Bump eventlet from 0.30.2 to 0.33.0

[dependabot[bot]]

Bumps eventlet from 0.30.2 to 0.33.0.

Changelog

Sourced from eventlet's changelog.

0.33.0

• green.thread: unlocked Lock().release() should raise exception, returned True eventlet/eventlet#697
• wsgi: Don't break HTTP framing during 100-continue handling eventlet/eventlet#578
• Python 3.10 partial support eventlet/eventlet#715
• greendns: Create a DNS resolver lazily rather than on import eventlet/eventlet#462
• ssl: GreenSSLContext minimum_version and maximum_version setters eventlet/eventlet#726

0.32.0

• greendns: compatibility with dnspython v2 eventlet/eventlet#722
• green.ssl: wrap_socket now accepts argument ciphers eventlet/eventlet#718
• websocket: control frames are now always uncompressed per RFC 7692; Thanks to Onno Kortmann

0.31.1

• ssl: py3.6 using client certificates raised ValueError: check_hostname needs server_hostname argument eventlet/eventlet#705

0.31.0

• IMPORTANT: websocket: Limit maximum uncompressed frame length to 8MiB https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2

0.30.3

• wsgi: websocket ALREADY_HANDLED flag on corolocal
• green.ssl: Set suppress_ragged_eofs default based on SSLSocket defaults
• greenio: socket.connect_ex returned None instead of 0 on success
• Use _imp instead of deprecated imp

Commits

• 955be1c v0.33.0 release
• c870876 Create a DNS resolver lazily rather than on import (fixes #736)
• 3c25d0c green.thread: unlocked Lock().release() should raise exception, returned True
• 8904a33 setup.cfg: Replace dashes with underscores
• 15d3c24 Python 3.10 partial support
• 690464a ssl: GreenSSLContext minimum_version and maximum_version setters
• 579c498 wsgi: Don't break HTTP framing during 100-continue handling
• 0100950 v0.32.0 release
• 254a772 codecov: allow 3% threshold to pass status check
• aeb0390 greendns: compatibility with dnspython v2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[EricHorst]

@dependabot ignore this minor version

until benoitc/gunicorn#2581 is fixed and we can bump gunicorn versions we can't change eventlet versions, and most of our apps aren't impacted by the security issue, which is related to websockets.

as of today, gunicorn hasn't had a versioned release since April 2021 although the fix is apparently in

[dependabot[bot]]

OK, I won't notify you about version 0.33.x again, unless you re-open this PR or update to a 0.33.x release yourself.