Skip to content

chore(deps): bump asgiref from 3.11.1 to 3.12.1#62

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/asgiref-3.12.1
Open

chore(deps): bump asgiref from 3.11.1 to 3.12.1#62
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/asgiref-3.12.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps asgiref from 3.11.1 to 3.12.1.

Changelog

Sourced from asgiref's changelog.

3.12.1 (2026-07-14)

  • Restored the previous SyncToAsync.call internal code shape, which was relied on by some APM services. (#572)

    Note, this change was available whilst maintaining the underlying fix (from #564). It does not constitute an API stability promise. Ideally APMs are not monkey patching internal APIs, and future changes will be made here if needed.

3.12.0 (2026-07-14)

  • AsyncToSync no longer captures the running event loop on instantiation. (#562)

    This resolves a series of deadlocks that users experienced after asgiref 3.9.0, particularly with pytest-asyncio. pytest-asyncio stops the event loop between tests, and long-running unawaited futures could find themselves trying to schedule work onto a stopped loop, and so would never complete. Ideally, code should be structured to await long-running futures before returning, but this change should help users experiencing issues here.

    The loop is now resolved when the callable is invoked rather than when it is created. If async_to_sync is called from within sync_to_async, the parent event loop is still used, as before.

    The possibility of deadlock therefore remains in some nested patterns. For example, an async function may call a long-running sync_to_async function that itself uses async_to_sync; if the outer function returns before the sync future completes, the parent event loop may already be stopped, and the nested calls cannot be driven to completion.

    This is not a bug in asgiref — the same patterns deadlock in plain asyncio. As above, restructure your code to await the sync_to_async future before exiting the driving coroutine.

  • Fixed an event loop deadlock when exiting ThreadSensitiveContext while its executor thread was still blocked waiting on the event loop. (#535)

  • Dropped support for EOL Python 3.9.

  • Fixed StatelessServer.run() failing on Python 3.14, where asyncio.get_event_loop() no longer creates an event loop if none exists. It now uses asyncio.run(). (#559)

  • Fixed Local leaking data between unrelated sync threads when sys.flags.thread_inherit_context is enabled (Python 3.14+), so a newly

... (truncated)

Commits
  • ef9d4b8 Releasing 3.12.1
  • 34fba63 Restore previous SyncToAsync.call internal code shape.
  • a43900c Separate mypy from tests extra.
  • 1b7c338 Releasing 3.12.0
  • 157d9d4 Renovate precommit (#552)
  • deda0d4 Test free-threading builds and fix Local data leak for thread_inherit_context...
  • a54250a Don’t capture the event loop in AsyncToSync.__init__ (#562)
  • 836356a Use asyncio.run in StatelessServer.run (#561)
  • e04afd5 Dropped support for Python 3.9. (#543)
  • 95d2430 Fixed #535: ThreadSensitiveContext.aexit blocking the event loop. (#563)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [asgiref](https://github.com/django/asgiref) from 3.11.1 to 3.12.1.
- [Changelog](https://github.com/django/asgiref/blob/main/CHANGELOG.txt)
- [Commits](django/asgiref@3.11.1...3.12.1)

---
updated-dependencies:
- dependency-name: asgiref
  dependency-version: 3.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 16, 2026 04:11
@dependabot dependabot Bot removed the request for review from a team July 16, 2026 04:11
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 16, 2026
@dependabot dependabot Bot requested a review from SC-Samir July 16, 2026 04:11
@dependabot dependabot Bot added the python:uv Pull requests that update python:uv code label Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants