Bump gunicorn from 24.1.1 to 25.0.1 in /backend (#1548)

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 24.1.1 to
25.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/benoitc/gunicorn/releases">gunicorn's
releases</a>.</em></p>
<blockquote>
<h2>25.0.1</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Fix ASGI streaming responses (SSE) hanging: add chunked transfer
encoding for
HTTP/1.1 responses without Content-Length header. Without chunked
encoding,
clients wait for connection close to determine end-of-response.</li>
</ul>
<h2>Changes</h2>
<ul>
<li>Update celery_alternative example to use FastAPI with native ASGI
worker and
uvloop for async task execution</li>
</ul>
<h2>Testing</h2>
<ul>
<li>Add ASGI compliance test suite with Docker-based integration tests
covering HTTP,
WebSocket, streaming, lifespan, framework integration (Starlette,
FastAPI),
HTTP/2, and concurrency scenarios</li>
</ul>
<h2>Gunicorn 25.0.0</h2>
<h2>New Features</h2>
<ul>
<li>
<p><strong>Dirty Arbiters</strong>: Separate process pool for executing
long-running, blocking
operations (AI model loading, heavy computation) without blocking HTTP
workers
([PR <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3460">#3460</a>](<a
href="https://redirect.github.com/benoitc/gunicorn/pull/3460">benoitc/gunicorn#3460</a>))</p>
<ul>
<li>Inspired by Erlang's dirty schedulers</li>
<li>Asyncio-based with Unix socket IPC</li>
<li>Stateful workers that persist loaded resources</li>
<li>New settings: <code>--dirty-app</code>,
<code>--dirty-workers</code>, <code>--dirty-timeout</code>,
<code>--dirty-threads</code>, <code>--dirty-graceful-timeout</code></li>
<li>Lifecycle hooks: <code>on_dirty_starting</code>,
<code>dirty_post_fork</code>,
<code>dirty_worker_init</code>, <code>dirty_worker_exit</code></li>
</ul>
</li>
<li>
<p><strong>Per-App Worker Allocation for Dirty Arbiters</strong>:
Control how many dirty workers
load each app for memory optimization with heavy models
([PR <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3473">#3473</a>](<a
href="https://redirect.github.com/benoitc/gunicorn/pull/3473">benoitc/gunicorn#3473</a>))</p>
<ul>
<li>Set <code>workers</code> class attribute on DirtyApp (e.g.,
<code>workers = 2</code>)</li>
<li>Or use config format <code>module:class:N</code> (e.g.,
<code>myapp:HeavyModel:2</code>)</li>
<li>Requests automatically routed to workers with the target app</li>
<li>New exception <code>DirtyNoWorkersAvailableError</code> for graceful
error handling</li>
<li>Example: 8 workers × 10GB model = 80GB → with
<code>workers=2</code>: 20GB (75% savings)</li>
</ul>
</li>
<li>
<p><strong>HTTP/2 Support (Beta)</strong>: Native HTTP/2 (RFC 7540)
support for improved performance
with modern clients ([PR <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3468">#3468</a>](<a
href="https://redirect.github.com/benoitc/gunicorn/pull/3468">benoitc/gunicorn#3468</a>))</p>
<ul>
<li>Multiplexed streams over a single connection</li>
<li>Header compression (HPACK)</li>
<li>Flow control and stream prioritization</li>
<li>Works with gthread, gevent, and ASGI workers</li>
<li>New settings: <code>--http-protocols</code>,
<code>--http2-max-concurrent-streams</code>,
<code>--http2-initial-window-size</code>,
<code>--http2-max-frame-size</code>,
<code>--http2-max-header-list-size</code></li>
<li>Requires SSL/TLS and h2 library: <code>pip install
gunicorn[http2]</code></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3bf529f6c2"><code>3bf529f</code></a>
docs: sync news.md with 2026-news.md</li>
<li><a
href="1f4f245d76"><code>1f4f245</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3478">#3478</a>
from benoitc/feature/asgi-compliance-testbed</li>
<li><a
href="e1519c0569"><code>e1519c0</code></a>
docs: add ASGI compliance test suite to changelog</li>
<li><a
href="0885005b08"><code>0885005</code></a>
fix(tests): correct assertions in ASGI compliance tests</li>
<li><a
href="658924c436"><code>658924c</code></a>
docs: update changelog for 25.0.1</li>
<li><a
href="c5b6e82277"><code>c5b6e82</code></a>
chore: bump version to 25.0.1</li>
<li><a
href="ce352dc230"><code>ce352dc</code></a>
fix(asgi): add chunked transfer encoding for streaming responses</li>
<li><a
href="29b8a3a763"><code>29b8a3a</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3476">#3476</a>
from benoitc/dependabot/github_actions/actions/check...</li>
<li><a
href="791ab46e1c"><code>791ab46</code></a>
chore(deps): bump actions/checkout from 4 to 6</li>
<li><a
href="9235b72ab8"><code>9235b72</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3475">#3475</a>
from benoitc/dependabot/github_actions/actions/uploa...</li>
<li>Additional commits viewable in <a
href="https://github.com/benoitc/gunicorn/compare/24.1.1...25.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gunicorn&package-manager=uv&previous-version=24.1.1&new-version=25.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

