Skip to content

chore(deps): update dependency aiohttp to v3.9.3

RenovateBot requested to merge renovate/aiohttp-3.x into main

This MR contains the following updates:

Package Type Update Change
aiohttp dependencies minor ==3.8.3 -> ==3.9.3

Release Notes

aio-libs/aiohttp (aiohttp)

v3.9.3

Compare Source

==================

Bug fixes

  • Fixed backwards compatibility breakage (in 3.9.2) of ssl parameter when set outside of ClientSession (e.g. directly in TCPConnector) -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:8097, :issue:8098.

Miscellaneous internal changes

  • Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.

    Related issues and pull requests on GitHub: :issue:3957.

v3.9.2

Compare Source

==================

Bug fixes

  • Fixed server-side websocket connection leak.

    Related issues and pull requests on GitHub: :issue:7978.

  • Fixed web.FileResponse doing blocking I/O in the event loop.

    Related issues and pull requests on GitHub: :issue:8012.

  • Fixed double compress when compression enabled and compressed file exists in server file responses.

    Related issues and pull requests on GitHub: :issue:8014.

  • Added runtime type check for ClientSession timeout parameter.

    Related issues and pull requests on GitHub: :issue:8021.

  • Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

    Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

    Related issues and pull requests on GitHub: :issue:8074.

  • Improved validation of paths for static resources requests to the server -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:8079.

Features

  • Added support for passing :py:data:True to ssl parameter in ClientSession while deprecating :py:data:None -- by :user:xiangyan99.

    Related issues and pull requests on GitHub: :issue:7698.

Breaking changes

  • Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

    Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

    Related issues and pull requests on GitHub: :issue:8074.

Improved documentation

  • Fixed examples of fallback_charset_resolver function in the :doc:client_advanced document. -- by :user:henry0312.

    Related issues and pull requests on GitHub: :issue:7995.

  • The Sphinx setup was updated to avoid showing the empty changelog draft section in the tagged release documentation builds on Read The Docs -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:8067.

Packaging updates and notes for downstreams

  • The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately -- by :user:webknjaz.

    The new category tags are:

    * ``bugfix``

* ``feature``

* ``deprecation``

* ``breaking`` (previously, ``removal``)

* ``doc``

* ``packaging``

* ``contrib``

* ``misc``

    Related issues and pull requests on GitHub: :issue:8066.

Contributor-facing changes

  • Updated :ref:contributing/Tests coverage <aiohttp-contributing> section to show how we use codecov -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:7916.

  • The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately -- by :user:webknjaz.

    The new category tags are:

    * ``bugfix``

* ``feature``

* ``deprecation``

* ``breaking`` (previously, ``removal``)

* ``doc``

* ``packaging``

* ``contrib``

* ``misc``

    Related issues and pull requests on GitHub: :issue:8066.

Miscellaneous internal changes

  • Replaced all tmpdir fixtures with tmp_path in test suite.

    Related issues and pull requests on GitHub: :issue:3551.

v3.9.1

Compare Source

==================

Bugfixes

  • Fixed importing aiohttp under PyPy on Windows.

    #&#8203;7848 <https://github.com/aio-libs/aiohttp/issues/7848>_

  • Fixed async concurrency safety in websocket compressor.

    #&#8203;7865 <https://github.com/aio-libs/aiohttp/issues/7865>_

  • Fixed ClientResponse.close() releasing the connection instead of closing.

    #&#8203;7869 <https://github.com/aio-libs/aiohttp/issues/7869>_

  • Fixed a regression where connection may get closed during upgrade. -- by :user:Dreamsorcerer

    #&#8203;7879 <https://github.com/aio-libs/aiohttp/issues/7879>_

  • Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:Dreamsorcerer

    #&#8203;7895 <https://github.com/aio-libs/aiohttp/issues/7895>_

v3.9.0

Compare Source

==================

Features

  • Introduced AppKey for static typing support of Application storage. See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

    #&#8203;5864 <https://github.com/aio-libs/aiohttp/issues/5864>_

  • Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. The period can be adjusted with the shutdown_timeout parameter. -- by :user:Dreamsorcerer. See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

    #&#8203;7188 <https://github.com/aio-libs/aiohttp/issues/7188>_

  • Added handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>_ parameter to cancel web handler on client disconnection. -- by :user:mosquito This (optionally) reintroduces a feature removed in a previous release. Recommended for those looking for an extra level of protection against denial-of-service attacks.

