Skip to content

build(deps): bump uvicorn from 0.41.0 to 0.42.0#453

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/uvicorn-0.42.0
Closed

build(deps): bump uvicorn from 0.41.0 to 0.42.0#453
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/uvicorn-0.42.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 24, 2026

Copy link
Copy Markdown
Contributor

Bumps uvicorn from 0.41.0 to 0.42.0.

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors


Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)
Commits
  • 02bed6f Version 0.42.0 (#2852)
  • d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
  • 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
  • b3c69da Use bytearray for request body accumulation (#2845)
  • 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
  • d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
  • e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
  • 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
  • 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added Changed dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 24, 2026
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.41.0...0.42.0)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/pip/uvicorn-0.42.0 branch from 277266a to a392500 Compare April 9, 2026 15:21
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updateduvicorn@​0.41.0 ⏵ 0.42.098 +1100100100100

View full report

@dependabot @github

dependabot Bot commented on behalf of github Apr 14, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #464.

@dependabot dependabot Bot closed this Apr 14, 2026
@dependabot
dependabot Bot deleted the dependabot/pip/uvicorn-0.42.0 branch April 14, 2026 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Changed dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants