From 47b8b576133212b9e94a5c98786f279d010d85f0 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 18 Dec 2024 11:54:28 -1000 Subject: [PATCH 001/111] Increment version to 3.11.12.dev0 (#10183) --- aiohttp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index b9af3f829f7..0c3c65fdbe1 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.11.11" +__version__ = "3.11.12.dev0" from typing import TYPE_CHECKING, Tuple From a438bd3afc7834d33016dee747e29732fe0da841 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 22:41:28 +0000 Subject: [PATCH 002/111] Bump actions/cache from 4.1.2 to 4.2.0 (#10190) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/cache](https://github.com/actions/cache) from 4.1.2 to 4.2.0.
Release notes

Sourced from actions/cache's releases.

v4.2.0

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

  • @​actions/core: 1.11.1
  • @​actions/io: 1.1.3
  • @​vercel/ncc: 0.38.3

Full Changelog: https://github.com/actions/cache/compare/v4...v4.2.0

Changelog

Sourced from actions/cache's changelog.

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.1.2&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 95238b93687..d5e119b779d 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -47,7 +47,7 @@ jobs: with: python-version: 3.11 - name: Cache PyPI - uses: actions/cache@v4.1.2 + uses: actions/cache@v4.2.0 with: key: pip-lint-${{ hashFiles('requirements/*.txt') }} path: ~/.cache/pip @@ -99,7 +99,7 @@ jobs: with: submodules: true - name: Cache llhttp generated files - uses: actions/cache@v4.1.2 + uses: actions/cache@v4.2.0 id: cache with: key: llhttp-${{ hashFiles('vendor/llhttp/package*.json', 'vendor/llhttp/src/**/*') }} @@ -163,7 +163,7 @@ jobs: echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}" shell: bash - name: Cache PyPI - uses: actions/cache@v4.1.2 + uses: actions/cache@v4.2.0 with: key: pip-ci-${{ runner.os }}-${{ matrix.pyver }}-${{ matrix.no-extensions }}-${{ hashFiles('requirements/*.txt') }} path: ${{ steps.pip-cache.outputs.dir }} From d3ca8b1f3245fda82dcaf9f0d8d8cb67dad1d9aa Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 23:34:39 +0000 Subject: [PATCH 003/111] [PR #10192/693e57f6 backport][3.12] Bump Dependabot updates to Python 3.10 (#10193) **This is a backport of PR #10192 as merged into master (693e57f602a2d455a72582197987f48042464e55).** Co-authored-by: Sam Bull --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/cython.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- requirements/lint.txt | 2 +- requirements/multidict.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 1e7c0bbe6c1..0f048bdd859 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/base.txt --strip-extras requirements/base.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 740e3e2d559..3f211a4d386 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # To update, run: # # pip-compile --allow-unsafe --output-file=requirements/constraints.txt --resolver=backtracking --strip-extras requirements/constraints.in diff --git a/requirements/cython.txt b/requirements/cython.txt index f67cc903a0b..7e392bddf91 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/cython.txt --resolver=backtracking --strip-extras requirements/cython.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 72e49ed9edf..dcbbd95b2bd 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # To update, run: # # pip-compile --allow-unsafe --output-file=requirements/dev.txt --resolver=backtracking --strip-extras requirements/dev.in diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 892ae6b164c..d3b456f3274 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/doc-spelling.txt --strip-extras requirements/doc-spelling.in diff --git a/requirements/doc.txt b/requirements/doc.txt index f7f98330e1f..a7c6e8cdfc8 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # To update, run: # # pip-compile --allow-unsafe --output-file=requirements/doc.txt --resolver=backtracking --strip-extras requirements/doc.in diff --git a/requirements/lint.txt b/requirements/lint.txt index d7d97277bce..9e9160fbde9 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/lint.txt --resolver=backtracking --strip-extras requirements/lint.in diff --git a/requirements/multidict.txt b/requirements/multidict.txt index b8b44428920..e9f433aa07d 100644 --- a/requirements/multidict.txt +++ b/requirements/multidict.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/multidict.txt --resolver=backtracking --strip-extras requirements/multidict.in diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index cf7f0e396f6..2bf55e750fe 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/runtime-deps.txt --strip-extras requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index 33510f18682..2c6677d1cb3 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with python 3.8 +# This file is autogenerated by pip-compile with python 3.10 # by the following command: # # pip-compile --allow-unsafe --output-file=requirements/test.txt --resolver=backtracking --strip-extras requirements/test.in From 65ac69a7ed75917d64c5e38fdd9b192058f5d5e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 10:38:12 +0000 Subject: [PATCH 004/111] Bump six from 1.16.0 to 1.17.0 (#10204) Bumps [six](https://github.com/benjaminp/six) from 1.16.0 to 1.17.0.
Changelog

Sourced from six's changelog.

1.17.0

  • Pull request #388: Remove URLopener and FancyURLopener classes from urllib.request when running on Python 3.14 or greater.

  • Pull request #365, issue #283: six.moves.UserDict now points to UserDict.IterableUserDict instead of UserDict.UserDict on Python 2.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=six&package-manager=pip&previous-version=1.16.0&new-version=1.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 44 ++++++++---------------------------- requirements/dev.txt | 25 ++++++++------------ requirements/lint.txt | 7 +++--- requirements/test.txt | 14 +++++------- 4 files changed, 29 insertions(+), 61 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 3f211a4d386..1b0cf42c3e7 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -18,8 +18,6 @@ alabaster==1.0.0 # via sphinx annotated-types==0.7.0 # via pydantic -apipkg==1.5 - # via execnet async-timeout==4.0.3 ; python_version < "3.11" # via # -r requirements/runtime-deps.in @@ -69,12 +67,12 @@ docutils==0.20.1 # via sphinx exceptiongroup==1.2.2 # via pytest +execnet==2.1.1 + # via pytest-xdist filelock==3.16.1 # via # pytest-codspeed # virtualenv -execnet==2.1.1 - # via pytest-xdist freezegun==1.5.1 # via # -r requirements/lint.in @@ -96,12 +94,6 @@ idna==3.3 # yarl imagesize==1.4.1 # via sphinx -importlib-metadata==8.5.0 - # via - # build - # sphinx -importlib-resources==6.4.5 - # via towncrier incremental==24.7.2 # via towncrier iniconfig==2.0.0 @@ -148,11 +140,7 @@ propcache==0.2.0 # -r requirements/runtime-deps.in # yarl proxy-py==2.4.9 - # via - # -r requirements/lint.in - # -r requirements/test.in -py==1.11.0 - # via pytest + # via -r requirements/test.in pycares==4.4.0 # via aiodns pycparser==2.22 @@ -190,29 +178,17 @@ pytest-codspeed==3.0.0 pytest-cov==5.0.0 # via -r requirements/test.in pytest-mock==3.14.0 - # via -r requirements/test.in -pytest-xdist==3.6.1 - # via -r requirements/test.txt -python-dateutil==2.8.2 - # via freezegun -python-on-whales==0.71.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==5.0.0 +pytest-xdist==3.6.1 # via -r requirements/test.in -pytest-mock==3.14.0 - # via - # -r requirements/lint.in - # -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.73.0 # via # -r requirements/lint.in # -r requirements/test.in -pytz==2024.2 - # via babel pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 @@ -225,12 +201,14 @@ requests==2.32.3 # python-on-whales # sphinx rich==13.9.3 - # via typer + # via + # pytest-codspeed + # typer setuptools-git==1.2 # via -r requirements/test.in shellingham==1.5.4 # via typer -six==1.16.0 +six==1.17.0 # via python-dateutil slotscheck==0.19.1 # via -r requirements/lint.in @@ -267,6 +245,7 @@ tomli==2.0.2 # pip-tools # pytest # slotscheck + # sphinx # towncrier towncrier==23.11.0 # via @@ -282,7 +261,6 @@ typer==0.12.5 # via python-on-whales typing-extensions==4.12.2 # via - # annotated-types # multidict # mypy # pydantic @@ -308,10 +286,6 @@ wheel==0.44.0 # via pip-tools yarl==1.18.3 # via -r requirements/runtime-deps.in -zipp==3.20.2 - # via - # importlib-metadata - # importlib-resources # The following packages are considered to be unsafe in a requirements file: pip==24.3.1 diff --git a/requirements/dev.txt b/requirements/dev.txt index dcbbd95b2bd..67f23c108a0 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -65,6 +65,8 @@ docutils==0.20.1 # via sphinx exceptiongroup==1.2.2 # via