    #&#8203;7056 <https://github.com/aio-libs/aiohttp/issues/7056>_

  • Added support for setting response header parameters max_line_size and max_field_size.

    #&#8203;2304 <https://github.com/aio-libs/aiohttp/issues/2304>_

  • Added auto_decompress parameter to ClientSession.request to override ClientSession._auto_decompress. -- by :user:Daste745

    #&#8203;3751 <https://github.com/aio-libs/aiohttp/issues/3751>_

  • Changed raise_for_status to allow a coroutine.

    #&#8203;3892 <https://github.com/aio-libs/aiohttp/issues/3892>_

  • Added client brotli compression support (optional with runtime check).

    #&#8203;5219 <https://github.com/aio-libs/aiohttp/issues/5219>_

  • Added client_max_size to BaseRequest.clone() to allow overriding the request body size. -- :user:anesabml.

    #&#8203;5704 <https://github.com/aio-libs/aiohttp/issues/5704>_

  • Added a middleware type alias aiohttp.typedefs.Middleware.

    #&#8203;5898 <https://github.com/aio-libs/aiohttp/issues/5898>_

  • Exported HTTPMove which can be used to catch any redirection request that has a location -- :user:dreamsorcerer.

    #&#8203;6594 <https://github.com/aio-libs/aiohttp/issues/6594>_

  • Changed the path parameter in web.run_app() to accept a pathlib.Path object.

    #&#8203;6839 <https://github.com/aio-libs/aiohttp/issues/6839>_

  • Performance: Skipped filtering CookieJar when the jar is empty or all cookies have expired.

    #&#8203;7819 <https://github.com/aio-libs/aiohttp/issues/7819>_

  • Performance: Only check origin if insecure scheme and there are origins to treat as secure, in CookieJar.filter_cookies().

    #&#8203;7821 <https://github.com/aio-libs/aiohttp/issues/7821>_

  • Performance: Used timestamp instead of datetime to achieve faster cookie expiration in CookieJar.

    #&#8203;7824 <https://github.com/aio-libs/aiohttp/issues/7824>_

  • Added support for passing a custom server name parameter to HTTPS connection.

    #&#8203;7114 <https://github.com/aio-libs/aiohttp/issues/7114>_

  • Added support for using Basic Auth credentials from :file:.netrc file when making HTTP requests with the :py:class:~aiohttp.ClientSession trust_env argument is set to True. -- by :user:yuvipanda.

    #&#8203;7131 <https://github.com/aio-libs/aiohttp/issues/7131>_

  • Turned access log into no-op when the logger is disabled.

    #&#8203;7240 <https://github.com/aio-libs/aiohttp/issues/7240>_

  • Added typing information to RawResponseMessage. -- by :user:Gobot1234

    #&#8203;7365 <https://github.com/aio-libs/aiohttp/issues/7365>_

  • Removed async-timeout for Python 3.11+ (replaced with asyncio.timeout() on newer releases).

    #&#8203;7502 <https://github.com/aio-libs/aiohttp/issues/7502>_

  • Added support for brotlicffi as an alternative to brotli (fixing Brotli support on PyPy).

    #&#8203;7611 <https://github.com/aio-libs/aiohttp/issues/7611>_

  • Added WebSocketResponse.get_extra_info() to access a protocol transport's extra info.

    #&#8203;7078 <https://github.com/aio-libs/aiohttp/issues/7078>_

  • Allow link argument to be set to None/empty in HTTP 451 exception.

    #&#8203;7689 <https://github.com/aio-libs/aiohttp/issues/7689>_

Bugfixes

  • Implemented stripping the trailing dots from fully-qualified domain names in Host headers and TLS context when acting as an HTTP client. This allows the client to connect to URLs with FQDN host name like https://example.com./. -- by :user:martin-sucha.

    #&#8203;3636 <https://github.com/aio-libs/aiohttp/issues/3636>_

  • Fixed client timeout not working when incoming data is always available without waiting. -- by :user:Dreamsorcerer.

