Update all non-major dependencies (minor) - autoclosed#150
Closed
renovate[bot] wants to merge 1 commit intomasterfrom
Closed
Update all non-major dependencies (minor) - autoclosed#150renovate[bot] wants to merge 1 commit intomasterfrom
renovate[bot] wants to merge 1 commit intomasterfrom
Conversation
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
ce72532 to
180690a
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
bf56c49 to
da36ed1
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
84add1e to
ef44670
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
e36df44 to
bfa37bb
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
99d4b54 to
9405853
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
9405853 to
ac14411
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
ac14411 to
5912118
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
136602f to
ab5007d
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
aa18280 to
326e7f3
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
1fbdaa9 to
5fe38f7
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
a8f44ba to
826ef38
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
b1ff9a8 to
69e5543
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
8c559f6 to
588b509
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
588b509 to
0d8b5b2
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
80bfcb2 to
a3d5541
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
3af138a to
73b9d4b
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
257fdae to
a3ce0ce
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
a3ce0ce to
1fef66e
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
06decfb to
72d439f
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
72d439f to
49ace3e
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
49ace3e to
88fbc0f
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
88fbc0f to
019b6d8
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
019b6d8 to
c77af3e
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
c77af3e to
cc39233
Compare
renovate
bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.0.3→3.1.210.1.0→10.4.03.9.5→3.13.34.12.3→4.14.324.1.1→24.10.02.5.2→2.6.42.9.0→2.15.0^0.17.0→^0.23.03.6→3.112.33.1→2.37.26.0.5→6.7.13.0.4→3.3.93.11-alpine3.17→3.12-alpine3.173.11-slim-trixie→3.14-slim-trixie2.31.0→2.32.5Release Notes
pallets/flask (Flask)
v3.1.2Compare Source
Released 2025-08-19
stream_with_contextdoes not fail inside async views. :issue:5774follow_redirectsin the test client, the final stateof
sessionis correct. :issue:5786send_file. :issue:5776v3.1.1Compare Source
Released 2025-05-13
SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28gcli_runner.invoke. :issue:5645flask --helploads the app and plugins first to make sure all commandsare shown. :issue:
5673AsyncIterable. This is not accurate for Flask, but makes typing easierfor Quart. :pr:
5659v3.1.0Compare Source
Released 2024-11-13
5623Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:
5624,5633responses. :pr:
5496Flask.open_resource/open_instance_resourceandBlueprint.open_resourcetake anencodingparameter to use whenopening in text mode. It defaults to
utf-8. :issue:5504Request.max_content_lengthcan be customized per-request instead of onlythrough the
MAX_CONTENT_LENGTHconfig. AddedMAX_FORM_MEMORY_SIZEandMAX_FORM_PARTSconfig. Added documentationabout resource limits to the security page. :issue:
5625Partitionedcookie attribute (CHIPS), with theSESSION_COOKIE_PARTITIONEDconfig. :issue:5472-e pathtakes precedence over default.envand.flaskenvfiles.load_dotenvloads default files in addition to a path unlessload_defaults=Falseis passed. :issue:5628SECRET_KEY_FALLBACKSconfig, a list of oldsecret keys that can still be used for unsigning. Extensions will need to
add support. :issue:
5621host_matching=Trueorsubdomain_matching=Falseinteracts with
SERVER_NAME. SettingSERVER_NAMEno longer restrictsrequests to only that domain. :issue:
5553Request.trusted_hostsis checked during routing, and can be set throughthe
TRUSTED_HOSTSconfig. :issue:5636python-pillow/Pillow (Pillow)
v10.4.0Compare Source
Raise FileNotFoundError if show_file() path does not exist #8178
[radarhere]
Improved reading 16-bit TGA images with colour #7965
[Yay295, radarhere]
Deprecate non-image ImageCms modes #8031
[radarhere]
Fixed processing multiple JPEG EXIF markers #8127
[radarhere]
Do not preserve EXIFIFD tag by default when saving TIFF images #8110
[radarhere]
Added ImageFont.load_default_imagefont() #8086
[radarhere]
Added Image.WARN_POSSIBLE_FORMATS #8063
[radarhere]
Remove zero-byte end padding when parsing any XMP data #8171
[radarhere]
Do not detect Ultra HDR images as MPO #8056
[radarhere]
Raise SyntaxError specific to JP2 #8146
[Yay295, radarhere]
Do not use first frame duration for other frames when saving APNG images #8104
[radarhere]
Consider I;16 pixel size when using a 1 mode mask #8112
[radarhere]
When saving multiple PNG frames, convert to mode rather than raw mode #8087
[radarhere]
Added byte support to FreeTypeFont #8141
[radarhere]
Allow float center for rotate operations #8114
[radarhere]
Do not read layers immediately when opening PSD images #8039
[radarhere]
Restore original thread state #8065
[radarhere]
Read IM and TIFF images as RGB, rather than RGBX #7997
[radarhere]
Only preserve TIFF IPTC_NAA_CHUNK tag if type is BYTE or UNDEFINED #7948
[radarhere]
Clarify ImageDraw2 error message when size is missing #8165
[radarhere]
Support unpacking more rawmodes to RGBA palettes #7966
[radarhere]
Removed support for Qt 5 #8159
[radarhere]
Improve
ImageFont.freetypesupport for XDG directories on Linux #8135[mamg22, radarhere]
Improved consistency of XMP handling #8069
[radarhere]
Use pkg-config to help find libwebp and raqm #8142
[radarhere]
Accept 't' suffix for libtiff version #8126, #8129
[radarhere]
Deprecate ImageDraw.getdraw hints parameter #8124
[radarhere, hugovk]
Added ImageDraw circle() #8085
[void4, hugovk, radarhere]
Add mypy target to Makefile #8077
[Yay295]
Added more modes to Image.MODES #7984
[radarhere]
Deprecate BGR;15, BGR;16 and BGR;24 modes #7978
[radarhere, hugovk]
Fix ImagingAccess for I;16N on big-endian #7921
[Yay295, radarhere]
Support reading P mode TIFF images with padding #7996
[radarhere]
Deprecate support for libtiff < 4 #7998
[radarhere, hugovk]
Corrected ImageShow UnixViewer command #7987
[radarhere]
Use functools.cached_property in ImageStat #7952
[nulano, hugovk, radarhere]
Add support for reading BITMAPV2INFOHEADER and BITMAPV3INFOHEADER #7956
[Cirras, radarhere]
Support reading CMYK JPEG2000 images #7947
[radarhere]
v10.3.0Compare Source
CVE-2024-28219: Use
strncpyto avoid buffer overflow #7928[radarhere, hugovk]
Deprecate
eval(), replacing it withlambda_eval()andunsafe_eval()#7927[radarhere, hugovk]
Raise
ValueErrorif seeking to greater than offset-sized integer in TIFF #7883[radarhere]
Add
--reportargument to__main__.pyto omit supported formats #7818[nulano, radarhere, hugovk]
Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920
[radarhere]
Fix editable installation with custom build backend and configuration options #7658
[nulano, radarhere]
Fix putdata() for I;16N on big-endian #7209
[Yay295, hugovk, radarhere]
Determine MPO size from markers, not EXIF data #7884
[radarhere]
Improved conversion from RGB to RGBa, LA and La #7888
[radarhere]
Support FITS images with GZIP_1 compression #7894
[radarhere]
Use I;16 mode for 9-bit JPEG 2000 images #7900
[scaramallion, radarhere]
Raise ValueError if kmeans is negative #7891
[radarhere]
Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893
[radarhere]
Raise ValueError for negative values when loading P1-P3 PPM images #7882
[radarhere]
Added reading of JPEG2000 palettes #7870
[radarhere]
Added alpha_quality argument when saving WebP images #7872
[radarhere]
Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881
[radarhere]
Stop reading EPS image at EOF marker #7753
[radarhere]
PSD layer co-ordinates may be negative #7706
[radarhere]
Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791
[radarhere]
When saving GIF frame that restores to background color, do not fill identical pixels #7788
[radarhere]
Fixed reading PNG iCCP compression method #7823
[radarhere]
Allow writing IFDRational to UNDEFINED tag #7840
[radarhere]
Fix logged tag name when loading Exif data #7842
[radarhere]
