Update gevent to 25.9.1

[pyup-bot]

This PR updates gevent from 23.7.0 to 25.9.1.

Changelog

25.9.1

===================


Features
--------

- gevent is now tested on PyPy 3.11 v7.3.20. Previously it was tested
with the now end-of-life PyPy 3.10 v7.3.17.



Bugfixes
--------

- Fix a ``TypeError`` in the C extensions when attempting to put items
into a full ``SimpleQueue.``

It is believed this problem started in version 25.4.1. On older
versions, using the environment variable ``PURE_PYTHON`` or
``GEVENT_PURE_PYTHON`` works around
See :issue:`2139`.

25.8.2

===================


Bugfixes
--------

- Make the ``queue`` attribute of ``gevent.queue.Queue`` objects
writable from Python when the C extension is in use. When
monkey-patched, this lets subclasses assign to it from their ``_init``
method. (Prior to 25.8.1 the ``_init`` method simply wasn't called.)
See :issue:`2136`.

25.8.1

===================


Features
--------

- gevent is now tested on the latest available versions of Python:
3.14rc1, 3.13.5, 3.12.11, 3.11.13, and 3.10.18.

We expect to remove support for Python 3.9 soon.



Bugfixes
--------

- Prevent an ``AssertionError`` (from ``AbstractLinkable``, such as
locks, events, etc) from being printed after ``os.fork`` under certain
conditions.

See also :issue:`2058`.
See :issue:`1895`.
- Avoid a rare ``AttributeError`` that could occur during circular
garbage collection.
See :issue:`1961`.
- Update c-ares from 1.33.1 to 1.34.5.

This contains `a bug fix <https://github.com/c-ares/c-ares/pull/974>`_
resolving excess CPU usage for certain platforms.
See :issue:`2084`.
- Fix several possible interpreter crashes when there are race
conditions or programmers don't follow the documented rules and close
open files while they are still in use by other components.

For example, :meth:`selectors.BaseSelector.unregister` says "A file
object shall be unregistered prior to being closed." Failure to do so
is implementation dependent; in gevent, with libev compiled with
debugging enabled, this would crash the process, and with libuv,
an unexpected, uncatchable exception would be raised. Now, more common
failure scenarios are handled gracefully.

This also means that gevent now monkey-patches :func:`os.close` (on
POSIX) to help handle these cases.
See :issue:`2100`.
- Fix some ignored AssertionErrors after forking on older versions of
Python.

See also :issue:`2111`.
See :issue:`2111`.
- Make the classes in ``gevent.queue`` more compatible with classes that
expect to subclass the standard library queue classes.
See :issue:`2114`.
- Provide ``gevent.signal.set_wakeup_fd`` (monkey-patched by default) to
allow waking up on ``SIGCHLD``. Previously, gevent's internal handling
of ``SIGCHLD`` prevented this from working.
See :issue:`2126`.

25.5.1

===================


Features
--------

- Update the bundled libuv to 1.51 from 1.44.2.

Note that this changes the minimum supported versions of various
operating systems. Linux now requires kernel 3.10 and glibc 2.17, up
from 2.6.32 and glibc 2.12; macOS now requires version 11, up from
version 10.15; Windows now requires Windows 10 and Visual Studio 2017,
up from Windows 8 and VS 2015; finally, FreeBSD now requires version
12, up from version 10.

The musl Linux wheels are now built with muslinux_1_2 instead of
musllinux_1_1.
See :issue:`2108`.
- Add support for Cython 3.1 on Windows.

- Add support for Python 3.14b1 and significantly expand the set of
standard library tests we run with monkey-patching.

25.4.2

===================


Features
--------

- Make gevent's ``queue`` classes subscriptable to match the standard library.
See :issue:`2102`.
- Make the c-ares resolver build on Windows.

25.4.1

===================


Features
--------

- Add a new environment variable and configuration setting to control
whether blocking reports are printed by the monitor thread.
See :issue:`2070`.
- Add initial support for Python 3.14a7. Earlier and later versions of
Python 3.14 may or may not work as expected.



Bugfixes
--------

- Fix using gevent's BackdoorServer with Unix sockets.
See :issue:`1769`.
- Monkey-patching the ``queue`` module (done by default in
``patch_all``) now patches ``Queue``, ``PriorityQueue``, and
``LifoQueue``. In addition to the general benefits of making all those
classes cooperative, this is known to solve a non-deterministic
deadlock with ``urllib3``.

In addition, ``Queue`` was renamed to ``SimpleQueue``; previously
``SimpleQueue`` was an alias for the undocumented
``queue._PySimpleQueue``. This makes ``SimpleQueue`` cooperative even
without monkey-patching.

Likewise, ``JoinableQueue`` was renamed to ``Queue``, providing the
``join`` method to all ``Queue`` objects, thus matching the standard
library. The old name remains for backwards compatibility.
See :issue:`1957`.

.. caution::
  Only the documented, tested (by the standard library), attributes are identical between
  the standard library and gevent ``Queue`` implementations.
  Internal implementation details are very different, and using
  undocumented, untested details such as the internal ``Condition``
  object ``all_tasks_done`` instead of the documented, tested
  ``join`` method will fail with this change.

  If you have code that relies on undocumented implementation
  details that cannot bo ported to the documented interface, please
  file an issue.


- Do not assume that ``threading.get_native_id`` exists. This improves
support for untested platforms.
See :issue:`2053`.
- Do not use pywsgi in a security-conscious environment.

Fix one security issue related to HTTP 100 Continue handling.
See :issue:`2075`.