pytest +execnet==2.1.1 + # via pytest-xdist filelock==3.16.1 # via # pytest-codspeed @@ -90,12 +92,6 @@ idna==3.4 # yarl imagesize==1.4.1 # via sphinx -importlib-metadata==8.5.0 - # via - # build - # sphinx -importlib-resources==6.4.5 - # via towncrier incremental==24.7.2 # via towncrier iniconfig==2.0.0 @@ -169,6 +165,7 @@ pytest==8.3.3 # pytest-codspeed # pytest-cov # pytest-mock + # pytest-xdist pytest-codspeed==3.0.0 # via # -r requirements/lint.in @@ -179,14 +176,14 @@ pytest-mock==3.14.0 # via # -r requirements/lint.in # -r requirements/test.in +pytest-xdist==3.6.1 + # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.73.0 # via # -r requirements/lint.in # -r requirements/test.in -pytz==2024.2 - # via babel pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 @@ -199,12 +196,14 @@ requests==2.32.3 # python-on-whales # sphinx rich==13.9.3 - # via typer + # via + # pytest-codspeed + # typer setuptools-git==1.2 # via -r requirements/test.in shellingham==1.5.4 # via typer -six==1.16.0 +six==1.17.0 # via python-dateutil slotscheck==0.19.1 # via -r requirements/lint.in @@ -238,6 +237,7 @@ tomli==2.0.2 # pip-tools # pytest # slotscheck + # sphinx # towncrier towncrier==23.11.0 # via @@ -253,7 +253,6 @@ typer==0.12.5 # via python-on-whales typing-extensions==4.12.2 # via - # annotated-types # multidict # mypy # pydantic @@ -279,10 +278,6 @@ wheel==0.44.0 # via pip-tools yarl==1.18.3 # via -r requirements/runtime-deps.in -zipp==3.20.2 - # via - # importlib-metadata - # importlib-resources # The following packages are considered to be unsafe in a requirements file: pip==24.3.1 diff --git a/requirements/lint.txt b/requirements/lint.txt index 9e9160fbde9..4b835224534 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -91,10 +91,12 @@ pyyaml==6.0.2 requests==2.32.3 # via python-on-whales rich==13.9.3 - # via typer + # via + # pytest-codspeed + # typer shellingham==1.5.4 # via typer -six==1.16.0 +six==1.17.0 # via python-dateutil slotscheck==0.19.1 # via -r requirements/lint.in @@ -111,7 +113,6 @@ typer==0.12.5 # via python-on-whales typing-extensions==4.12.2 # via - # annotated-types # mypy # pydantic # pydantic-core diff --git a/requirements/test.txt b/requirements/test.txt index 2c6677d1cb3..9eadb32c016 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -82,8 +82,6 @@ propcache==0.2.0 # yarl proxy-py==2.4.9 # via -r requirements/test.in -py==1.11.0 - # via pytest pycares==4.4.0 # via aiodns pycparser==2.22 @@ -100,10 +98,9 @@ pytest==8.3.3 # pytest-codspeed # pytest-cov # pytest-mock -pytest-codspeed==3.0.0 - # via - # -r requirements/test.in # pytest-xdist +pytest-codspeed==3.0.0 + # via -r requirements/test.in pytest-cov==5.0.0 # via -r requirements/test.in pytest-mock==3.14.0 @@ -121,12 +118,14 @@ regex==2024.9.11 requests==2.32.3 # via python-on-whales rich==13.9.3 - # via typer + # via + # pytest-codspeed + # typer setuptools-git==1.2 # via -r requirements/test.in shellingham==1.5.4 # via typer -six==1.16.0 +six==1.17.0 # via python-dateutil tomli==2.0.2 # via @@ -141,7 +140,6 @@ typer==0.12.5 # via python-on-whales typing-extensions==4.12.2 # via - # annotated-types # multidict # mypy # pydantic From 41e224ee5805ab31ba86b73b9180e294c1e8cea3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 10:38:58 +0000 Subject: [PATCH 005/111] Bump tqdm from 4.66.5 to 4.67.1 (#10205) Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.66.5 to 4.67.1.
Release notes

Sourced from tqdm's releases.

tqdm v4.67.1 stable

  • fix gui (matplotlib syntax) (#1629)
  • misc test & framework updates
    • bump pytest-asyncio (#1630)
    • fix codecov rate limit
    • fix pybuild
    • sync dependencies

tqdm v4.67.0 stable

  • contrib.discord: replace disco-py with requests (#1536)

tqdm v4.66.6 stable

  • cli: zip-safe --manpath, --comppath (#1627)
  • misc framework updates (#1627)
    • fix pytest DeprecationWarning
    • fix snapcraft build
    • fix nbval DeprecationWarning
    • update & tidy workflows
    • bump pre-commit
    • docs: update URLs
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tqdm&package-manager=pip&previous-version=4.66.5&new-version=4.67.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 1b0cf42c3e7..1fbfb25a0c7 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -251,7 +251,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 67f23c108a0..fa2b7d93f4b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -243,7 +243,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 4b835224534..d8c44877560 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -105,7 +105,7 @@ tomli==2.0.2 # mypy # pytest # slotscheck -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 # via -r requirements/lint.in diff --git a/requirements/test.txt b/requirements/test.txt index 9eadb32c016..7e866e07dd8 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -132,7 +132,7 @@ tomli==2.0.2 # coverage # mypy # pytest -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via -r requirements/test.in From 5df6107bfca686e4baa29056ca0e61a4810a8232 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 11:52:07 +0000 Subject: [PATCH 006/111] Bump tomli from 2.0.2 to 2.2.1 (#10213) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [tomli](https://github.com/hukkin/tomli) from 2.0.2 to 2.2.1.
Changelog

Sourced from tomli's changelog.

2.2.1

  • Fixed
    • Don't attempt to compile binary wheels for Python 3.8, 3.9 and 3.10 where cibuildwheel depends on a conflicting Tomli version

2.2.0

  • Added
    • mypyc generated binary wheels for common platforms

2.1.0

  • Deprecated
    • Instantiating TOMLDecodeError with free-form arguments. msg, doc and pos arguments should be given.
  • Added
    • msg, doc, pos, lineno and colno attributes to TOMLDecodeError
Commits
  • 73c3d10 Bump version: 2.2.0 → 2.2.1
  • 7c2368d Don't build wheels for Python versions requiring tomli
  • c48e4e1 Bump version: 2.1.0 → 2.2.0
  • 7604741 Update README
  • 0724e2a Annotate global constants as Final to speed up compiled code
  • 149547d Create binary wheels with mypyc (#242)
  • 443a0c1 pre-commit autoupdate and autofix
  • 48461cf Merge pull request #240 from hukkin/version-2.1.0
  • d6e045b Bump version: 2.0.2 → 2.1.0
  • d1d6a85 Add attributes to TOMLDecodeError. Deprecate free-form __init__ args (#238)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tomli&package-manager=pip&previous-version=2.0.2&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 13 ++----------- requirements/doc.txt | 13 ++----------- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 8 insertions(+), 26 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 1fbfb25a0c7..64e8a4ae474 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -235,7 +235,7 @@ sphinxcontrib-spelling==8.0.0 ; platform_system != "Windows" # via -r requirements/doc-spelling.in sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in -tomli==2.0.2 +tomli==2.2.1 # via # build # cherry-picker diff --git a/requirements/dev.txt b/requirements/dev.txt index fa2b7d93f4b..2df3b5b583b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -227,7 +227,7 @@ sphinxcontrib-serializinghtml==2.0.0 # via sphinx sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in -tomli==2.0.2 +tomli==2.2.1 # via # build # cherry-picker diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index d3b456f3274..933ef575ebb 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -22,10 +22,6 @@ idna==3.4 # via requests imagesize==1.4.1 # via sphinx -importlib-metadata==8.5.0 - # via sphinx -importlib-resources==6.4.5 - # via towncrier incremental==24.7.2 # via towncrier jinja2==3.1.4 @@ -40,8 +36,6 @@ pyenchant==3.2.2 # via sphinxcontrib-spelling pygments==2.18.0 # via sphinx -pytz==2024.2 - # via babel requests==2.32.3 # via sphinx snowballstemmer==2.2.0 @@ -67,9 +61,10 @@ sphinxcontrib-spelling==8.0.0 ; platform_system != "Windows" # via -r requirements/doc-spelling.in sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in -tomli==2.0.2 +tomli==2.2.1 # via # incremental + # sphinx # towncrier towncrier==23.11.0 # via @@ -77,10 +72,6 @@ towncrier==23.11.0 # sphinxcontrib-towncrier urllib3==2.2.3 # via requests -zipp==3.20.2 - # via - # importlib-metadata - # importlib-resources # The following packages are considered to be unsafe in a requirements file: setuptools==75.2.0 diff --git a/requirements/doc.txt b/requirements/doc.txt index a7c6e8cdfc8..68482c2c8db 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -22,10 +22,6 @@ idna==3.4 # via requests imagesize==1.4.1 # via sphinx -importlib-metadata==8.5.0 - # via sphinx -importlib-resources==6.4.5 - # via towncrier incremental==24.7.2 # via towncrier jinja2==3.1.4 @@ -38,8 +34,6 @@ packaging==24.1 # via sphinx pygments==2.18.0 # via sphinx -pytz==2024.2 - # via babel requests==2.32.3 # via sphinx snowballstemmer==2.2.0 @@ -62,9 +56,10 @@ sphinxcontrib-serializinghtml==2.0.0 # via sphinx sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in -tomli==2.0.2 +tomli==2.2.1 # via # incremental + # sphinx # towncrier towncrier==23.11.0 # via @@ -72,10 +67,6 @@ towncrier==23.11.0 # sphinxcontrib-towncrier urllib3==2.2.3 # via requests -zipp==3.20.2 - # via - # importlib-metadata - # importlib-resources # The following packages are considered to be unsafe in a requirements file: setuptools==75.2.0 diff --git a/requirements/lint.txt b/requirements/lint.txt index d8c44877560..98f8b924153 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -100,7 +100,7 @@ six==1.17.0 # via python-dateutil slotscheck==0.19.1 # via -r requirements/lint.in -tomli==2.0.2 +tomli==2.2.1 # via # mypy # pytest diff --git a/requirements/test.txt b/requirements/test.txt index 7e866e07dd8..251077f4392 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -127,7 +127,7 @@ shellingham==1.5.4 # via typer six==1.17.0 # via python-dateutil -tomli==2.0.2 +tomli==2.2.1 # via # coverage # mypy From 69fdaf06c29ede5cf6967fcf85bab753acd6ee0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:10:37 +0000 Subject: [PATCH 007/111] Bump python-on-whales from 0.71.0 to 0.74.0 (#10206) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [python-on-whales](https://github.com/gabrieldemarmiesse/python-on-whales) from 0.71.0 to 0.74.0.
Release notes

Sourced from python-on-whales's releases.

v0.74.0

Important breaking change:

The python-on-whales command is not available anymore, meaning that you cannot download the docker client binary automatically. You need to install it yourself by using the Docker installation guide: https://docs.docker.com/engine/install/ . Note that you need only the client, you can skip the installation of the full docker engine. For example, on Ubuntu, that means you just need to do

sudo apt-get install docker-ce-cli docker-buildx-plugin
docker-compose-plugin

instead of

sudo apt-get install docker-ce docker-ce-cli containerd.io
docker-buildx-plugin docker-compose-plugin

What's Changed

Full Changelog: https://github.com/gabrieldemarmiesse/python-on-whales/compare/v0.73.0...v0.74.0

v0.73.0

What's Changed

New Contributors

... (truncated)

