Update dependency aiohttp to v3.14.1#226
Merged
Merged
Conversation
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #226 +/- ##
=======================================
Coverage 85.27% 85.27%
=======================================
Files 8 8
Lines 774 774
=======================================
Hits 660 660
Misses 114 114 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==3.14.0→==3.14.1Release Notes
aio-libs/aiohttp (aiohttp)
v3.14.1: 3.14.1Compare Source
Bug fixes
Fixed a race condition in :py:class:
~aiohttp.TCPConnectorwhere closing the connector while a DNS resolution was in-flight could raise :py:exc:AttributeErrorinstead of :py:exc:~aiohttp.ClientConnectionError-- by :user:goingforstudying-ctrl.Related issues and pull requests on GitHub:
#12497.
Fixed
CancelledErrornot closing a connection -- by :user:aiolibsbot.Related issues and pull requests on GitHub:
#12795.
Tightened up some websocket parser checks -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
#12817.
Fixed :class:
~aiohttp.CookieJardropping the host-only flag of cookies when persisted with :meth:~aiohttp.CookieJar.saveand reloaded with :meth:~aiohttp.CookieJar.load, so a cookie set without aDomainattribute is again scoped to the exact host that set it after a reload; the absolute expiration deadline is now persisted as well, so a reloaded cookie keeps its original lifetime instead of being rescheduled from the load time. :meth:~aiohttp.CookieJar.loadnow replaces the jar contents rather than merging onto prior state, and loaded cookies pass through the same acceptance rules as :meth:~aiohttp.CookieJar.update_cookies, so a cookie for an IP-address host is dropped when loaded into a jar created withoutunsafe=True-- by :user:bdraco.Related issues and pull requests on GitHub:
#12824.
Scoped :class:
~aiohttp.DigestAuthMiddlewarecredentials to the origin of the first request it handles, so a redirect to a different origin no longer triggers a digest response computed from the configured credentials; a challenge from another origin is only answered when that origin falls within a protection space advertised by the anchor origin through the RFC 7616domaindirective -- by :user:bdraco.Related issues and pull requests on GitHub:
#12825.
Fixed the C HTTP parser not enforcing
max_line_sizeon a request target or response reason phrase that is split across multiple reads; each fragment was checked on its own, so an accumulated line could exceed the limit without raisingLineTooLong. The accumulated length is now checked, matching the pure-Python parser -- by :user:bdraco.Related issues and pull requests on GitHub:
#12826.
Changed :class:
~aiohttp.TCPConnectorto reject legacy non-canonical numeric IPv4 host forms such as2130706433,017700000001and127.1with :exc:~aiohttp.InvalidUrlClientError; only canonical dotted-quad IPv4 literals are now treated as IP address literals, while every other host is sent through the configured resolver -- by :user:bdraco.Related issues and pull requests on GitHub:
#12827.
Fixed :meth:
~aiohttp.StreamReader.readanyand :meth:~aiohttp.StreamReader.read_nowaitjoining data fed back into the buffer during the call (when draining below the low water mark resumes reading) into a single unbounded :class:bytes; a call now returns only the chunks that were buffered when it started, keeping the drain of an unread auto-decompressed request body bounded by the read buffer -- by :user:bdraco.Related issues and pull requests on GitHub:
#12828.
Bounded the number of parsed-but-unhandled pipelined HTTP/1 requests buffered per connection on the server; once the queue reaches an internal limit the parser stops emitting and the transport is paused, resuming as the request handler drains the queue, so a client keeping one handler busy can no longer accumulate an unbounded backlog of pipelined requests -- by :user:
bdraco.Related issues and pull requests on GitHub:
#12830.
Fixed :meth:
aiohttp.web.Response.write_eofskippingPayload.close()when the body write was interrupted by an error or cancellation, for example when a client disconnects mid-response; the payload close hook now runs in afinallyso a :class:~aiohttp.payload.Payloadbody always releases its resources -- by :user:bdraco.Related issues and pull requests on GitHub:
#12831.
Fixed the pure-Python HTTP parser not enforcing
max_line_sizeon a chunk-size line when the whole line arrived in a single read; the limit was only applied to chunk-size metadata split across reads. The complete-line case is now checked too, matching the split-line behavior -- by :user:bdraco.Related issues and pull requests on GitHub:
#12832.
Included the per-request
server_hostnameoverride in the :class:~aiohttp.TCPConnectorconnection pool key, so a pooled TLS connection is no longer reused for a request that setsserver_hostnameto a different value -- by :user:bdraco.Related issues and pull requests on GitHub:
#12835.
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.