Update dependency aiohttp to v3.12.13 #210
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
b5d26f1 to
48e063b
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
48e063b to
3f2b7f3
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
3f2b7f3 to
4668003
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
2 times, most recently
from
a13cc10 to
2a563ba
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
2a563ba to
105a422
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
105a422 to
a8f91f9
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
a8f91f9 to
7793c40
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
2 times, most recently
from
9ae7cf2 to
21991fa
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
2 times, most recently
from
a5489f6 to
77b5ff5
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/aiohttp-3.x
branch
from
77b5ff5 to
ba1f6a3
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==3.11.18->==3.12.13Release Notes
aio-libs/aiohttp (aiohttp)
v3.12.13Compare Source
v3.12.12Compare Source
====================
Bug fixes
Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g.,
\012for newline) by vendoring the correct_unquoteimplementation from Python'shttp.cookiesmodule -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11173.Fixed
Cookieheader parsing to treat attribute names as regular cookies per :rfc:6265#section-5.4-- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11178.v3.12.11Compare Source
====================
Features
Improved SSL connection handling by changing the default
ssl_shutdown_timeoutfrom
0.1to0seconds. SSL connections now use Python's default gracefulshutdown during normal operation but are aborted immediately when the connector
is closed, providing optimal behavior for both cases. Also added support for
ssl_shutdown_timeout=0on all Python versions. Previously, this value wasrejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
Python < 3.11 now trigger a
RuntimeWarning-- by :user:bdraco.The
ssl_shutdown_timeoutparameter is now deprecated and will be removed inaiohttp 4.0 as there is no clear use case for changing the default.
Related issues and pull requests on GitHub:
:issue:
11148.Deprecations (removal in next major release)
Improved SSL connection handling by changing the default
ssl_shutdown_timeoutfrom
0.1to0seconds. SSL connections now use Python's default gracefulshutdown during normal operation but are aborted immediately when the connector
is closed, providing optimal behavior for both cases. Also added support for
ssl_shutdown_timeout=0on all Python versions. Previously, this value wasrejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
Python < 3.11 now trigger a
RuntimeWarning-- by :user:bdraco.The
ssl_shutdown_timeoutparameter is now deprecated and will be removed inaiohttp 4.0 as there is no clear use case for changing the default.
Related issues and pull requests on GitHub:
:issue:
11148.v3.12.10Compare Source
====================
Bug fixes
Fixed leak of
aiodns.DNSResolverwhen :py:class:~aiohttp.TCPConnectoris closed and no resolver was passed when creating the connector -- by :user:Tasssadar.This was a regression introduced in version 3.12.0 (:pr:
10897).Related issues and pull requests on GitHub:
:issue:
11150.v3.12.9Compare Source
===================
Bug fixes
Fixed
IOBasePayloadandTextIOPayloadreading entire files into memory when streaming large files -- by :user:bdraco.When using file-like objects with the aiohttp client, the entire file would be read into memory if the file size was provided in the
Content-Lengthheader. This could cause out-of-memory errors when uploading large files. The payload classes now correctly read data in chunks ofREAD_SIZE(64KB) regardless of the total content length.Related issues and pull requests on GitHub:
:issue:
11138.v3.12.8Compare Source
===================
Features
Added preemptive digest authentication to :class:
~aiohttp.DigestAuthMiddleware-- by :user:bdraco.The middleware now reuses authentication credentials for subsequent requests to the same
protection space, improving efficiency by avoiding extra authentication round trips.
This behavior matches how web browsers handle digest authentication and follows
:rfc:
7616#section-3.6.Preemptive authentication is enabled by default but can be disabled by passing
preemptive=Falseto the middleware constructor.Related issues and pull requests on GitHub:
:issue:
11128, :issue:11129.v3.12.7Compare Source
===================
Bug fixes
Fixed cookie parsing to be more lenient when handling cookies with special characters
in names or values. Cookies with characters like
{,}, and/in names are nowaccepted instead of causing a :exc:
~http.cookies.CookieErrorand 500 errors. Additionally,cookies with mismatched quotes in values are now parsed correctly, and quoted cookie
values are now handled consistently whether or not they include special attributes
like
Domain. Also fixed :class:~aiohttp.CookieJarto ensure shared cookies (domain="", path="")respect the
quote_cookieparameter, making cookie quoting behavior consistent forall cookies -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
2683, :issue:5397, :issue:7993, :issue:11112.Fixed an issue where cookies with duplicate names but different domains or paths
were lost when updating the cookie jar. The :class:
~aiohttp.ClientSessioncookie jar now correctly stores all cookies even if they have the same name but
different domain or path, following the :rfc:
6265#section-5.3storage model -- by :user:bdraco.Note that :attr:
ClientResponse.cookies <aiohttp.ClientResponse.cookies>returnsa :class:
~http.cookies.SimpleCookiewhich uses the cookie name as a key, soonly the last cookie with each name is accessible via this interface. All cookies
can be accessed via :meth:
ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall>if needed.Related issues and pull requests on GitHub:
:issue:
4486, :issue:11105, :issue:11106.Miscellaneous internal changes
Avoided creating closed futures in
ResponseHandlerthat will never be awaited -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11107.Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
11114.v3.12.6Compare Source
===================
Bug fixes
Fixed spurious "Future exception was never retrieved" warnings for connection lost errors when the connector is not closed -- by :user:
bdraco.When connections are lost, the exception is now marked as retrieved since it is always propagated through other means, preventing unnecessary warnings in logs.
Related issues and pull requests on GitHub:
:issue:
11100.v3.12.4Compare Source
===================
Bug fixes
Fixed connector not waiting for connections to close before returning from :meth:
~aiohttp.BaseConnector.close(partial backport of :pr:3733) -- by :user:atemateand :user:bdraco.Related issues and pull requests on GitHub:
:issue:
1925, :issue:11074.v3.12.3Compare Source
===================
Bug fixes
Fixed memory leak in :py:meth:
~aiohttp.CookieJar.filter_cookiesthat caused unbounded memory growthwhen making requests to different URL paths -- by :user:
bdracoand :user:Cycloctane.Related issues and pull requests on GitHub:
:issue:
11052, :issue:11054.v3.12.2Compare Source
===================
Bug fixes
Fixed
Content-Lengthheader not being set to0for non-GET requests withNonebody -- by :user:bdraco.Non-GET requests (
POST,PUT,PATCH,DELETE) withNoneas the body now correctly set theContent-Lengthheader to0, matching the behavior of requests with empty bytes (b""). This regression was introduced in aiohttp 3.12.1.Related issues and pull requests on GitHub:
:issue:
11035.v3.12.1Compare Source
====================
Bug fixes
Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g.,
\012for newline) by vendoring the correct_unquoteimplementation from Python'shttp.cookiesmodule -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11173.Fixed
Cookieheader parsing to treat attribute names as regular cookies per :rfc:6265#section-5.4-- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11178.v3.12.0Compare Source
===================
Bug fixes
Fixed :py:attr:
~aiohttp.web.WebSocketResponse.preparedproperty to correctly reflect the prepared state, especially during timeout scenarios -- by :user:bdracoRelated issues and pull requests on GitHub:
:issue:
6009, :issue:10988.Response is now always True, instead of using MutableMapping behaviour (False when map is empty)
Related issues and pull requests on GitHub:
:issue:
10119.Fixed connection reuse for file-like data payloads by ensuring buffer
truncation respects content-length boundaries and preventing premature
connection closure race -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10325, :issue:10915, :issue:10941, :issue:10943.Fixed pytest plugin to not use deprecated :py:mod:
asynciopolicy APIs.Related issues and pull requests on GitHub:
:issue:
10851.Fixed :py:class:
~aiohttp.resolver.AsyncResolvernot using theloopargument in versions 3.x where it should still be supported -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
10951.Features
Added a comprehensive HTTP Digest Authentication client middleware (DigestAuthMiddleware)
that implements RFC 7616. The middleware supports all standard hash algorithms
(MD5, SHA, SHA-256, SHA-512) with session variants, handles both 'auth' and
'auth-int' quality of protection options, and automatically manages the
authentication flow by intercepting 401 responses and retrying with proper
credentials -- by :user:
feus4177, :user:TimMenninger, and :user:bdraco.Related issues and pull requests on GitHub:
:issue:
2213, :issue:10725.Added client middleware support -- by :user:
bdracoand :user:Dreamsorcerer.This change allows users to add middleware to the client session and requests, enabling features like
authentication, logging, and request/response modification without modifying the core
request logic. Additionally, the
sessionattribute was added toClientRequest,allowing middleware to access the session for making additional requests.
