Bump gunicorn from 25.0.3 to 25.2.0

[dependabot]

Bumps gunicorn from 25.0.3 to 25.2.0.

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.2.0

New Features

• Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers
  • Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'
  • Falls back to Python parser in auto mode if version not met
  • Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

• uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#3552, [PR #3554](benoitc/gunicorn#3554))

• FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. (#3396, [PR #3550](benoitc/gunicorn#3550))

Performance

• ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance
  • Read chunks in 64-byte blocks instead of 1 byte at a time
  • Reuse BytesIO buffers with truncate/seek instead of creating new objects
  • Use bytearray.find() directly instead of converting to bytes first
  • Use index-based iteration for header parsing instead of list.pop(0)

Gunicorn 25.1.0

New Features

• Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon ([PR #3505](benoitc/gunicorn#3505))

  • Unix socket-based communication with JSON protocol
  • Interactive mode with readline support and command history
  • Commands: show all/workers/dirty/config/stats/listeners
  • Worker management: worker add/remove/kill, dirty add/remove
  • Server control: reload, reopen, shutdown
  • New settings: --control-socket, --control-socket-mode, --no-control-socket
  • New CLI tool: gunicornc for connecting to control socket
  • See Control Interface Guide for details

• Dirty Stash: Add global shared state between workers via dirty.stash ([PR #3503](benoitc/gunicorn#3503))

  • In-memory key-value store accessible by all workers
  • Supports get, set, delete, clear, keys, and has operations
  • Useful for sharing state like feature flags, rate limits, or cached data

• Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding ([PR #3500](benoitc/gunicorn#3500))

  • More efficient than JSON for binary data
  • Supports all Python types: str, bytes, int, float, bool, None, list, dict
  • Better performance for large payloads

... (truncated)

Commits

• dcaf2e1 Add 25.2.0 to 2026 changelog
• 6f601a0 Bump version to 25.2.0
• 22443a8 Bump tornado to 6.5.5 in lock file
• cb708b4 Add uwsgi async fix to changelog
• 385a921 Fix uwsgi incomplete header error with async workers (#3554)
• f555180 Add FileWrapper iterator fix to changelog
• f8fca7a fix: add iter and next to FileWrapper for PEP 3333 compliance (#3550)
• 0ad47db Use user-writable default path for control socket (#3551)
• 3667a10 Merge pull request #3549 from benoitc/feature/optional-http-parser
• 3568af1 Skip SIGINT shutdown test on PyPy
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.37%. Comparing base (b10f62d) to head (336ef84).

Additional details and impacted files

@@           Coverage Diff            @@
##           master    #9337    +/-   ##
========================================
  Coverage   82.37%   82.37%            
========================================
  Files         615      615            
  Lines       34991    34991            
  Branches     3331     3244    -87     
========================================
  Hits        28823    28823            
- Misses       5819     6044   +225     
+ Partials      349      124   -225     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

Superseded by #9350.