chore(deps): update dependency aiohttp to v3.9.5
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
aiohttp | dependencies | minor |
==3.8.3 -> ==3.9.5
|
Release Notes
aio-libs/aiohttp (aiohttp)
v3.9.5
v3.9.4
: 3.9.4
Bug fixes
-
The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:
webknjaz
.Related issues and pull requests on GitHub: #8089.
-
Treated values of
Accept-Encoding
header as case-insensitive when checking for gzip files -- by :user:steverep
.Related issues and pull requests on GitHub: #8104.
-
Improved the DNS resolution performance on cache hit -- by :user:
bdraco
.This is achieved by avoiding an :mod:
asyncio
task creation in this case.Related issues and pull requests on GitHub: #8163.
-
Changed the type annotations to allow
dict
on :meth:aiohttp.MultipartWriter.append
, :meth:aiohttp.MultipartWriter.append_json
and :meth:aiohttp.MultipartWriter.append_form
-- by :user:cakemanny
Related issues and pull requests on GitHub: #7741.
-
Ensure websocket transport is closed when client does not close it -- by :user:
bdraco
.The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.
Related issues and pull requests on GitHub: #8200.
-
Leave websocket transport open if receive times out or is cancelled -- by :user:
bdraco
.This restores the behavior prior to the change in #7978.
Related issues and pull requests on GitHub: #8251.
-
Fixed content not being read when an upgrade request was not supported with the pure Python implementation. -- by :user:
bdraco
.Related issues and pull requests on GitHub: #8252.
-
Fixed a race condition with incoming connections during server shutdown -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: #8271.
-
Fixed
multipart/form-data
compliance with :rfc:7578
-- by :user:Dreamsorcerer
.Related issues and pull requests on GitHub: #8280.
-
Fixed blocking I/O in the event loop while processing files in a POST request -- by :user:
bdraco
.Related issues and pull requests on GitHub: #8283.
-
Escaped filenames in static view -- by :user:
bdraco
.Related issues and pull requests on GitHub: #8317.
-
Fixed the pure python parser to mark a connection as closing when a response has no length -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: #8320.
Features
-
Upgraded llhttp to 9.2.1, and started rejecting obsolete line folding in Python parser to match -- by :user:
Dreamsorcerer
.
Deprecations (removal in next major release)
-
Deprecated
content_transfer_encoding
parameter in :py:meth:FormData.add_field() <aiohttp.FormData.add_field>
-- by :user:Dreamsorcerer
.Related issues and pull requests on GitHub: #8280.
Improved documentation
-
Added a note about canceling tasks to avoid delaying server shutdown -- by :user:
Dreamsorcerer
.Related issues and pull requests on GitHub: #8267.
Contributor-facing changes
-
The pull request template is now asking the contributors to answer a question about the long-term maintenance challenges they envision as a result of merging their patches -- by :user:
webknjaz
.Related issues and pull requests on GitHub: #8099.
-
Updated CI and documentation to use NPM clean install and upgrade node to version 18 -- by :user:
steverep
.Related issues and pull requests on GitHub: #8116.
-
A pytest fixture
hello_txt
was introduced to aid static file serving tests in :file:test_web_sendfile_functional.py
. It dynamically provisionshello.txt
file variants shared across the tests in the module.-- by :user:
steverep
Related issues and pull requests on GitHub: #8136.
Packaging updates and notes for downstreams
-
Added an
internal
pytest marker for tests which should be skipped by packagers (use-m 'not internal'
to disable them) -- by :user:Dreamsorcerer
.Related issues and pull requests on GitHub: #8299.
v3.9.3
==================
Bug fixes
-
Fixed backwards compatibility breakage (in 3.9.2) of
ssl
parameter when set outside ofClientSession
(e.g. directly inTCPConnector
) -- by :user:Dreamsorcerer
.Related issues and pull requests on GitHub: :issue:
8097
, :issue:8098
.
Miscellaneous internal changes
-
Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.
Related issues and pull requests on GitHub: :issue:
3957
.
v3.9.2
==================
Bug fixes
-
Fixed server-side websocket connection leak.
