Update gevent to 24.11.1

[pyup-bot]

This PR updates gevent from 23.7.0 to 24.11.1.

Changelog

24.11.1

====================


Bugfixes
--------

- Remove some legacy code that supported Python 2 for compatibility with
the upcoming releases of Cython 3.1.

Also, the ``PeriodicMonitorThreadStartedEvent`` now properly
implements the ``IPeriodicMonitorThreadStartedEvent`` interface.
The ``EventLoopBlocked`` event includes the hub which was blocked,
and it is notified before the report is printed so that event
listeners can modify the report.
See :issue:`2076`.

24.10.3

====================


Bugfixes
--------

- Fix clearing stack frames on Python 3.13. This is invoked when you
fork after having used the thread pool.
See :issue:`2067`.
- Distribute manylinux2014 wheels for x86_64.
See :issue:`2068`.
- Stop switching to the hub in the after fork hook in a child process. This could lead to strange behaviour, and is different than what all other versions of Python do.

24.10.2

====================


Bugfixes
--------

- Workaround a Cython bug compiling on GCC14.
See :issue:`2049`.

24.10.1

====================


Features
--------

- Update the bundled c-ares to 1.33.1.

- Add support for Python 3.13.

- The functions and classes in ``gevent.subprocess`` no longer accept
 ``stdout=STDOUT`` and raise a ``ValueError``.

Several additions and changes to the ``queue`` module, including:

- ``Queue.shutdown`` is available on all versions of Python.
- ``LifoQueue`` is now a joinable queue.

- gevent.monkey changed from a module to a package. The public API
remains the same.

For this release, private APIs (undocumented, marked internal, or
beginning with an underscore) are also preserved. However, these may
be changed or removed at any time in the future. If you are using one
of these APIs and cannot replace it, please contact the gevent team.



Bugfixes
--------

- For platforms that don't have ``socketpair``, upgrade our fallback
code to avoid a security issue.
See :issue:`2048`.


Deprecations and Removals
-------------------------

- Remove support for Python 3.8, which has reached the end of its
support lifecycle.
See :issue:`remove_py38`.

24.2.1

===================


Bugfixes
--------

- Add support for Python patch releases 3.11.8 and 3.12.2, which changed
internal details of threading.

As a result of these changes, note that it is no longer possible to
change the ``__class__`` of a ``gevent.threading._DummyThread``
object on those versions.

See :issue:`2020`.

Other
-----

Other updates for compatibility with the standard library include:

- Errors raised from ``subprocess.Popen`` may not have a filename set.
- ``SSLSocket.recv_into`` and ``SSLSocket.read`` no longer require the
 buffer to implement ``len`` and now work with buffers whose size is
 not 1.
- gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close
 flaw.

In addition:

- Drop ``setuptools`` to a soft test dependency.
- Drop support for very old versions of CFFI.
- Update bundled c-ares from 1.19.1 to 1.26.0.
- Locks created by gevent, but acquired from multiple different
 threads (not recommended), no longer spin to implement timeouts
 and interruptible blocking. Instead, they use the native
 functionality of the Python 3 lock. This may improve some scenarios.
 See :issue:`2013`.

23.9.1

===================


Bugfixes
--------

- Require greenlet 3.0 on Python 3.11 and Python 3.12; greenlet 3.0 is
recommended for all platforms. This fixes a number of obscure crashes
on all versions of Python, as well as fixing a fairly common problem
on Python 3.11+ that could manifest as either a crash or as a
``SystemError``.
See :issue:`1985`.


----

23.9.0.post1

=========================

- Fix Windows wheel builds.
- Fix macOS wheel builds.

23.9.0

===================


Bugfixes
--------

- Make ``gevent.select.select`` accept arbitrary iterables, not just
sequences. That is, you can now pass in a generator of file
descriptors instead of a realized list. Internally, arbitrary
iterables are copied into lists. This better matches what the standard
library does. Thanks to David Salvisberg.
See :issue:`1979`.
- On Python 3.11 and newer, opt out of Cython's fast exception
manipulation, which *may* be causing problems in certain circumstances
when combined with greenlets.

On all versions of Python, adjust some error handling in the default
C-based loop. This fixes several assertion failures on debug versions
of CPython. Hopefully it has a positive impact under real conditions.
See :issue:`1985`.
- Make ``gevent.pywsgi`` comply more closely with the HTTP specification
for chunked transfer encoding. In particular, we are much stricter
about trailers, and trailers that are invalid (too long or featuring
disallowed characters) forcibly close the connection to the client
*after* the results have been sent.

Trailers otherwise continue to be ignored and are not available to the
WSGI application.

Previously, carefully crafted invalid trailers in chunked requests on
keep-alive connections might appear as two requests to
``gevent.pywsgi``. Because this was handled exactly as a normal
keep-alive connection with two requests, the WSGI application should
handle it normally. However, if you were counting on some upstream
server to filter incoming requests based on paths or header fields,
and the upstream server simply passed trailers through without
validating them, then this embedded second request would bypass those
checks. (If the upstream server validated that the trailers meet the
HTTP specification, this could not occur, because characters that are
required in an HTTP request, like a space, are not allowed in
trailers.) CVE-2023-41419 was reserved for this.

Our thanks to the original reporters, Keran Mu
(mkr22mails.tsinghua.edu.cn) and Jianjun Chen
(jianjuntsinghua.edu.cn), from Tsinghua University and Zhongguancun
Laboratory.
See :issue:`1989`.


----

Links

• PyPI: https://pypi.org/project/gevent
• Changelog: https://data.safetycli.com/changelogs/gevent/
• Homepage: http://www.gevent.org/