pin gunicorn to git commit; bump eventlet

gunicorn doesn't pin eventlet, but functionally, gunicorn==20.1.0 depends on eventlet<=0.30.2 due to a change in eventlet. Gunicorn have fixed this compat issue, however, haven't released it. By pinning to a git commit, we're able to bump eventlet up to 0.33, thus solving a security advisory. (Note that the security advisory didn't actually impact us as it only affects websockets, however, it was noisy and distracting). Note - pip may have cached the old version of gunicorn. You may need to run `pip install -r requirements.txt --no-cache-dir` to get the updated version of gunicorn locally.
2026-02-04 10:21:14 -05:00 · 2022-02-23 15:41:32 +00:00
parent 4b4122a773
commit ba2479b6e4
2 changed files with 6 additions and 6 deletions
--- a/requirements.txt
+++ b/requirements.txt
@@ -67,14 +67,14 @@ click-repl==0.2.0
    # via celery
 colorama==0.4.3
    # via awscli
-dnspython==1.16.0
+dnspython==2.2.0
    # via eventlet
 docopt==0.6.2
    # via notifications-python-client
 docutils==0.15.2
    # via awscli
-eventlet==0.30.2
-    # via -r requirements.in
+eventlet==0.33.0
+    # via gunicorn
 flask==1.1.2
    # via
    #   -r requirements.in
@@ -106,7 +106,7 @@ greenlet==1.1.2
    # via
    #   eventlet
    #   sqlalchemy
-gunicorn==20.1.0
+gunicorn @ git+https://github.com/benoitc/gunicorn.git@1299ea9e967a61ae2edebe191082fd169b864c64
    # via -r requirements.in
 idna==3.3
    # via requests