Use maximum frame size in IHDR chunk when saving APNG images #7821
[radarhere]
Prevent opening P TGA images without a palette #7797
[radarhere]
Use palette when loading ICO images #7798
[radarhere]
Use consistent arguments for load_read and load_seek #7713
[radarhere]
Turn off nullability warnings for macOS SDK #7827
[radarhere]
Fix shift-sign issue in Convert.c #7838
[r-barnes, radarhere]
Open 16-bit grayscale PNGs as I;16 #7849
[radarhere]
Handle truncated chunks at the end of PNG images #7709
[lajiyuan, radarhere]
Match mask size to pasted image size in GifImagePlugin #7779
[radarhere]
Release GIL while calling
WebPAnimDecoderGetNext#7782[evanmiller, radarhere]
Fixed reading FLI/FLC images with a prefix chunk #7804
[twolife]
Update wl-paste handling and return None for some errors in grabclipboard() on Linux #7745
[nik012003, radarhere]
Remove execute bit from
setup.py#7760[hugovk]
Do not support using test-image-results to upload images after test failures #7739
[radarhere]
Changed ImageMath.ops to be static #7721
[radarhere]
Fix APNG info after seeking backwards more than twice #7701
[esoma, radarhere]
Deprecate ImageCms constants and versions() function #7702
[nulano, radarhere]
Added PerspectiveTransform #7699
[radarhere]
Add support for reading and writing grayscale PFM images #7696
[nulano, hugovk]
Add LCMS2 flags to ImageCms #7676
[nulano, radarhere, hugovk]
Rename x64 to AMD64 in winbuild #7693
[nulano]
v10.2.0Compare Source
Add
keep_rgboption when saving JPEG to prevent conversion of RGB colorspace #7553[bgilbert, radarhere]
Trim glyph size in ImageFont.getmask() #7669, #7672
[radarhere, nulano]
Deprecate IptcImagePlugin helpers #7664
[nulano, hugovk, radarhere]
Allow uncompressed TIFF images to be saved in chunks #7650
[radarhere]
Concatenate multiple JPEG EXIF markers #7496
[radarhere]
Changed IPTC tile tuple to match other plugins #7661
[radarhere]
Do not assign new fp attribute when exiting context manager #7566
[radarhere]
Support arbitrary masks for uncompressed RGB DDS images #7589
[radarhere, akx]
Support setting ROWSPERSTRIP tag #7654
[radarhere]
Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #7662
[radarhere]
Optimise
ImageColorusingfunctools.lru_cache#7657[hugovk]
Restricted environment keys for ImageMath.eval() #7655
[wiredfool, radarhere]
Optimise
ImageMode.getmodeusingfunctools.lru_cache#7641[hugovk, radarhere]
Fix incorrect color blending for overlapping glyphs #7497
[ZachNagengast, nulano, radarhere]
Attempt memory mapping when tile args is a string #7565
[radarhere]
Fill identical pixels with transparency in subsequent frames when saving GIF #7568
[radarhere]
Corrected duration when combining multiple GIF frames into single frame #7521
[radarhere]
Handle disposing GIF background from outside palette #7515
[radarhere]
Seek past the data when skipping a PSD layer #7483
[radarhere]
Import plugins relative to the module #7576
[deliangyang, jaxx0n]
Translate encoder error codes to strings; deprecate
ImageFile.raise_oserror()#7609[bgilbert, radarhere]
Support reading BC4U and DX10 BC1 images #6486
[REDxEYE, radarhere, hugovk]
Optimize ImageStat.Stat.extrema #7593
[florath, radarhere]
Handle pathlib.Path in FreeTypeFont #7578
[radarhere, hugovk, nulano]
Added support for reading DX10 BC4 DDS images #7603
[sambvfx, radarhere]
Optimized ImageStat.Stat.count #7599
[florath]
Correct PDF palette size when saving #7555
[radarhere]
Fixed closing file pointer with olefile 0.47 #7594
[radarhere]
Raise ValueError when TrueType font size is not greater than zero #7584, #7587
[akx, radarhere]
If absent, do not try to close fp when closing image #7557
[RaphaelVRossi, radarhere]
Allow configuring JPEG restart marker interval on save #7488
[bgilbert, radarhere]
Decrement reference count for PyObject #7549
[radarhere]
Implement
streamtype=1option for tables-only JPEG encoding #7491[bgilbert, radarhere]
If save_all PNG only has one frame, do not create animated image #7522
[radarhere]
Fixed frombytes() for images with a zero dimension #7493
[radarhere]
aio-libs/aiohttp (aiohttp)
v3.13.3Compare Source
===================
This release contains fixes for several vulnerabilities. It is advised to
upgrade as soon as possible.
Bug fixes
Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors
-- by :user:
GLeurquin.Related issues and pull requests on GitHub:
:issue:
2596.Fixed multipart reading failing when encountering an empty body part -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
11857.Fixed a case where the parser wasn't raising an exception for a websocket continuation frame when there was no initial frame in context.
Related issues and pull requests on GitHub:
:issue:
11862.Removals and backward incompatible breaking changes
Brotliandbrotlicffiminimum version is now 1.2.Decompression now has a default maximum output size of 32MiB per decompress call -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
11898.Packaging updates and notes for downstreams
Moved dependency metadata from :file:
setup.cfgto :file:pyproject.tomlper :pep:621-- by :user:
cdce8p.Related issues and pull requests on GitHub:
:issue:
11643.Contributor-facing changes
Removed unused
update-pre-commitgithub action workflow -- by :user:Cycloctane.Related issues and pull requests on GitHub:
:issue:
11689.Miscellaneous internal changes
Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10713.Added regression test for cached logging status -- by :user:
meehand.Related issues and pull requests on GitHub:
:issue:
11778.v3.13.2: 3.13.2Compare Source
Bug fixes
Fixed cookie parser to continue parsing subsequent cookies when encountering a malformed cookie that fails regex validation, such as Google's
g_statecookie with unescaped quotes -- by :user:bdraco.Related issues and pull requests on GitHub:
#11632.
Fixed loading netrc credentials from the default :file:
~/.netrc(:file:~/_netrcon Windows) location when the :envvar:NETRCenvironment variable is not set -- by :user:bdraco.Related issues and pull requests on GitHub:
#11713, #11714.
Fixed WebSocket compressed sends to be cancellation safe. Tasks are now shielded during compression to prevent compressor state corruption. This ensures that the stateful compressor remains consistent even when send operations are cancelled -- by :user:
bdraco.Related issues and pull requests on GitHub:
#11725.
v3.13.1Compare Source
===================
Features
Make configuration options in
AppRunneralso available inrun_app()-- by :user:
Cycloctane.Related issues and pull requests on GitHub:
:issue:
11633.Bug fixes
Switched to
backports.zstdfor Python <3.14 and fixed zstd decompression for chunked zstd streams -- by :user:ZhaoMJ.Note: Users who installed
zstandardfor support on Python <3.14 will now need to installbackports.zstdinstead (installingaiohttp[speedups]will do this automatically).Related issues and pull requests on GitHub:
:issue:
11623.Updated
Content-Typeheader parsing to returnapplication/octet-streamwhen header contains invalid syntax.See :rfc:
9110#section-8.3-5.-- by :user:
sgaist.Related issues and pull requests on GitHub:
:issue:
10889.Fixed Python 3.14 support when built without
zstdsupport -- by :user:JacobHenner.Related issues and pull requests on GitHub:
:issue:
11603.Fixed blocking I/O in the event loop when using netrc authentication by moving netrc file lookup to an executor -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
11634.Fixed routing to a sub-application added via
.add_domain()not workingif the same path exists on the parent app. -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
11673.Packaging updates and notes for downstreams
Moved core packaging metadata from :file:
setup.cfgto :file:pyproject.tomlper :pep:621-- by :user:
cdce8p.Related issues and pull requests on GitHub:
:issue:
9951.v3.13.0Compare Source
===================
Features
Added support for Python 3.14.
Related issues and pull requests on GitHub:
:issue:
10851, :issue:10872.Added support for free-threading in Python 3.14+ -- by :user:
kumaraditya303.Related issues and pull requests on GitHub:
:issue:
11466, :issue:11464.Added support for Zstandard (aka Zstd) compression
-- by :user:
KGuillaume-chaps.Related issues and pull requests on GitHub:
:issue:
11161.Added
StreamReader.total_raw_bytesto check the number of bytes downloaded-- by :user:
robpats.Related issues and pull requests on GitHub:
:issue:
11483.Bug fixes
Fixed pytest plugin to not use deprecated :py:mod:
asynciopolicy APIs.Related issues and pull requests on GitHub:
:issue:
10851.Updated
Content-Dispositionheader parsing to handle trailing semicolons and empty parts-- by :user:
PLPeeters.Related issues and pull requests on GitHub:
:issue:
11243.Fixed saved
CookieJarfailing to be loaded if cookies havepartitionedflag whenhttp.cookiedoes not have partitioned cookies supports. -- by :user:Cycloctane.Related issues and pull requests on GitHub:
:issue:
11523.Improved documentation
Added
Wireupto third-party libraries -- by :user:maldoinc.Related issues and pull requests on GitHub:
:issue:
11233.Packaging updates and notes for downstreams
The
blockbustertest dependency is now optional; the corresponding test fixture is disabled when it is unavailable-- by :user:
musicinybrain.Related issues and pull requests on GitHub:
:issue:
11363.Added
riscv64build to releases -- by :user:eshattow.Related issues and pull requests on GitHub:
:issue:
11425.Contributor-facing changes
Fixed
test_send_compress_textfailing when alternative zlib implementationis used. (
zlib-ngin python 3.14 windows build) -- by :user:Cycloctane.Related issues and pull requests on GitHub:
:issue:
11546.v3.12.15Compare Source
====================
Bug fixes
Fixed :class:
~aiohttp.DigestAuthMiddlewareto preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expectingalgorithm=MD5-sessinstead ofalgorithm=MD5-SESS)-- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
11352.Improved documentation
Remove outdated contents of
aiohttp-devtoolsandaiohttp-swaggerfrom Web_advanced docs.
-- by :user:
CycloctaneRelated issues and pull requests on GitHub:
:issue:
11347.Packaging updates and notes for downstreams
Started including the
llhttp:file:LICENSEfile in wheels by addingvendor/llhttp/LICENSEtolicense-filesin :file:setup.cfg-- by :user:threexc.Related issues and pull requests on GitHub:
:issue:
11226.Contributor-facing changes
Updated a regex in
test_aiohttp_request_coroutinefor Python 3.14.Related issues and pull requests on GitHub:
:issue:
11271.v3.12.14Compare Source
====================
Bug fixes
Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:
9110#section-15.4.3-3.1-- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11270.Fixed :py:meth:
ClientSession.close() <aiohttp.ClientSession.close>hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11273.Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
11280.Features
Added initial trailer parsing logic to Python HTTP parser -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
11269.Improved documentation
Clarified exceptions raised by
WebSocketResponse.send_frameet al.-- by :user:
DoctorJohn.Related issues and pull requests on GitHub:
:issue:
11234.v3.12.13Compare Source
====================
Bug fixes
Fixed auto-created :py:class:
~aiohttp.TCPConnectornot using the session's event loop when :py:class:~aiohttp.ClientSessionis created without an explicit connector -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11147.v3.12.12Compare Source
====================
Bug fixes
Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g.,
\012for newline) by vendoring the correct_unquoteimplementation from Python'shttp.cookiesmodule -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11173.Fixed
Cookieheader parsing to treat attribute names as regular cookies per :rfc:6265#section-5.4-- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11178.v3.12.11Compare Source
====================
Features
Improved SSL connection handling by changing the default
ssl_shutdown_timeoutfrom
0.1to0seconds. SSL connections now use Python's default gracefulshutdown during normal operation but are aborted immediately when the connector
is closed, providing optimal behavior for both cases. Also added support for
ssl_shutdown_timeout=0on all Python versions. Previously, this value wasrejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
Python < 3.11 now trigger a
RuntimeWarning-- by :user:bdraco.The
ssl_shutdown_timeoutparameter is now deprecated and will be removed inaiohttp 4.0 as there is no clear use case for changing the default.
Related issues and pull requests on GitHub:
:issue:
11148.Deprecations (removal in next major release)
Improved SSL connection handling by changing the default
ssl_shutdown_timeoutfrom
0.1to0seconds. SSL connections now use Python's default gracefulshutdown during normal operation but are aborted immediately when the connector
is closed, providing optimal behavior for both cases. Also added support for
ssl_shutdown_timeout=0on all Python versions. Previously, this value wasrejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
Python < 3.11 now trigger a
RuntimeWarning-- by :user:bdraco.The
ssl_shutdown_timeoutparameter is now deprecated and will be removed inaiohttp 4.0 as there is no clear use case for changing the default.