backend/pyproject.toml

@@ -13,7 +13,7 @@ dependencies = [
     "databases[asyncpg]==0.9.0",
     "fastapi==0.128.0",
     "fastapi-sso==0.19.0",
-    "gunicorn==24.1.1",
+    "gunicorn==25.0.1",
     "heliclockter==3.0.1",
     "parameterized==0.9.0",
     "passlib==1.7.4",

backend/uv.lock

@@ -383,7 +383,7 @@ requires-dist = [
     { name = "databases", extras = ["asyncpg"], specifier = "==0.9.0" },
     { name = "fastapi", specifier = "==0.128.0" },
     { name = "fastapi-sso", specifier = "==0.19.0" },
-    { name = "gunicorn", specifier = "==24.1.1" },
+    { name = "gunicorn", specifier = "==25.0.1" },
     { name = "heliclockter", specifier = "==3.0.1" },
     { name = "parameterized", specifier = "==0.9.0" },
     { name = "passlib", specifier = "==1.7.4" },
@@ -739,14 +739,14 @@ wheels = [
 
 [[package]]
 name = "gunicorn"
-version = "24.1.1"
+version = "25.0.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "packaging" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/78/0a/10739c03537ec5b131a867bf94df2e412b437696c7e5d26970e2198a80d2/gunicorn-24.1.1.tar.gz", hash = "sha256:f006d110e5cb3102859b4f5cd48335dbd9cc28d0d27cd24ddbdafa6c60929408", size = 287567, upload-time = "2026-01-24T01:15:31.359Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/9e/83/e8327358129ca4dffd4fa6b6004aa5085dc80e913dec9b253401d6bd23ad/gunicorn-25.0.1.tar.gz", hash = "sha256:573e053aa950246e307ea908bd7ddce1870d41a40aec0c935938c586f0b9b946", size = 9693127, upload-time = "2026-02-02T13:34:05.767Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/96/90/cfe637677916fc6f53cd2b05d5746e249f683e1fa14c9e745a88c66f7290/gunicorn-24.1.1-py3-none-any.whl", hash = "sha256:757f6b621fc4f7581a90600b2cd9df593461f06a41d7259cb9b94499dc4095a8", size = 114920, upload-time = "2026-01-24T01:15:29.656Z" },
+    { url = "https://files.pythonhosted.org/packages/e0/dc/f1da097b7e0de5cd7552c10667305879093125cd62ff7372ad07d184ed8f/gunicorn-25.0.1-py3-none-any.whl", hash = "sha256:23cbe968c6ae3c8efc3d118c8353fa0763efc2102d89d0d3cea696cede7ff6b1", size = 169961, upload-time = "2026-02-02T13:34:02.744Z" },
 ]
 
 [[package]]