Related issues and pull requests on GitHub:
:issue:
9732, :issue:10902, :issue:10945, :issue:10952, :issue:10959, :issue:10968.Allow user setting zlib compression backend -- by :user:
TimMenningerThis change allows the user to call :func:
aiohttp.set_zlib_backend()with thezlib compression module of their choice. Default behavior continues to use
the builtin
zliblibrary.Related issues and pull requests on GitHub:
:issue:
9798.Added support for overriding the base URL with an absolute one in client sessions
-- by :user:
vivodi.Related issues and pull requests on GitHub:
:issue:
10074.Added
hostparameter toaiohttp_serverfixture -- by :user:christianwbrock.Related issues and pull requests on GitHub:
:issue:
10120.Detect blocking calls in coroutines using BlockBuster -- by :user:
cbornet.Related issues and pull requests on GitHub:
:issue:
10433.Added
socket_factoryto :py:class:aiohttp.TCPConnectorto allow specifying custom socket options-- by :user:
TimMenninger.Related issues and pull requests on GitHub:
:issue:
10474, :issue:10520, :issue:10961, :issue:10962.Started building armv7l manylinux wheels -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10797.Implemented shared DNS resolver management to fix excessive resolver object creation
when using multiple client sessions. The new
_DNSResolverManagersingleton ensuresonly one
DNSResolverobject is created for default configurations, significantlyreducing resource usage and improving performance for applications using multiple
client sessions simultaneously -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10847, :issue:10923, :issue:10946.Upgraded to LLHTTP 9.3.0 -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
10972.Optimized small HTTP requests/responses by coalescing headers and body into a single TCP packet -- by :user:
bdraco.This change enhances network efficiency by reducing the number of packets sent for small HTTP payloads, improving latency and reducing overhead. Most importantly, this fixes compatibility with memory-constrained IoT devices that can only perform a single read operation and expect HTTP requests in one packet. The optimization uses zero-copy
writelineswhen coalescing data and works with both regular and chunked transfer encoding.When
aiohttpuses client middleware to communicate with anaiohttpserver, connection reuse is more likely to occur since complete responses arrive in a single packet for small payloads.This aligns
aiohttpwith other popular HTTP clients that already coalesce small requests.Related issues and pull requests on GitHub:
:issue:
10991.Improved documentation
Improved documentation for middleware by adding warnings and examples about
request body stream consumption. The documentation now clearly explains that
request body streams can only be read once and provides best practices for
sharing parsed request data between middleware and handlers -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
2914.Packaging updates and notes for downstreams
Removed non SPDX-license description from
setup.cfg-- by :user:devanshu-ziphq.Related issues and pull requests on GitHub:
:issue:
10662.Added support for building against system
llhttplibrary -- by :user:mgorny.This change adds support for :envvar:
AIOHTTP_USE_SYSTEM_DEPSenvironment variable thatcan be used to build aiohttp against the system install of the
llhttplibrary ratherthan the vendored one.
Related issues and pull requests on GitHub:
:issue:
10759.aiodnsis now installed on Windows with speedups extra -- by :user:bdraco.As of
aiodns3.3.0,SelectorEventLoopis no longer required when usingpycares4.7.0 or later.Related issues and pull requests on GitHub:
:issue:
10823.Fixed compatibility issue with Cython 3.1.1 -- by :user:
bdracoRelated issues and pull requests on GitHub:
:issue:
10877.Contributor-facing changes
Sped up tests by disabling
blockbusterfixture fortest_static_file_hugeandtest_static_file_huge_canceltests -- by :user:dikos1337.Related issues and pull requests on GitHub:
:issue:
9705, :issue:10761.Updated tests to avoid using deprecated :py:mod:
asynciopolicy APIs andmake it compatible with Python 3.14.
Related issues and pull requests on GitHub:
:issue:
10851.Added Winloop to test suite to support in the future -- by :user:
Vizonex.Related issues and pull requests on GitHub:
:issue:
10922.Miscellaneous internal changes
Added support for the
partitionedattribute in theset_cookiemethod.Related issues and pull requests on GitHub:
:issue:
9870.Setting :attr:
aiohttp.web.StreamResponse.last_modifiedto an unsupported type will now raise :exc:TypeErrorinstead of silently failing -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
10146.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.