Commits
  • 5fe0ea5 Bump version to 0.74.0 (#652)
  • 140865d Use uv in github actions and recommend uv for dev (#650)
  • 9a9f090 Fix Pod property type annotations to allow for missing fields in inspect outp...
  • b590c97 Add podman is_infra and namespace fields to Container object (#641)
  • d992525 Set defer_build=True pydantic config, improving import time significantly (...
  • 4531ced Remove leftover Pydantic v1 handling (#642)
  • 43b4001 :bug: Fix buildx tests in the CI by upgrading the docker images (#646)
  • 67f75f4 Specify ubuntu-24.04 in the GitHub actions config (#645)
  • 40e1f27 Display an error message if using the python-on-whales command (#640)
  • 0a1ecad Update docs references to download-cli (#639)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-on-whales&package-manager=pip&previous-version=0.71.0&new-version=0.74.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 15 ++------------- requirements/dev.txt | 15 ++------------- requirements/lint.txt | 29 ++++------------------------- requirements/test.txt | 26 +++----------------------- 4 files changed, 11 insertions(+), 74 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 64e8a4ae474..220ec39aa27 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -49,7 +49,6 @@ click==8.1.7 # pip-tools # slotscheck # towncrier - # typer # wait-for-it coverage==7.6.1 # via @@ -185,7 +184,7 @@ pytest-xdist==3.6.1 # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.73.0 +python-on-whales==0.74.0 # via # -r requirements/lint.in # -r requirements/test.in @@ -198,16 +197,11 @@ regex==2024.9.11 requests==2.32.3 # via # cherry-picker - # python-on-whales # sphinx rich==13.9.3 - # via - # pytest-codspeed - # typer + # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in -shellingham==1.5.4 - # via typer six==1.17.0 # via python-dateutil slotscheck==0.19.1 @@ -251,14 +245,10 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -tqdm==4.67.1 - # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in -typer==0.12.5 - # via python-on-whales typing-extensions==4.12.2 # via # multidict @@ -267,7 +257,6 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich - # typer uritemplate==4.1.1 # via gidgethub urllib3==2.2.3 diff --git a/requirements/dev.txt b/requirements/dev.txt index 2df3b5b583b..d163c33e3c6 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -49,7 +49,6 @@ click==8.1.7 # pip-tools # slotscheck # towncrier - # typer # wait-for-it coverage==7.6.1 # via @@ -180,7 +179,7 @@ pytest-xdist==3.6.1 # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.73.0 +python-on-whales==0.74.0 # via # -r requirements/lint.in # -r requirements/test.in @@ -193,16 +192,11 @@ regex==2024.9.11 requests==2.32.3 # via # cherry-picker - # python-on-whales # sphinx rich==13.9.3 - # via - # pytest-codspeed - # typer + # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in -shellingham==1.5.4 - # via typer six==1.17.0 # via python-dateutil slotscheck==0.19.1 @@ -243,14 +237,10 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -tqdm==4.67.1 - # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in -typer==0.12.5 - # via python-on-whales typing-extensions==4.12.2 # via # multidict @@ -259,7 +249,6 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich - # typer uritemplate==4.1.1 # via gidgethub urllib3==2.2.3 diff --git a/requirements/lint.txt b/requirements/lint.txt index 98f8b924153..152333d5689 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -10,8 +10,6 @@ annotated-types==0.7.0 # via pydantic async-timeout==4.0.3 # via valkey -certifi==2024.8.30 - # via requests cffi==1.17.1 # via # cryptography @@ -19,12 +17,8 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.0 - # via requests click==8.1.7 - # via - # slotscheck - # typer + # via slotscheck cryptography==43.0.3 # via trustme distlib==0.3.9 @@ -40,9 +34,7 @@ freezegun==1.5.1 identify==2.6.1 # via pre-commit idna==3.7 - # via - # requests - # trustme + # via trustme iniconfig==2.0.0 # via pytest markdown-it-py==3.0.0 @@ -84,18 +76,12 @@ pytest-mock==3.14.0 # via -r requirements/lint.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.73.0 +python-on-whales==0.74.0 # via -r requirements/lint.in pyyaml==6.0.2 # via pre-commit -requests==2.32.3 - # via python-on-whales rich==13.9.3 - # via - # pytest-codspeed - # typer -shellingham==1.5.4 - # via typer + # via pytest-codspeed six==1.17.0 # via python-dateutil slotscheck==0.19.1 @@ -105,12 +91,8 @@ tomli==2.2.1 # mypy # pytest # slotscheck -tqdm==4.67.1 - # via python-on-whales trustme==1.1.0 # via -r requirements/lint.in -typer==0.12.5 - # via python-on-whales typing-extensions==4.12.2 # via # mypy @@ -118,9 +100,6 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich - # typer -urllib3==2.2.3 - # via requests uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.0.2 diff --git a/requirements/test.txt b/requirements/test.txt index 251077f4392..5b3575e95ca 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -18,19 +18,13 @@ attrs==24.2.0 # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in -certifi==2024.8.30 - # via requests cffi==1.17.1 # via # cryptography # pycares # pytest-codspeed -charset-normalizer==3.4.0 - # via requests click==8.1.7 - # via - # typer - # wait-for-it + # via wait-for-it coverage==7.6.1 # via # -r requirements/test.in @@ -53,7 +47,6 @@ gunicorn==23.0.0 # via -r requirements/base.in idna==3.4 # via - # requests # trustme # yarl iniconfig==2.0.0 @@ -109,22 +102,16 @@ pytest-xdist==3.6.1 # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.73.0 +python-on-whales==0.74.0 # via -r requirements/test.in re-assert==1.1.0 # via -r requirements/test.in regex==2024.9.11 # via re-assert -requests==2.32.3 - # via python-on-whales rich==13.9.3 - # via - # pytest-codspeed - # typer + # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in -shellingham==1.5.4 - # via typer six==1.17.0 # via python-dateutil tomli==2.2.1 @@ -132,12 +119,8 @@ tomli==2.2.1 # coverage # mypy # pytest -tqdm==4.67.1 - # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via -r requirements/test.in -typer==0.12.5 - # via python-on-whales typing-extensions==4.12.2 # via # multidict @@ -146,9 +129,6 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich - # typer -urllib3==2.2.3 - # via requests uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" # via -r requirements/base.in wait-for-it==2.2.2 From 1812f06ce734f00d248698a4ed1fb9726c644ea3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:14:30 +0000 Subject: [PATCH 008/111] Bump wheel from 0.44.0 to 0.45.1 (#10208) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [wheel](https://github.com/pypa/wheel) from 0.44.0 to 0.45.1.
Release notes