Related issues and pull requests on GitHub:
:issue:
11148.v3.12.10Compare Source
====================
Bug fixes
Fixed leak of
aiodns.DNSResolverwhen :py:class:~aiohttp.TCPConnectoris closed and no resolver was passed when creating the connector -- by :user:Tasssadar.This was a regression introduced in version 3.12.0 (:pr:
10897).Related issues and pull requests on GitHub:
:issue:
11150.v3.12.9Compare Source
===================
Bug fixes
Fixed
IOBasePayloadandTextIOPayloadreading entire files into memory when streaming large files -- by :user:bdraco.When using file-like objects with the aiohttp client, the entire file would be read into memory if the file size was provided in the
Content-Lengthheader. This could cause out-of-memory errors when uploading large files. The payload classes now correctly read data in chunks ofREAD_SIZE(64KB) regardless of the total content length.Related issues and pull requests on GitHub:
:issue:
11138.v3.12.8Compare Source
===================
Features
Added preemptive digest authentication to :class:
~aiohttp.DigestAuthMiddleware-- by :user:bdraco.The middleware now reuses authentication credentials for subsequent requests to the same
protection space, improving efficiency by avoiding extra authentication round trips.
This behavior matches how web browsers handle digest authentication and follows
:rfc:
7616#section-3.6.Preemptive authentication is enabled by default but can be disabled by passing
preemptive=Falseto the middleware constructor.Related issues and pull requests on GitHub:
:issue:
11128, :issue:11129.v3.12.7Compare Source
===================
.. warning::
This release fixes an issue where the
quote_cookieparameter was not being properlyrespected for shared cookies (domain="", path=""). If your server does not handle quoted
cookies correctly, you may need to disable cookie quoting by setting
quote_cookie=Falsewhen creating your :class:
~aiohttp.ClientSessionor :class:~aiohttp.CookieJar.See :ref:
aiohttp-client-cookie-quoting-routinefor details.Bug fixes
Fixed cookie parsing to be more lenient when handling cookies with special characters
in names or values. Cookies with characters like
{,}, and/in names are nowaccepted instead of causing a :exc:
~http.cookies.CookieErrorand 500 errors. Additionally,cookies with mismatched quotes in values are now parsed correctly, and quoted cookie
values are now handled consistently whether or not they include special attributes
like
Domain. Also fixed :class:~aiohttp.CookieJarto ensure shared cookies (domain="", path="")respect the
quote_cookieparameter, making cookie quoting behavior consistent forall cookies -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
2683, :issue:5397, :issue:7993, :issue:11112.Fixed an issue where cookies with duplicate names but different domains or paths
were lost when updating the cookie jar. The :class:
~aiohttp.ClientSessioncookie jar now correctly stores all cookies even if they have the same name but
different domain or path, following the :rfc:
6265#section-5.3storage model -- by :user:bdraco.Note that :attr:
ClientResponse.cookies <aiohttp.ClientResponse.cookies>returnsa :class:
~http.cookies.SimpleCookiewhich uses the cookie name as a key, soonly the last cookie with each name is accessible via this interface. All cookies
can be accessed via :meth:
ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall>if needed.Related issues and pull requests on GitHub:
:issue:
4486, :issue:11105, :issue:11106.Miscellaneous internal changes
Avoided creating closed futures in
ResponseHandlerthat will never be awaited -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
11107.Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
11114.v3.12.6Compare Source
===================
Bug fixes
Fixed spurious "Future exception was never retrieved" warnings for connection lost errors when the connector is not closed -- by :user:
bdraco.When connections are lost, the exception is now marked as retrieved since it is always propagated through other means, preventing unnecessary warnings in logs.
Related issues and pull requests on GitHub:
:issue:
11100.v3.12.4Compare Source
===================
Bug fixes
Fixed connector not waiting for connections to close before returning from :meth:
~aiohttp.BaseConnector.close(partial backport of :pr:3733) -- by :user:atemateand :user:bdraco.Related issues and pull requests on GitHub:
:issue:
1925, :issue:11074.v3.12.3Compare Source
===================
Bug fixes
Fixed memory leak in :py:meth:
~aiohttp.CookieJar.filter_cookiesthat caused unbounded memory growthwhen making requests to different URL paths -- by :user:
bdracoand :user:Cycloctane.Related issues and pull requests on GitHub:
:issue:
11052, :issue:11054.v3.12.2Compare Source
===================
Bug fixes
Fixed
Content-Lengthheader not being set to0for non-GET requests withNonebody -- by :user:bdraco.Non-GET requests (
POST,PUT,PATCH,DELETE) withNoneas the body now correctly set theContent-Lengthheader to0, matching the behavior of requests with empty bytes (b""). This regression was introduced in aiohttp 3.12.1.Related issues and pull requests on GitHub:
:issue:
11035.v3.12.1Compare Source
====================
Bug fixes
Fixed :class:
~aiohttp.DigestAuthMiddlewareto preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expectingalgorithm=MD5-sessinstead ofalgorithm=MD5-SESS)-- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
11352.Improved documentation
Remove outdated contents of
aiohttp-devtoolsandaiohttp-swaggerfrom Web_advanced docs.
-- by :user:
CycloctaneRelated issues and pull requests on GitHub:
:issue:
11347.Packaging updates and notes for downstreams
Started including the
llhttp:file:LICENSEfile in wheels by addingvendor/llhttp/LICENSEtolicense-filesin :file:setup.cfg-- by :user:threexc.Related issues and pull requests on GitHub:
:issue:
11226.Contributor-facing changes
Updated a regex in
test_aiohttp_request_coroutinefor Python 3.14.Related issues and pull requests on GitHub:
:issue:
11271.v3.12.0Compare Source
===================
Bug fixes
Fixed :py:attr:
~aiohttp.web.WebSocketResponse.preparedproperty to correctly reflect the prepared state, especially during timeout scenarios -- by :user:bdracoRelated issues and pull requests on GitHub:
:issue:
6009, :issue:10988.Response is now always True, instead of using MutableMapping behaviour (False when map is empty)
Related issues and pull requests on GitHub:
:issue:
10119.Fixed connection reuse for file-like data payloads by ensuring buffer
truncation respects content-length boundaries and preventing premature
connection closure race -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10325, :issue:10915, :issue:10941, :issue:10943.Fixed pytest plugin to not use deprecated :py:mod:
asynciopolicy APIs.Related issues and pull requests on GitHub:
:issue:
10851.Fixed :py:class:
~aiohttp.resolver.AsyncResolvernot using theloopargument in versions 3.x where it should still be supported -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
10951.Features
Added a comprehensive HTTP Digest Authentication client middleware (DigestAuthMiddleware)
that implements RFC 7616. The middleware supports all standard hash algorithms
(MD5, SHA, SHA-256, SHA-512) with session variants, handles both 'auth' and
'auth-int' quality of protection options, and automatically manages the
authentication flow by intercepting 401 responses and retrying with proper
credentials -- by :user:
feus4177, :user:TimMenninger, and :user:bdraco.Related issues and pull requests on GitHub:
:issue:
2213, :issue:10725.Added client middleware support -- by :user:
bdracoand :user:Dreamsorcerer.This change allows users to add middleware to the client session and requests, enabling features like
authentication, logging, and request/response modification without modifying the core
request logic. Additionally, the
sessionattribute was added toClientRequest,allowing middleware to access the session for making additional requests.
Related issues and pull requests on GitHub:
:issue:
9732, :issue:10902, :issue:10945, :issue:10952, :issue:10959, :issue:10968.Allow user setting zlib compression backend -- by :user:
TimMenningerThis change allows the user to call :func:
aiohttp.set_zlib_backend()with thezlib compression module of their choice. Default behavior continues to use
the builtin
zliblibrary.Related issues and pull requests on GitHub:
:issue:
9798.Added support for overriding the base URL with an absolute one in client sessions
-- by :user:
vivodi.Related issues and pull requests on GitHub:
:issue:
10074.Added
hostparameter toaiohttp_serverfixture -- by :user:christianwbrock.Related issues and pull requests on GitHub:
:issue:
10120.Detect blocking calls in coroutines using BlockBuster -- by :user:
cbornet.Related issues and pull requests on GitHub:
:issue:
10433.Added
socket_factoryto :py:class:aiohttp.TCPConnectorto allow specifying custom socket options-- by :user:
TimMenninger.Related issues and pull requests on GitHub:
:issue:
10474, :issue:10520, :issue:10961, :issue:10962.Started building armv7l manylinux wheels -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10797.Implemented shared DNS resolver management to fix excessive resolver object creation
when using multiple client sessions. The new
_DNSResolverManagersingleton ensuresonly one
DNSResolverobject is created for default configurations, significantlyreducing resource usage and improving performance for applications using multiple
client sessions simultaneously -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10847, :issue:10923, :issue:10946.Upgraded to LLHTTP 9.3.0 -- by :user:
Dreamsorcerer.Related issues and pull requests on GitHub:
:issue:
10972.Optimized small HTTP requests/responses by coalescing headers and body into a single TCP packet -- by :user:
bdraco.This change enhances network efficiency by reducing the number of packets sent for small HTTP payloads, improving latency and reducing overhead. Most importantly, this fixes compatibility with memory-constrained IoT devices that can only perform a single read operation and expect HTTP requests in one packet. The optimization uses zero-copy
writelineswhen coalescing data and works with both regular and chunked transfer encoding.When
aiohttpuses client middleware to communicate with anaiohttpserver, connection reuse is more likely to occur since complete responses arrive in a single packet for small payloads.This aligns
aiohttpwith other popular HTTP clients that already coalesce small requests.Related issues and pull requests on GitHub:
:issue:
10991.Improved documentation
Improved documentation for middleware by adding warnings and examples about
request body stream consumption. The documentation now clearly explains that
request body streams can only be read once and provides best practices for
sharing parsed request data between middleware and handlers -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
2914.Packaging updates and notes for downstreams
Removed non SPDX-license description from
setup.cfg-- by :user:devanshu-ziphq.Related issues and pull requests on GitHub:
:issue:
10662.Added support for building against system
llhttplibrary -- by :user:mgorny.This change adds support for :envvar:
AIOHTTP_USE_SYSTEM_DEPSenvironment variable thatcan be used to build aiohttp against the system install of the
llhttplibrary ratherthan the vendored one.
Related issues and pull requests on GitHub:
:issue:
10759.aiodnsis now installed on Windows with speedups extra -- by :user:bdraco.As of
aiodns3.3.0,SelectorEventLoopis no longer required when usingpycares4.7.0 or later.Related issues and pull requests on GitHub:
:issue:
10823.Fixed compatibility issue with Cython 3.1.1 -- by :user:
bdracoRelated issues and pull requests on GitHub:
:issue:
10877.Contributor-facing changes
Sped up tests by disabling
blockbusterfixture fortest_static_file_hugeandtest_static_file_huge_canceltests -- by :user:dikos1337.Related issues and pull requests on GitHub:
:issue:
9705, :issue:10761.Updated tests to avoid using deprecated :py:mod:
asynciopolicy APIs andmake it compatible with Python 3.14.
Related issues and pull requests on GitHub:
:issue:
10851.Added Winloop to test suite to support in the future -- by :user:
Vizonex.Related issues and pull requests on GitHub:
:issue:
10922.Miscellaneous internal changes
Added support for the
partitionedattribute in theset_cookiemethod.Related issues and pull requests on GitHub:
:issue:
9870.Setting :attr:
aiohttp.web.StreamResponse.last_modifiedto an unsupported type will now raise :exc:TypeErrorinstead of silently failing -- by :user:bdraco.Related issues and pull requests on GitHub:
:issue:
10146.v3.11.18Compare Source
====================
Bug fixes
Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop and newer Python versions -- by :user:
lezgomatt.Related issues and pull requests on GitHub:
:issue:
7686.Fixed reading fragmented WebSocket messages when the payload was masked -- by :user:
bdraco.The problem first appeared in 3.11.17
Related issues and pull requests on GitHub:
:issue:
10764.v3.11.17Compare Source
====================
Miscellaneous internal changes
Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10713.Improved web server performance when connection can be reused -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10714.Improved performance of the WebSocket reader -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10740.Improved performance of the WebSocket reader with large messages -- by :user:
bdraco.Related issues and pull requests on GitHub:
:issue:
10744.v3.11.16[Compare Source](https://redirect.github.com/aio-libs/aiohttp/compare/v3.11.1
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.