24.11.1

====================


Bugfixes
--------

- Remove some legacy code that supported Python 2 for compatibility with
the upcoming releases of Cython 3.1.

Also, the ``PeriodicMonitorThreadStartedEvent`` now properly
implements the ``IPeriodicMonitorThreadStartedEvent`` interface.
The ``EventLoopBlocked`` event includes the hub which was blocked,
and it is notified before the report is printed so that event
listeners can modify the report.
See :issue:`2076`.

24.10.3

====================


Bugfixes
--------

- Fix clearing stack frames on Python 3.13. This is invoked when you
fork after having used the thread pool.
See :issue:`2067`.
- Distribute manylinux2014 wheels for x86_64.
See :issue:`2068`.
- Stop switching to the hub in the after fork hook in a child process. This could lead to strange behaviour, and is different than what all other versions of Python do.

24.10.2

====================


Bugfixes
--------

- Workaround a Cython bug compiling on GCC14.
See :issue:`2049`.

24.10.1

====================


Features
--------

- Update the bundled c-ares to 1.33.1.

- Add support for Python 3.13.

- The functions and classes in ``gevent.subprocess`` no longer accept
 ``stdout=STDOUT`` and raise a ``ValueError``.

Several additions and changes to the ``queue`` module, including:

- ``Queue.shutdown`` is available on all versions of Python.
- ``LifoQueue`` is now a joinable queue.

- gevent.monkey changed from a module to a package. The public API
remains the same.

For this release, private APIs (undocumented, marked internal, or
beginning with an underscore) are also preserved. However, these may
be changed or removed at any time in the future. If you are using one
of these APIs and cannot replace it, please contact the gevent team.



Bugfixes
--------

- For platforms that don't have ``socketpair``, upgrade our fallback
code to avoid a security issue.
See :issue:`2048`.


Deprecations and Removals
-------------------------

- Remove support for Python 3.8, which has reached the end of its
support lifecycle.
See :issue:`remove_py38`.

24.2.1

===================


Bugfixes
--------

- Add support for Python patch releases 3.11.8 and 3.12.2, which changed
internal details of threading.

As a result of these changes, note that it is no longer possible to
change the ``__class__`` of a ``gevent.threading._DummyThread``
object on those versions.

See :issue:`2020`.

Other
-----

Other updates for compatibility with the standard library include:

- Errors raised from ``subprocess.Popen`` may not have a filename set.
- ``SSLSocket.recv_into`` and ``SSLSocket.read`` no longer require the
 buffer to implement ``len`` and now work with buffers whose size is
 not 1.
- gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close
 flaw.

In addition:

- Drop ``setuptools`` to a soft test dependency.
- Drop support for very old versions of CFFI.
- Update bundled c-ares from 1.19.1 to 1.26.0.
- Locks created by gevent, but acquired from multiple different
 threads (not recommended), no longer spin to implement timeouts
 and interruptible blocking. Instead, they use the native
 functionality of the Python 3 lock. This may improve some scenarios.
 See :issue:`2013`.

23.9.1

===================


Bugfixes
--------

- Require greenlet 3.0 on Python 3.11 and Python 3.12; greenlet 3.0 is
recommended for all platforms. This fixes a number of obscure crashes
on all versions of Python, as well as fixing a fairly common problem
on Python 3.11+ that could manifest as either a crash or as a
``SystemError``.
See :issue:`1985`.


----

23.9.0.post1

=========================

- Fix Windows wheel builds.
- Fix macOS wheel builds.

23.9.0

===================


Bugfixes
--------

- Make ``gevent.select.select`` accept arbitrary iterables, not just
sequences. That is, you can now pass in a generator of file
descriptors instead of a realized list. Internally, arbitrary
iterables are copied into lists. This better matches what the standard
library does. Thanks to David Salvisberg.
See :issue:`1979`.
- On Python 3.11 and newer, opt out of Cython's fast exception
manipulation, which *may* be causing problems in certain circumstances
when combined with greenlets.

On all versions of Python, adjust some error handling in the default
C-based loop. This fixes several assertion failures on debug versions
of CPython. Hopefully it has a positive impact under real conditions.
See :issue:`1985`.
- Make ``gevent.pywsgi`` comply more closely with the HTTP specification
for chunked transfer encoding. In particular, we are much stricter
about trailers, and trailers that are invalid (too long or featuring
disallowed characters) forcibly close the connection to the client
*after* the results have been sent.

Trailers otherwise continue to be ignored and are not available to the
WSGI application.

Previously, carefully crafted invalid trailers in chunked requests on
keep-alive connections might appear as two requests to
``gevent.pywsgi``. Because this was handled exactly as a normal
keep-alive connection with two requests, the WSGI application should
handle it normally. However, if you were counting on some upstream
server to filter incoming requests based on paths or header fields,
and the upstream server simply passed trailers through without
validating them, then this embedded second request would bypass those
checks. (If the upstream server validated that the trailers meet the
HTTP specification, this could not occur, because characters that are
required in an HTTP request, like a space, are not allowed in
trailers.) CVE-2023-41419 was reserved for this.

Our thanks to the original reporters, Keran Mu
(mkr22mails.tsinghua.edu.cn) and Jianjun Chen
(jianjuntsinghua.edu.cn), from Tsinghua University and Zhongguancun
Laboratory.
See :issue:`1989`.


----

Links

• PyPI: https://pypi.org/project/gevent
• Changelog: https://data.safetycli.com/changelogs/gevent/
• Homepage: http://www.gevent.org/