Skip to content

Bump eventlet from 0.30.2 to 0.31.0 #5257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 9 commits into from
Closed

Bump eventlet from 0.30.2 to 0.31.0 #5257

dependabot wants to merge 9 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 8, 2021
edited
Loading

Bumps eventlet from 0.30.2 to 0.31.0.

Changelog

Sourced from eventlet's changelog.

0.31.0

0.30.3

  • wsgi: websocket ALREADY_HANDLED flag on corolocal
  • green.ssl: Set suppress_ragged_eofs default based on SSLSocket defaults
  • greenio: socket.connect_ex returned None instead of 0 on success
  • Use _imp instead of deprecated imp
Commits
  • f717f38 v0.31.0 release
  • 1412f5e websocket: Limit maximum uncompressed frame length to 8MiB
  • b0be94e v0.30.3 release
  • df0bc00 wsgi: websocket ALREADY_HANDLED flag on corolocal
  • 377b4fb green.ssl: Set suppress_ragged_eofs default based on SSLSocket defaults
  • 71b76bf Security Policy
  • 50441fc greenio: socket.connect_ex returned None instead of 0 on success
  • e16fcab Use _imp instead of deprecated imp
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@pull-request-size pull-request-size bot added the size/S PR that changes 10-29 lines. Very easy to review. label May 8, 2021
@dependabot dependabot bot force-pushed the dependabot/pip/eventlet-0.31.0 branch from 690cef7 to e7b729f Compare May 20, 2021 22:45
@dependabot dependabot bot force-pushed the dependabot/pip/eventlet-0.31.0 branch from e7b729f to f34257a Compare June 17, 2021 20:14
@dependabot dependabot bot force-pushed the dependabot/pip/eventlet-0.31.0 branch from f34257a to c2a6f6f Compare July 17, 2021 11:33
@arm4b arm4b added this to the 3.6.0 milestone Aug 11, 2021
@StackStorm StackStorm deleted a comment from CLAassistant Aug 11, 2021
@arm4b
Copy link
Member

arm4b commented Aug 11, 2021
edited
Loading

Based on history, we tried to update the eventlet before here: #5255 (comment) by @Kami

However, because of the breaking change, it fails the build in guinicorn which relies on specific eventlet functionality.

Per eventlet/eventlet#702 (comment), the proper fix in gunicorn was merged, but the new version wasn't released yet.

So the current status is that we're waiting for the guinicorn version to be released here: https://github.com/benoitc/gunicorn/releases (newer than 20.1.0) and so we can update both eventlent + gunicorn in this PR to merge it.

This was referenced Aug 11, 2021
Merged
Draft
This was referenced Aug 19, 2021
Closed
Closed
Closed
@CLAassistant
Copy link

CLAassistant commented Aug 29, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

@amanda11
Copy link
Contributor

amanda11 commented Sep 7, 2021

Update on gunicorn 7 days ago, saying new release would be out this week: benoitc/gunicorn#2638

@arm4b
Copy link
Member

arm4b commented Oct 1, 2021

Looks like benoitc/gunicorn#2638 is still unreleased.

@amanda11
Copy link
Contributor

amanda11 commented Oct 1, 2021

@armab Shall we move this to 3.7.0?

@cognifloyd cognifloyd modified the milestones: 3.6.0, 3.7.0 Oct 2, 2021
@cognifloyd
Copy link
Member

cognifloyd commented Oct 2, 2021

Yeah. 1 week has become 1 month, and they have only merged 1 PR in that time. That PR has nothing to do with the release (afaict), so who knows when it will happen. I moved this to 3.7.0

@amanda11
Copy link
Contributor

amanda11 commented Mar 4, 2022

No new release - latest is still 20.1.0 - but project still active. 6 open issues in the next release plan - https://github.com/benoitc/gunicorn/milestone/20.

@arm4b arm4b modified the milestones: 3.7.0, 3.8.0 Mar 5, 2022
@arm4b
Copy link
Member

arm4b commented Mar 5, 2022

Thanks for checking!
We have no choice, but to move the issue to the next v3.8.0 and keep track of it.

@cognifloyd cognifloyd mentioned this pull request Apr 2, 2022
Merged
@nzlosh
Copy link
Contributor

nzlosh commented Sep 14, 2022

More than 1 year later and still no gunicorn 21 release. Eventlet is now at 0.33.0 which makes this PR obsolete.

@nzlosh
Copy link
Contributor

nzlosh commented Sep 14, 2022

What are peoples opinion on the idea of forking gunicorn and building v3.8 from our forked repo that includes that patch we need to move past eventlet 0.30.2?

@cognifloyd
Copy link
Member

cognifloyd commented Sep 14, 2022

I think it is on their master branch, so let's try targeting a git commit and avoid actually forking it.

They keep saying something about some CI infrastructure change, but they have not expounded. And there's no movement on releasing. So I don't see what else we can do.

@nzlosh
Copy link
Contributor

nzlosh commented Sep 15, 2022

OK, we'll start without forking and see if we encounter other issues related to gunicron that require us to accumulate patches in a forked repo.

@pull-request-size pull-request-size bot added size/M PR that changes 30-99 lines. Good size to review. and removed size/S PR that changes 10-29 lines. Very easy to review. labels Sep 15, 2022
@nzlosh nzlosh force-pushed the dependabot/pip/eventlet-0.31.0 branch from ba47e50 to bdc6e5e Compare September 15, 2022 15:07
cognifloyd
cognifloyd reviewed Sep 15, 2022
View reviewed changes
Copy link
Member

@cognifloyd cognifloyd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to use PEP 440 style requirements instead of the legacy pop format (the #egg= format) because pants does not support the legacy pip format.

See #5673 where I changed all the other git requirements to PEP 440 urls.

@amanda11 amanda11 mentioned this pull request Dec 8, 2022
Closed
@rush-skills rush-skills modified the milestones: 3.8.0, 3.9.0 Dec 14, 2022
@cognifloyd
Copy link
Member

cognifloyd commented Sep 3, 2023

gunicorn 21 was released in July

@jk464 jk464 mentioned this pull request Nov 6, 2023
Merged
@jk464
Copy link
Contributor

jk464 commented Nov 27, 2023

#6061 bumped eventlet to 0.33.3 - so I think this PR can be abandon as its been superseded now?

@arm4b
Copy link
Member

arm4b commented Nov 27, 2023

Thanks @jk464 for bumping this thread.
Closing.

@arm4b arm4b closed this Nov 27, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 27, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@arm4b arm4b deleted the dependabot/pip/eventlet-0.31.0 branch November 27, 2023 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cognifloyd cognifloyd cognifloyd left review comments

Assignees

No one assigned

Labels

bug external dependency security size/M PR that changes 30-99 lines. Good size to review.

Projects

No open projects
StackStorm v3.8.0
Status: Done

Milestone

3.9.0

Development

Successfully merging this pull request may close these issues.

8 participants

@arm4b @CLAassistant @amanda11 @cognifloyd @nzlosh @jk464 @rush-skills