    #&#8203;5854 <https://github.com/aio-libs/aiohttp/issues/5854>_

  • Fixed readuntil to work with a delimiter of more than one character.

    #&#8203;6701 <https://github.com/aio-libs/aiohttp/issues/6701>_

  • Added __repr__ to EmptyStreamReader to avoid AttributeError.

    #&#8203;6916 <https://github.com/aio-libs/aiohttp/issues/6916>_

  • Fixed bug when using TCPConnector with ttl_dns_cache=0.

    #&#8203;7014 <https://github.com/aio-libs/aiohttp/issues/7014>_

  • Fixed response returned from expect handler being thrown away. -- by :user:Dreamsorcerer

    #&#8203;7025 <https://github.com/aio-libs/aiohttp/issues/7025>_

  • Avoided raising UnicodeDecodeError in multipart and in HTTP headers parsing.

    #&#8203;7044 <https://github.com/aio-libs/aiohttp/issues/7044>_

  • Changed sock_read timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:dtrifiro

    #&#8203;7149 <https://github.com/aio-libs/aiohttp/issues/7149>_

  • Fixed missing query in tracing method URLs when using yarl 1.9+.

    #&#8203;7259 <https://github.com/aio-libs/aiohttp/issues/7259>_

  • Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a DeprecationWarning on Python 3.12.

    #&#8203;7302 <https://github.com/aio-libs/aiohttp/issues/7302>_

  • Fixed EmptyStreamReader.iter_chunks() never ending. -- by :user:mind1m

    #&#8203;7616 <https://github.com/aio-libs/aiohttp/issues/7616>_

  • Fixed a rare RuntimeError: await wasn't used with future exception. -- by :user:stalkerg

    #&#8203;7785 <https://github.com/aio-libs/aiohttp/issues/7785>_

  • Fixed issue with insufficient HTTP method and version validation.

    #&#8203;7700 <https://github.com/aio-libs/aiohttp/issues/7700>_

  • Added check to validate that absolute URIs have schemes.

    #&#8203;7712 <https://github.com/aio-libs/aiohttp/issues/7712>_

  • Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates.

    #&#8203;7715 <https://github.com/aio-libs/aiohttp/issues/7715>_

  • Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator.

    #&#8203;7719 <https://github.com/aio-libs/aiohttp/issues/7719>_

  • Fixed Python HTTP parser not treating 204/304/1xx as an empty body.

    #&#8203;7755 <https://github.com/aio-libs/aiohttp/issues/7755>_

  • Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3.

    #&#8203;7756 <https://github.com/aio-libs/aiohttp/issues/7756>_

  • Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:Dreamsorcerer

    #&#8203;7764 <https://github.com/aio-libs/aiohttp/issues/7764>_

  • Edge Case Handling for ResponseParser for missing reason value.

    #&#8203;7776 <https://github.com/aio-libs/aiohttp/issues/7776>_

  • Fixed ClientWebSocketResponse.close_code being erroneously set to None when there are concurrent async tasks receiving data and closing the connection.

    #&#8203;7306 <https://github.com/aio-libs/aiohttp/issues/7306>_

  • Added HTTP method validation.

    #&#8203;6533 <https://github.com/aio-libs/aiohttp/issues/6533>_

  • Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:Dreamsorcerer

    #&#8203;7835 <https://github.com/aio-libs/aiohttp/issues/7835>_

  • Performance: Fixed increase in latency with small messages from websocket compression changes.

    #&#8203;7797 <https://github.com/aio-libs/aiohttp/issues/7797>_

Improved Documentation

  • Fixed the ClientResponse.release's type in the doc. Changed from comethod to method.

    #&#8203;5836 <https://github.com/aio-libs/aiohttp/issues/5836>_

  • Added information on behavior of base_url parameter in ClientSession.

    #&#8203;6647 <https://github.com/aio-libs/aiohttp/issues/6647>_

  • Fixed ClientResponseError docs.

    #&#8203;6700 <https://github.com/aio-libs/aiohttp/issues/6700>_

  • Updated Redis code examples to follow the latest API.

