee --no-binary :all:.

Rationale about the Sqlite C extensions -- I've started shipping pysqlite3 as a statically-linked, self-contained binary wheel. This means that when using Peewee with the statically-linked pysqlite3, you can end up in a funny situation where the peewee Sqlite extensions are linked against the system libsqlite3, and the pysqlite driver has it's own Sqlite embedded, which does not work.

If you are using the system/standard-lib sqlite3 module then the extension works properly, because everything is talking to the same libsqlite3.

Similarly if you built pysqlite3 to link against the system libsqlite3 everything also works correctly, though this is not "wheel-friendly".

So in order to use the C extensions, you can install Peewee from the sdist and do either of the following:

# Use system sqlite and standard-lib `sqlite3` module.
$ pip install peewee --no-binary :all:

OR,


Use pysqlite3 linked against the system sqlite.


$ pip install pysqlite3 peewee --no-binary :all:

I don't believe, besides myself, there were many people using these extensions so hopefully this change is not disruptive! Please let me hear about it if I'm mistaken.

Other small changes:

  • When exporting / "freezing" binary data with the playhouse.dataset JSON serializer, encode binary data as base64.
Commits

Updates phonenumbers from 9.0.21 to 9.0.22

Commits

Updates websockets from 15.0.1 to 16.0

Release notes

Sourced from websockets's releases.

16.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits
  • d4303a5 Release version 16.0.
  • 851bcd7 Bump pypa/cibuildwheel from 3.3.0 to 3.3.1
  • 740c8d3 Temporarily remove the trio implementation.
  • 92ea055 Add missing changelog entry.
  • ba74244 Document bug fix.
  • 9410483 Pin sphinx to avoid error in sphinxcontrib-trio.
  • 8e4d408 Document asyncio's TLS read buffer.
  • cb3500b Stop referring to the asyncio implementation as new.
  • 6563a9c The threading implementation supports max_queue.
  • 9f17e92 Clarify that protocol_mutex protects pending_pings.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the production-dependencies group across 1 director…
508835b 
…y with 5 updates

Bumps the production-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [gunicorn](https://github.com/benoitc/gunicorn) | `23.0.0` | `24.1.1` |
| [imap-tools](https://github.com/ikvk/imap_tools) | `1.11.0` | `1.11.1` |
| [peewee](https://github.com/coleifer/peewee) | `3.18.3` | `3.19.0` |
| [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) | `9.0.21` | `9.0.22` |
| [websockets](https://github.com/python-websockets/websockets) | `15.0.1` | `16.0` |



Updates `gunicorn` from 23.0.0 to 24.1.1
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@23.0.0...24.1.1)

Updates `imap-tools` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/ikvk/imap_tools/releases)
- [Changelog](https://github.com/ikvk/imap_tools/blob/master/docs/release_notes.rst)
- [Commits](ikvk/imap_tools@v1.11.0...v1.11.1)

Updates `peewee` from 3.18.3 to 3.19.0
- [Release notes](https://github.com/coleifer/peewee/releases)
- [Changelog](https://github.com/coleifer/peewee/blob/master/CHANGELOG.md)
- [Commits](coleifer/peewee@3.18.3...3.19.0)

Updates `phonenumbers` from 9.0.21 to 9.0.22
- [Commits](daviddrysdale/python-phonenumbers@v9.0.21...v9.0.22)

Updates `websockets` from 15.0.1 to 16.0
- [Release notes](https://github.com/python-websockets/websockets/releases)
- [Commits](python-websockets/websockets@15.0.1...16.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-version: 24.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: imap-tools
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: peewee
  dependency-version: 3.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: phonenumbers
  dependency-version: 9.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: websockets
  dependency-version: '16.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants