Skip to content

chore(deps): bump granian from 2.6.0 to 2.7.2#80

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/granian-2.7.2
Open

chore(deps): bump granian from 2.6.0 to 2.7.2#80
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/granian-2.7.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026

Copy link
Copy Markdown
Contributor

Bumps granian from 2.6.0 to 2.7.2.

Release notes

Sourced from granian's releases.

Granian 2.7.2

Patch release

Changes since 2.7.1:

  • Review ASGI websockets' rejection flow
    • This should fix an hang issue with Django channels
  • Fix ASGI websocket scope suprotocols split (#817 by @​JaeHyuckSa)
  • Fix Content-Type header in metrics endpoint (#808 by @​IngmarStein)
  • Bump dependencies

Granian 2.7.1

Patch release

Changes since 2.7.0:

  • Fix websockets' handles cleanup on shutdown
    • This should fix an occasional runtime thread panic with the message Cannot drop pointer into Python heap without the thread being attached
  • Fix a bug in the ASGI protocol preventing apps to receive the websocket.disconnect event after server-initiated close (#801 by @​JaeHyuckSa)
    • This should fix some long-standing issues with Django channels
  • Review some lock holding strategy in PyFutureAwaitable callback dispatch (#802 by @​ColemanDunn)
  • Bump dependencies

Granian 2.7.0

What's Changed

New features

  • Add prometheus metrics export (based on @​butlerx preliminary work)
  • Add support for ASGI websocket denial response extension (#771 by @​JaeHyuckSa)
  • Add static files rewrite support for directory listings (#784 by @​tobiasge)
  • Add support for multiple static paths

Changes

  • Lowered --blocking-threads-idle-timeout minimum accepted value to 5 seconds
  • Bump dependencies

Enhancements

  • Refactor blocking thread-pool resize strategy
  • Review auto runtime mode option

Fixes

  • Bump minimum version of click dependency

Granian 2.6.1

Patch release

Changes since 2.6.0:

Commits
  • 45d9c75 Bump dependencies
  • 056fd1b fix: Set Content-Type header for metrics endpoint (#808)
  • 5fe8547 fix: split comma-separated WebSocket subprotocols in ASGI scope (#817)
  • 65c9664 Unblock ASGI ws receive on close without accept (#819)
  • a288cc3 Bump version to 2.7.2
  • 1a5a8c3 Review lock hold strategy in PyFutureAwaitable callback dispatch (#802)
  • d10a246 Ensure to send ASGI websocket.disconnect after server-initiated close (#801)
  • 6736727 Update external benchmark results (#795)
  • 6bcdadc Bump dependencies
  • 0062b6b Handle cleanup of ws tasks on shutdown (#803)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [granian](https://github.com/emmett-framework/granian) from 2.6.0 to 2.7.2.
- [Release notes](https://github.com/emmett-framework/granian/releases)
- [Commits](emmett-framework/granian@v2.6.0...v2.7.2)

---
updated-dependencies:
- dependency-name: granian
  dependency-version: 2.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants