From ba2479b6e4933cd9b4735af02ebd802d48b98c38 Mon Sep 17 00:00:00 2001
From: Leo Hemsted <leohemsted@gmail.com>
Date: Wed, 23 Feb 2022 15:41:32 +0000
Subject: [PATCH] pin gunicorn to git commit; bump eventlet

gunicorn doesn't pin eventlet, but functionally, gunicorn==20.1.0
depends on eventlet<=0.30.2 due to a change in eventlet. Gunicorn have
fixed this compat issue, however, haven't released it. By pinning to a
git commit, we're able to bump eventlet up to 0.33, thus solving a
security advisory. (Note that the security advisory didn't actually
impact us as it only affects websockets, however, it was noisy and
distracting).

Note - pip may have cached the old version of gunicorn. You may need to
run `pip install -r requirements.txt --no-cache-dir` to get the updated
version of gunicorn locally.
---
 requirements.in  | 4 ++--
 requirements.txt | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements.in b/requirements.in
index 9cba7ec2d..a3b9a50ba 100644
--- a/requirements.in
+++ b/requirements.in
@@ -9,8 +9,8 @@ Flask-Migrate==2.7.0
 git+https://github.com/mitsuhiko/flask-sqlalchemy.git@500e732dd1b975a56ab06a46bd1a20a21e682262#egg=Flask-SQLAlchemy==2.3.2.dev20190108
 Flask==1.1.2
 click-datetime==0.2
-eventlet==0.30.2 # pyup: ignore # 0.31 breaks Gunicorn
-gunicorn==20.1.0
+# Should be pinned until a new gunicorn release greater than 20.1.0 comes out. (Due to eventlet v0.33 compatibility issues)
+git+https://github.com/benoitc/gunicorn.git@1299ea9e967a61ae2edebe191082fd169b864c64#egg=gunicorn[eventlet]==20.1.0
 iso8601==0.1.14
 itsdangerous==1.1.0
 jsonschema==3.2.0
diff --git a/requirements.txt b/requirements.txt
index 0b21f21ea..91bfe064b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -67,14 +67,14 @@ click-repl==0.2.0
     # via celery
 colorama==0.4.3
     # via awscli
-dnspython==1.16.0
+dnspython==2.2.0
     # via eventlet
 docopt==0.6.2
     # via notifications-python-client
 docutils==0.15.2
     # via awscli
-eventlet==0.30.2
-    # via -r requirements.in
+eventlet==0.33.0
+    # via gunicorn
 flask==1.1.2
     # via
     #   -r requirements.in
@@ -106,7 +106,7 @@ greenlet==1.1.2
     # via
     #   eventlet
     #   sqlalchemy
-gunicorn==20.1.0
+gunicorn @ git+https://github.com/benoitc/gunicorn.git@1299ea9e967a61ae2edebe191082fd169b864c64
     # via -r requirements.in
 idna==3.3
     # via requests