    #&#8203;6907 <https://github.com/aio-libs/aiohttp/issues/6907>_

  • Added a note about possibly needing to update headers when using on_response_prepare. -- by :user:Dreamsorcerer

    #&#8203;7283 <https://github.com/aio-libs/aiohttp/issues/7283>_

  • Completed trust_env parameter description to honor wss_proxy, ws_proxy or no_proxy env.

    #&#8203;7325 <https://github.com/aio-libs/aiohttp/issues/7325>_

  • Expanded SSL documentation with more examples (e.g. how to use certifi). -- by :user:Dreamsorcerer

    #&#8203;7334 <https://github.com/aio-libs/aiohttp/issues/7334>_

  • Fix, update, and improve client exceptions documentation.

    #&#8203;7733 <https://github.com/aio-libs/aiohttp/issues/7733>_

Deprecations and Removals

  • Added shutdown_timeout parameter to BaseRunner, while deprecating shutdown_timeout parameter from BaseSite. -- by :user:Dreamsorcerer

    #&#8203;7718 <https://github.com/aio-libs/aiohttp/issues/7718>_

  • Dropped Python 3.6 support.

    #&#8203;6378 <https://github.com/aio-libs/aiohttp/issues/6378>_

  • Dropped Python 3.7 support. -- by :user:Dreamsorcerer

    #&#8203;7336 <https://github.com/aio-libs/aiohttp/issues/7336>_

  • Removed support for abandoned tokio event loop. -- by :user:Dreamsorcerer

    #&#8203;7281 <https://github.com/aio-libs/aiohttp/issues/7281>_

Misc

  • Made print argument in run_app() optional.

    #&#8203;3690 <https://github.com/aio-libs/aiohttp/issues/3690>_

  • Improved performance of ceil_timeout in some cases.

    #&#8203;6316 <https://github.com/aio-libs/aiohttp/issues/6316>_

  • Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:Dreamsorcerer

    #&#8203;6591 <https://github.com/aio-libs/aiohttp/issues/6591>_

  • Improved import time by replacing http.server with http.HTTPStatus.

    #&#8203;6903 <https://github.com/aio-libs/aiohttp/issues/6903>_

  • Fixed annotation of ssl parameter to disallow True. -- by :user:Dreamsorcerer.

    #&#8203;7335 <https://github.com/aio-libs/aiohttp/issues/7335>_

v3.8.6

Compare Source

==================

Security bugfixes

Deprecation

  • Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function.

    Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.

    #&#8203;7561 <https://github.com/aio-libs/aiohttp/issues/7561>_

Features

  • Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer

    #&#8203;7490 <https://github.com/aio-libs/aiohttp/issues/7490>_

Bugfixes

  • Fixed PermissionError when .netrc is unreadable due to permissions.

    #&#8203;7237 <https://github.com/aio-libs/aiohttp/issues/7237>_

  • Fixed output of parsing errors pointing to a \n. -- by :user:Dreamsorcerer

    #&#8203;7468 <https://github.com/aio-libs/aiohttp/issues/7468>_

  • Fixed GunicornWebWorker max_requests_jitter not working.

    #&#8203;7518 <https://github.com/aio-libs/aiohttp/issues/7518>_

  • Fixed sorting in filter_cookies to use cookie with longest path. -- by :user:marq24.

    #&#8203;7577 <https://github.com/aio-libs/aiohttp/issues/7577>_

  • Fixed display of BadStatusLine messages from llhttp_. -- by :user:Dreamsorcerer

    #&#8203;7651 <https://github.com/aio-libs/aiohttp/issues/7651>_

v3.8.5

Compare Source

==================

Security bugfixes

Features

  • Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer

    #&#8203;7366 <https://github.com/aio-libs/aiohttp/issues/7366>_

Bugfixes

  • Fixed a transport is :data:None error -- by :user:Dreamsorcerer.

    #&#8203;3355 <https://github.com/aio-libs/aiohttp/issues/3355>_

v3.8.4

Compare Source

==================

Bugfixes

  • Fixed incorrectly overwriting cookies with the same name and domain, but different path. #&#8203;6638 <https://github.com/aio-libs/aiohttp/issues/6638>_
  • Fixed ConnectionResetError not being raised after client disconnection in SSL environments. #&#8203;7180 <https://github.com/aio-libs/aiohttp/issues/7180>_

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by RenovateBot

Merge request reports