chore(deps): update dependency gunicorn to v20

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
gunicorn (changelog)	major	==19.7.1 -> ==20.0.1

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
High	7.4	CVE-2024-1135

---

Release Notes

benoitc/gunicorn (gunicorn)

v20.0.1

Compare Source

v20.0.0: 20.0

Compare Source

• Fixed fdopen RuntimeWarning in Python 3.8
• Added check and exception for str type on value in Response process_headers method.
• Ensure WSGI header value is string before conducting regex search on it.
• Added pypy3 to list of tested environments
• Grouped StopIteration and KeyboardInterrupt exceptions with same body together in Arbiter.run()
• Added setproctitle module to extras_require in setup.py
• Avoid unnecessary chown of temporary files
• Logging: Handle auth type case insensitively
• Removed util.import_module
• Removed fallback for types.SimpleNamespace in tests utils
• Use SourceFileLoader instead instead of execfile_
• Use importlib instead of __import__ and eval`
• Fixed eventlet patching
• Added optional datadog <https://www.datadoghq.com>_ tags for statsd metrics
• Header values now are encoded using latin-1, not ascii.
• Rewritten parse_address util added test
• Removed redundant super() arguments
• Simplify futures import in gthread module
• Fixed worker_connections` setting to also affects the Gthread worker type
• Fixed setting max_requests
• Bump minimum Eventlet and Gevent versions to 0.24 and 1.4
• Use Python default SSL cipher list by default
• handle wsgi.input_terminated extension
• Simplify Paste Deployment documentation
• Fix root logging: root and logger are same level.
• Fixed typo in ssl_version documentation
• Documented systemd deployement unit examples
• Added systemd sd_notify support
• Fixed typo in gthread.py
• Added tornado <https://www.tornadoweb.org/>_ 5 and 6 support
• Declare our setuptools dependency
• Added support to --bind to open file descriptors
• Document how to serve WSGI app modules from Gunicorn
• Provide guidance on X-Forwarded-For access log in documentation
• Add support for named constants in the --ssl-version flag
• Clarify log format usage of header & environment in documentation
• Fixed systemd documentation to properly setup gunicorn unix socket
• Prevent removal unix socket for reuse_port
• Fix ResourceWarning when reading a Python config module
• Remove unnecessary call to dict keys method
• Support str and bytes for UNIX socket addresses
• fixed InotifyReloadeder: handle module.__file__ is None
• /dev/shm as a convenient alternative to making your own tmpfs mount in fchmod FAQ
• fix examples to work on python3
• Fix typo in --max-requests documentation
• Clear tornado ioloop before os.fork
• Miscellaneous fixes and improvement for linting using Pylint

v19.10.0

Compare Source

v19.9.0

Compare Source

• fix: address a regression that prevented syslog support from working
  (#​1668, #​1773)
• fix: correctly set REMOTE_ADDR on versions of Python 3 affected by
  Python Issue 30205 <https://bugs.python.org/issue30205>_
  (#​1755, #​1796)
• fix: show zero response length correctly in access log (#​1787)
• fix: prevent raising :exc:AttributeError when --reload is not passed
  in case of a :exc:SyntaxError raised from the WSGI application.
  (#​1805, #​1806)
• ❗️The internal module gunicorn.workers.async was renamed to
  gunicorn.workers.base_async since async is now a reserved word
  in Python 3.7.
  (#​1527)

v19.8.1

Compare Source

• fix: secure scheme headers when bound to a unix socket (#​1766, #​1767)

v19.8.0

Compare Source

• Eventlet 0.21.0 support (#​1584)
• Tornado 5 support (#​1728, #​1752)
• support watching additional files with --reload-extra-file
  (#​1527)
• support configuring logging with a dictionary with --logging-config-dict
  (#​1087, #​1110, #​1602)
• add support for the --config flag in the GUNICORN_CMD_ARGS environment
  variable (#​1576, #​1581)
• disable SO_REUSEPORT by default and add the --reuse-port setting
  (#​1553, #​1603, #​1669)
• fix: installing inotify on MacOS no longer breaks the reloader
  (#​1540, #​1541)
• fix: do not throw TypeError when SO_REUSEPORT is not available
  (#​1501, #​1491)
• fix: properly decode HTTP paths containing certain non-ASCII characters
  (#​1577, #​1578)
• fix: remove whitespace when logging header values under gevent (#​1607)
• fix: close unlinked temporary files (#​1327, #​1428)
• fix: parse --umask=0 correctly (#​1622, #​1632)
• fix: allow loading applications using relative file paths
  (#​1349, #​1481)
• fix: force blocking mode on the gevent sockets (#​880, #​1616)
• fix: preserve leading / in request path (#​1512, #​1511)
• fix: forbid contradictory secure scheme headers
• fix: handle malformed basic authentication headers in access log
  (#​1683, #​1684)
• fix: defer handling of USR1 signal to a new greenlet under gevent
  (#​1645, #​1651)
• fix: the threaded worker would sometimes close the wrong keep-alive
  connection under Python 2 (#​1698, #​1699)
• fix: re-open log files on USR1 signal using handler._open to
  support subclasses of FileHandler (#​1739, #​1742)
• deprecation: the gaiohttp worker is deprecated, see the
  worker-class documentation for more information
  (#​1338, #​1418, #​1569)

---

• If you want to rebase/retry this PR, check this box