Related issues and pull requests on GitHub: :issue:
7978
. -
Fixed
web.FileResponse
doing blocking I/O in the event loop.Related issues and pull requests on GitHub: :issue:
8012
. -
Fixed double compress when compression enabled and compressed file exists in server file responses.
Related issues and pull requests on GitHub: :issue:
8014
. -
Added runtime type check for
ClientSession
timeout
parameter.Related issues and pull requests on GitHub: :issue:
8021
. -
Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:
pajod
.Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:
9110#section-5.6.2
and are not known to be of any legitimate use.Related issues and pull requests on GitHub: :issue:
8074
. -
Improved validation of paths for static resources requests to the server -- by :user:
bdraco
.Related issues and pull requests on GitHub: :issue:
8079
.
Features
-
Added support for passing :py:data:
True
tossl
parameter inClientSession
while deprecating :py:data:None
-- by :user:xiangyan99
.Related issues and pull requests on GitHub: :issue:
7698
.
Breaking changes
-
Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:
pajod
.Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:
9110#section-5.6.2
and are not known to be of any legitimate use.Related issues and pull requests on GitHub: :issue:
8074
.
Improved documentation
-
Fixed examples of
fallback_charset_resolver
function in the :doc:client_advanced
document. -- by :user:henry0312
.Related issues and pull requests on GitHub: :issue:
7995
. -
The Sphinx setup was updated to avoid showing the empty changelog draft section in the tagged release documentation builds on Read The Docs -- by :user:
webknjaz
.Related issues and pull requests on GitHub: :issue:
8067
.
Packaging updates and notes for downstreams
-
The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately -- by :user:
webknjaz
.The new category tags are:
* ``bugfix`` * ``feature`` * ``deprecation`` * ``breaking`` (previously, ``removal``) * ``doc`` * ``packaging`` * ``contrib`` * ``misc``
Related issues and pull requests on GitHub: :issue:
8066
.
Contributor-facing changes
-
Updated :ref:
contributing/Tests coverage <aiohttp-contributing>
section to show how we usecodecov
-- by :user:Dreamsorcerer
.Related issues and pull requests on GitHub: :issue:
7916
. -
The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately -- by :user:
webknjaz
.The new category tags are:
* ``bugfix`` * ``feature`` * ``deprecation`` * ``breaking`` (previously, ``removal``) * ``doc`` * ``packaging`` * ``contrib`` * ``misc``
Related issues and pull requests on GitHub: :issue:
8066
.
Miscellaneous internal changes
-
Replaced all
tmpdir
fixtures withtmp_path
in test suite.Related issues and pull requests on GitHub: :issue:
3551
.
v3.9.1
==================
Bugfixes
-
Fixed importing aiohttp under PyPy on Windows.
#​7848 <https://github.com/aio-libs/aiohttp/issues/7848>
_ -
Fixed async concurrency safety in websocket compressor.
#​7865 <https://github.com/aio-libs/aiohttp/issues/7865>
_ -
Fixed
ClientResponse.close()
releasing the connection instead of closing.#​7869 <https://github.com/aio-libs/aiohttp/issues/7869>
_ -
Fixed a regression where connection may get closed during upgrade. -- by :user:
Dreamsorcerer
#​7879 <https://github.com/aio-libs/aiohttp/issues/7879>
_ -
Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:
Dreamsorcerer
#​7895 <https://github.com/aio-libs/aiohttp/issues/7895>
_
v3.9.0
==================
Features
-
Introduced
AppKey
for static typing support ofApplication
storage. See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config#​5864 <https://github.com/aio-libs/aiohttp/issues/5864>
_ -
Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. The period can be adjusted with the
shutdown_timeout
parameter. -- by :user:Dreamsorcerer
. See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown#​7188 <https://github.com/aio-libs/aiohttp/issues/7188>
_ -
Added
handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>
_ parameter to cancel web handler on client disconnection. -- by :user:mosquito
This (optionally) reintroduces a feature removed in a previous release. Recommended for those looking for an extra level of protection against denial-of-service attacks.#​7056 <https://github.com/aio-libs/aiohttp/issues/7056>
_ -
Added support for setting response header parameters
max_line_size
andmax_field_size
.#​2304 <https://github.com/aio-libs/aiohttp/issues/2304>
_ -
Added
auto_decompress
parameter toClientSession.request
to overrideClientSession._auto_decompress
. -- by :user:Daste745
#​3751 <https://github.com/aio-libs/aiohttp/issues/3751>
_ -
Changed
raise_for_status
to allow a coroutine.#​3892 <https://github.com/aio-libs/aiohttp/issues/3892>
_ -
Added client brotli compression support (optional with runtime check).
#​5219 <https://github.com/aio-libs/aiohttp/issues/5219>
_ -
Added
client_max_size
toBaseRequest.clone()
to allow overriding the request body size. -- :user:anesabml
.#​5704 <https://github.com/aio-libs/aiohttp/issues/5704>
_ -
Added a middleware type alias
aiohttp.typedefs.Middleware
.#​5898 <https://github.com/aio-libs/aiohttp/issues/5898>
_ -
Exported
HTTPMove
which can be used to catch any redirection request that has a location -- :user:dreamsorcerer
.#​6594 <https://github.com/aio-libs/aiohttp/issues/6594>
_ -
Changed the
path
parameter inweb.run_app()
to accept apathlib.Path
object.#​6839 <https://github.com/aio-libs/aiohttp/issues/6839>
_ -
Performance: Skipped filtering
CookieJar
when the jar is empty or all cookies have expired.#​7819 <https://github.com/aio-libs/aiohttp/issues/7819>
_ -
Performance: Only check origin if insecure scheme and there are origins to treat as secure, in
CookieJar.filter_cookies()
.#​7821 <https://github.com/aio-libs/aiohttp/issues/7821>
_ -
Performance: Used timestamp instead of
datetime
to achieve faster cookie expiration inCookieJar
.#​7824 <https://github.com/aio-libs/aiohttp/issues/7824>
_ -
Added support for passing a custom server name parameter to HTTPS connection.
#​7114 <https://github.com/aio-libs/aiohttp/issues/7114>
_ -
Added support for using Basic Auth credentials from :file:
.netrc
file when making HTTP requests with the :py:class:~aiohttp.ClientSession
trust_env
argument is set toTrue
. -- by :user:yuvipanda
.#​7131 <https://github.com/aio-libs/aiohttp/issues/7131>
_ -
Turned access log into no-op when the logger is disabled.
#​7240 <https://github.com/aio-libs/aiohttp/issues/7240>
_ -
Added typing information to
RawResponseMessage
. -- by :user:Gobot1234
#​7365 <https://github.com/aio-libs/aiohttp/issues/7365>
_ -
Removed
async-timeout
for Python 3.11+ (replaced withasyncio.timeout()
on newer releases).#​7502 <https://github.com/aio-libs/aiohttp/issues/7502>
_ -
Added support for
brotlicffi
as an alternative tobrotli
(fixing Brotli support on PyPy).#​7611 <https://github.com/aio-libs/aiohttp/issues/7611>
_ -
Added
WebSocketResponse.get_extra_info()
to access a protocol transport's extra info.#​7078 <https://github.com/aio-libs/aiohttp/issues/7078>
_ -
Allow
link
argument to be set to None/empty in HTTP 451 exception.#​7689 <https://github.com/aio-libs/aiohttp/issues/7689>
_
Bugfixes
-
Implemented stripping the trailing dots from fully-qualified domain names in
Host
headers and TLS context when acting as an HTTP client. This allows the client to connect to URLs with FQDN host name likehttps://example.com./
. -- by :user:martin-sucha
.#​3636 <https://github.com/aio-libs/aiohttp/issues/3636>
_ -
Fixed client timeout not working when incoming data is always available without waiting. -- by :user:
Dreamsorcerer
.#​5854 <https://github.com/aio-libs/aiohttp/issues/5854>
_ -
Fixed
readuntil
to work with a delimiter of more than one character.#​6701 <https://github.com/aio-libs/aiohttp/issues/6701>
_ -
Added
__repr__
toEmptyStreamReader
to avoidAttributeError
.#​6916 <https://github.com/aio-libs/aiohttp/issues/6916>
_ -
Fixed bug when using
TCPConnector
withttl_dns_cache=0
.#​7014 <https://github.com/aio-libs/aiohttp/issues/7014>
_ -
Fixed response returned from expect handler being thrown away. -- by :user:
Dreamsorcerer
#​7025 <https://github.com/aio-libs/aiohttp/issues/7025>
_ -
Avoided raising
UnicodeDecodeError
in multipart and in HTTP headers parsing.#​7044 <https://github.com/aio-libs/aiohttp/issues/7044>
_ -
Changed
sock_read
timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:dtrifiro
#​7149 <https://github.com/aio-libs/aiohttp/issues/7149>
_ -
Fixed missing query in tracing method URLs when using
yarl
1.9+.#​7259 <https://github.com/aio-libs/aiohttp/issues/7259>
_ -
Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a
DeprecationWarning
on Python 3.12.#​7302 <https://github.com/aio-libs/aiohttp/issues/7302>
_ -
Fixed
EmptyStreamReader.iter_chunks()
never ending. -- by :user:mind1m
#​7616 <https://github.com/aio-libs/aiohttp/issues/7616>
_ -
Fixed a rare
RuntimeError: await wasn't used with future
exception. -- by :user:stalkerg
#​7785 <https://github.com/aio-libs/aiohttp/issues/7785>
_ -
Fixed issue with insufficient HTTP method and version validation.
#​7700 <https://github.com/aio-libs/aiohttp/issues/7700>
_ -
Added check to validate that absolute URIs have schemes.
#​7712 <https://github.com/aio-libs/aiohttp/issues/7712>
_ -
Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates.
#​7715 <https://github.com/aio-libs/aiohttp/issues/7715>
_ -
Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator.
#​7719 <https://github.com/aio-libs/aiohttp/issues/7719>
_ -
Fixed Python HTTP parser not treating 204/304/1xx as an empty body.
#​7755 <https://github.com/aio-libs/aiohttp/issues/7755>
_ -
Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3.
#​7756 <https://github.com/aio-libs/aiohttp/issues/7756>
_ -
Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:
Dreamsorcerer
#​7764 <https://github.com/aio-libs/aiohttp/issues/7764>
_ -
Edge Case Handling for ResponseParser for missing reason value.
#​7776 <https://github.com/aio-libs/aiohttp/issues/7776>
_ -
Fixed
ClientWebSocketResponse.close_code
being erroneously set toNone
when there are concurrent async tasks receiving data and closing the connection.#​7306 <https://github.com/aio-libs/aiohttp/issues/7306>
_ -
Added HTTP method validation.
#​6533 <https://github.com/aio-libs/aiohttp/issues/6533>
_ -
Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:
Dreamsorcerer
#​7835 <https://github.com/aio-libs/aiohttp/issues/7835>
_ -
Performance: Fixed increase in latency with small messages from websocket compression changes.
#​7797 <https://github.com/aio-libs/aiohttp/issues/7797>
_
Improved Documentation
-
Fixed the
ClientResponse.release
's type in the doc. Changed fromcomethod
tomethod
.#​5836 <https://github.com/aio-libs/aiohttp/issues/5836>
_ -
Added information on behavior of base_url parameter in
ClientSession
.#​6647 <https://github.com/aio-libs/aiohttp/issues/6647>
_ -
Fixed
ClientResponseError
docs.#​6700 <https://github.com/aio-libs/aiohttp/issues/6700>
_ -
Updated Redis code examples to follow the latest API.
#​6907 <https://github.com/aio-libs/aiohttp/issues/6907>
_ -
Added a note about possibly needing to update headers when using
on_response_prepare
. -- by :user:Dreamsorcerer
#​7283 <https://github.com/aio-libs/aiohttp/issues/7283>
_ -
Completed
trust_env
parameter description to honorwss_proxy
,ws_proxy
orno_proxy
env.#​7325 <https://github.com/aio-libs/aiohttp/issues/7325>
_ -
Expanded SSL documentation with more examples (e.g. how to use certifi). -- by :user:
Dreamsorcerer
#​7334 <https://github.com/aio-libs/aiohttp/issues/7334>
_ -
Fix, update, and improve client exceptions documentation.
#​7733 <https://github.com/aio-libs/aiohttp/issues/7733>
_
Deprecations and Removals
-
Added
shutdown_timeout
parameter toBaseRunner
, while deprecatingshutdown_timeout
parameter fromBaseSite
. -- by :user:Dreamsorcerer
#​7718 <https://github.com/aio-libs/aiohttp/issues/7718>
_ -
Dropped Python 3.6 support.
#​6378 <https://github.com/aio-libs/aiohttp/issues/6378>
_ -
Dropped Python 3.7 support. -- by :user:
Dreamsorcerer
#​7336 <https://github.com/aio-libs/aiohttp/issues/7336>
_ -
Removed support for abandoned
tokio
event loop. -- by :user:Dreamsorcerer
#​7281 <https://github.com/aio-libs/aiohttp/issues/7281>
_
Misc
-
Made
print
argument inrun_app()
optional.#​3690 <https://github.com/aio-libs/aiohttp/issues/3690>
_ -
Improved performance of
ceil_timeout
in some cases.#​6316 <https://github.com/aio-libs/aiohttp/issues/6316>
_ -
Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:
Dreamsorcerer
#​6591 <https://github.com/aio-libs/aiohttp/issues/6591>
_ -
Improved import time by replacing
http.server
withhttp.HTTPStatus
.#​6903 <https://github.com/aio-libs/aiohttp/issues/6903>
_ -
Fixed annotation of
ssl
parameter to disallowTrue
. -- by :user:Dreamsorcerer
.#​7335 <https://github.com/aio-libs/aiohttp/issues/7335>
_
v3.8.6
==================
Security bugfixes
-
Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:
Dreamsorcerer
Thanks to :user:
kenballus
for reporting this, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9... _llhttp: https://llhttp.org
#​7647 <https://github.com/aio-libs/aiohttp/issues/7647>
_ -
Updated Python parser to comply with RFCs 9110/9112 -- by :user:
Dreamorcerer
Thanks to :user:
kenballus
for reporting this, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.#​7663 <https://github.com/aio-libs/aiohttp/issues/7663>
_
Deprecation
-
Added
fallback_charset_resolver
parameter inClientSession
to allow a user-supplied character set detection function.Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use
fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>
_.#​7561 <https://github.com/aio-libs/aiohttp/issues/7561>
_
Features
-
Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:
Dreamsorcerer
#​7490 <https://github.com/aio-libs/aiohttp/issues/7490>
_
Bugfixes
-
Fixed
PermissionError
when.netrc
is unreadable due to permissions.#​7237 <https://github.com/aio-libs/aiohttp/issues/7237>
_ -
Fixed output of parsing errors pointing to a
\n
. -- by :user:Dreamsorcerer
#​7468 <https://github.com/aio-libs/aiohttp/issues/7468>
_ -
Fixed
GunicornWebWorker
max_requests_jitter not working.#​7518 <https://github.com/aio-libs/aiohttp/issues/7518>
_ -
Fixed sorting in
filter_cookies
to use cookie with longest path. -- by :user:marq24
.#​7577 <https://github.com/aio-libs/aiohttp/issues/7577>
_ -
Fixed display of
BadStatusLine
messages from llhttp_. -- by :user:Dreamsorcerer
#​7651 <https://github.com/aio-libs/aiohttp/issues/7651>
_
v3.8.5
==================
Security bugfixes
-
Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:
webknjaz
and :user:Dreamsorcerer
.Thanks to :user:
sethmlarson
for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w... _llhttp: https://llhttp.org
#​7346 <https://github.com/aio-libs/aiohttp/issues/7346>
_
Features
-
Added information to C parser exceptions to show which character caused the error. -- by :user:
Dreamsorcerer
#​7366 <https://github.com/aio-libs/aiohttp/issues/7366>
_
Bugfixes
-
Fixed a transport is :data:
None
error -- by :user:Dreamsorcerer
.#​3355 <https://github.com/aio-libs/aiohttp/issues/3355>
_
v3.8.4
==================
Bugfixes
- Fixed incorrectly overwriting cookies with the same name and domain, but different path.
#​6638 <https://github.com/aio-libs/aiohttp/issues/6638>
_ - Fixed
ConnectionResetError
not being raised after client disconnection in SSL environments.#​7180 <https://github.com/aio-libs/aiohttp/issues/7180>
_
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.