Skip to content

Bump uvicorn[standard] from 0.34.0 to 0.41.0#12

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uvicorn-standard--0.41.0
Open

Bump uvicorn[standard] from 0.34.0 to 0.41.0#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uvicorn-standard--0.41.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 3, 2026
edited
Loading

Copy link
Copy Markdown

Bumps uvicorn[standard] from 0.34.0 to 0.41.0.

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.41.0

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

New Contributors

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Version 0.38.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn[standard]'s changelog.

0.41.0 (February 16, 2026)

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

  • Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

  • Add --timeout-worker-healthcheck option (#2711)
  • Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

  • Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

... (truncated)

Commits
  • 9283c0f Version 0.41.0 (#2821)
  • a01a33e Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • 2ce65bd Ignore permission denied errors in watchfiles reloader (#2817)
  • 654f2ed Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • a03d9f6 Reduce the log level of 'request limit exceeded' messages (#2788)
  • e377de4 Add socket path to scope["server"] (#2561)
  • 0779f7f Poll for readiness in test_multiprocess_health_check and run_server (#2816)
  • 7e9ce2c Poll for PID changes in test_multiprocess_sighup instead of fixed sleep (#2...
  • 99f0d87 Fix grep warning in scripts/sync-version (#2807)
  • 7ae2e63 chore(deps): bump the python-packages group with 18 updates (#2801)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github

dependabot Bot commented on behalf of github Mar 3, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
Bump uvicorn[standard] from 0.34.0 to 0.41.0
de55198 
Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.34.0 to 0.41.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.34.0...0.41.0)

---
updated-dependencies:
- dependency-name: uvicorn[standard]
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/uvicorn-standard--0.41.0 branch from 012f0ef to de55198 Compare March 5, 2026 14:15
@windoze95 windoze95 mentioned this pull request Jun 28, 2026
Merged
windoze95 added a commit that referenced this pull request Jun 28, 2026
@windoze95 @claude
feat(retention): enforce subscription retention policies (#12)
1939911 
retention_policy/retention_count on UserSubscription were persisted but never
applied — a self-hoster who set a policy got nothing. Add a periodic sweep that
makes them real.

A new Celery beat task (enforce_retention_task, every retention_interval_hours,
default 6h) applies each subscription's policy:

- KEEP_LAST_N: keep the newest N downloaded (COMPLETE) videos per
  (user, channel) and soft-remove the user's UserVideoRefs for the rest, ordered
  by upload date (falling back to catalog time) with a stable id tiebreak.
- KEEP_ALL (default): no-op.
- KEEP_WATCHED: recognized but intentionally left unenforced — its only sensible
  reading is destructive — pending product sign-off.
- A missing/non-positive count, or an unknown policy, is treated as a no-op.

Reclamation reuses the existing orphan cleanup rather than deleting files here:
the sweep soft-removes refs, then runs check_and_delete_orphan, which only
deletes the file and resets the Video row once no active ref remains. So shared
downloads stay ref-counted — soft-removing one user's ref never removes a video
another active ref still wants — and only videos the user actually downloaded
are ever touched.

check_and_delete_orphan gains a synchronous twin (check_and_delete_orphan_sync)
for the Celery worker's sync Session; both share one reclaim helper so the
file-deletion + row-reset logic lives in a single place. No schema change (the
columns already existed).

Tests: KEEP_LAST_N drops refs beyond N (newest kept) and orphan cleanup
reclaims; KEEP_ALL is a no-op; a video another active ref still wants is not
reclaimed; only downloaded videos count; a policy with no count is a no-op.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RXMKM1rDWn8wNh93MMUtxY
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants