Avatar for the PrefectHQ user
PrefectHQ
prefect
BlogDocsChangelog

Performance History

Latest Results

fix(tests): prevent aiosqlite teardown race in legacy events/out test (#21619) Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: bot_apk <apk@cognition.ai>
main
4 minutes ago
Fix DNS rebinding TOCTOU bypass in `validate_restricted_url` (#21591) Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Alexander Streed <alex.s@prefect.io> Co-authored-by: alex.s <ajstreed1@gmail.com>
main
8 minutes ago
custom_headers Authorization takes precedence over PREFECT_API_KEY in check_server_version
vyagubov:custom_headers_overtakes
46 minutes ago
custom_headers Authorization takes precedence over PREFECT_API_KEY in check_server_version
vyagubov:custom_headers_overtakes
3 hours ago
Run SSRF DNS lookup off the event loop and share retry timeout budget Addresses Codex P2 feedback on #21591: - _SSRFProtectedAsyncBackend.connect_tcp now runs the synchronous getaddrinfo in a worker thread via anyio.to_thread.run_sync so DNS resolution does not block the event loop. - Both backends now derive a shared deadline from the caller's timeout and pass the remaining budget to each per-IP attempt, so connect time stays bounded by the caller's timeout instead of scaling with the number of resolved addresses. Co-authored-by: Alexander Streed <alex.s@prefect.io> Co-Authored-By: alex.s <ajstreed1@gmail.com>
devin1/oss-7874-fix-dns-rebinding-toctou-bypass-in-validate_restricted_url
4 hours ago
Add defensive try/except in PrefectWrappedFuture.add_done_callback (#21615) If a done callback raises inside `call_with_self`, the exception propagates into `concurrent.futures.Future._invoke_callbacks` which silently catches and logs it via the stdlib logger. This makes errors invisible to Prefect's logging and can leave `_final_state` unset, causing flow runs to hang as zombies. Wrap `fn(self)` in `call_with_self` with a try/except that logs via Prefect's logger, ensuring callback exceptions are always visible. Closes #21615 Testing: - test_add_done_callback_logs_exception_from_callback: registers a callback that raises RuntimeError, asserts the exception is logged via prefect.futures (not silently swallowed by stdlib). Verified FAILS without the fix (exception goes to concurrent.futures logger) and PASSES after. - test_add_done_callback_invokes_normally_on_success: verifies the happy path is unaffected. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
saschwartz:fix/21615-defensive-callback-wrapper
4 hours ago
Fix _UnpicklingFuture.add_done_callback swallowing deserialization errors (#21612) Co-authored-by: Sebastian Schwartz <sebastian.schwartz@chicagotrading.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
main
4 hours ago
Merge branch 'main' into fix/21610-unpickling-future-error-propagation
saschwartz:fix/21610-unpickling-future-error-propagation
5 hours ago

Latest Branches

CodSpeed Performance Gauge
0%
fix(client): don't overwrite custom_headers Authorization with PREFECT_API_KEY in check_server_version#21621
4 hours ago
6a4a1fe
vyagubov:custom_headers_overtakes
CodSpeed Performance Gauge
-3%
Fix DNS rebinding TOCTOU bypass in `validate_restricted_url`#21591
4 hours ago
e0a9ff2
devin1/oss-7874-fix-dns-rebinding-toctou-bypass-in-validate_restricted_url
CodSpeed Performance Gauge
0%
[DRAFT] Add defensive try/except in PrefectWrappedFuture.add_done_callback#21618
4 hours ago
fd9c0b3
saschwartz:fix/21615-defensive-callback-wrapper
© 2026 CodSpeed Technology
Home Terms Privacy Docs