Sourced from wheel's releases.

0.45.1

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0

  • Refactored the convert command to not need setuptools to be installed

  • Don't configure setuptools logging unless running bdist_wheel

  • Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

    Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri)

Changelog

Sourced from wheel's changelog.

Release Notes

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

  • Refactored the convert command to not need setuptools to be installed

  • Don't configure setuptools logging unless running bdist_wheel

  • Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

    Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri)

0.44.0 (2024-08-04)

  • Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)
  • Deprecated the bdist_wheel module, as the code was migrated to setuptools itself

0.43.0 (2024-03-11)

  • Dropped support for Python 3.7
  • Updated vendored packaging to 24.0

0.42.0 (2023-11-26)

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

  • Updated vendored packaging to 23.2
  • Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

  • Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
  • Fixed wheel tags to not list directories in RECORD files

... (truncated)

Commits
  • 7855525 Created a new release
  • d343391 Fixed wrong wheel file names in converted pure-Python eggs/wininsts
  • d78f0e3 Created a new release
  • f064c69 Added license files for vendored packaging
  • 68387af Only configure setuptools logging if bdist_wheel is imported (#641)
  • c81f5c9 Refactored the wheel convert command to not require setuptools (#640)
  • e43464d Adjusted target Python versions in GitHub CI
  • e9894e7 Tweaked pytest settings to make the tracebacks easier to read
  • baf6bf8 Removed Cirrus CI configuration
  • 28c1ba1 Improved compatibility with future versions of setuptools (#638)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wheel&package-manager=pip&previous-version=0.44.0&new-version=0.45.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 220ec39aa27..fd0c0bc64d8 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -271,7 +271,7 @@ virtualenv==20.27.0 # via pre-commit wait-for-it==2.2.2 # via -r requirements/test.in -wheel==0.44.0 +wheel==0.45.1 # via pip-tools yarl==1.18.3 # via -r requirements/runtime-deps.in diff --git a/requirements/dev.txt b/requirements/dev.txt index d163c33e3c6..9790d207450 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -263,7 +263,7 @@ virtualenv==20.27.0 # via pre-commit wait-for-it==2.2.2 # via -r requirements/test.in -wheel==0.44.0 +wheel==0.45.1 # via pip-tools yarl==1.18.3 # via -r requirements/runtime-deps.in From cdfdb82dd3dbe5fae86dca57b3b3f45c8b760c94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:14:33 +0000 Subject: [PATCH 009/111] Bump docutils from 0.20.1 to 0.21.2 (#10207) Bumps [docutils](https://docutils.sourceforge.io) from 0.20.1 to 0.21.2. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docutils&package-manager=pip&previous-version=0.20.1&new-version=0.21.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index fd0c0bc64d8..3e831f20fea 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -62,7 +62,7 @@ cython==3.0.11 # via -r requirements/cython.in distlib==0.3.9 # via virtualenv -docutils==0.20.1 +docutils==0.21.2 # via sphinx exceptiongroup==1.2.2 # via pytest diff --git a/requirements/dev.txt b/requirements/dev.txt index 9790d207450..f84e0bdbcc8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -60,7 +60,7 @@ cryptography==43.0.3 # trustme distlib==0.3.9 # via virtualenv -docutils==0.20.1 +docutils==0.21.2 # via sphinx exceptiongroup==1.2.2 # via pytest diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 933ef575ebb..7d429607f56 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -16,7 +16,7 @@ charset-normalizer==3.4.0 # via requests click==8.1.7 # via towncrier -docutils==0.20.1 +docutils==0.21.2 # via sphinx idna==3.4 # via requests diff --git a/requirements/doc.txt b/requirements/doc.txt index 68482c2c8db..5285514af94 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -16,7 +16,7 @@ charset-normalizer==3.4.0 # via requests click==8.1.7 # via towncrier -docutils==0.20.1 +docutils==0.21.2 # via sphinx idna==3.4 # via requests From dc5df321b837592991ab69f604d3f73be0979676 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:15:24 +0000 Subject: [PATCH 010/111] Bump virtualenv from 20.27.0 to 20.28.0 (#10210) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.27.0 to 20.28.0.
Release notes

Sourced from virtualenv's releases.

20.28.0

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.27.2...20.28.0

20.27.2

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/virtualenv/compare/20.27.1...20.27.2

20.27.1

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.27.0...20.27.1

Changelog

Sourced from virtualenv's changelog.

v20.28.0 (2024-11-25)

Features - 20.28.0

- Write CACHEDIR.TAG file on creation - by
"user:`neilramsay`. (:issue:`2803`)

v20.27.2 (2024-11-25)


Bugfixes - 20.27.2

  • Upgrade embedded wheels:

    • setuptools to 75.3.0 from 75.2.0 (:issue:2798)

  • Upgrade embedded wheels:

    • wheel to 0.45.0 from 0.44.0
    • setuptools to 75.5.0 (:issue:2800)

  • no longer forcibly echo off during windows batch activation (:issue:2801)

  • Upgrade embedded wheels:

    • setuptools to 75.6.0 from 75.5.0
    • wheel to 0.45.1 from 0.45.0 (:issue:2804)

v20.27.1 (2024-10-28)

Bugfixes - 20.27.1

- Upgrade embedded wheels:

    

  • pip to 24.3.1 from 24.2
(:issue:2789)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.27.0&new-version=20.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 3e831f20fea..527f433e348 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -267,7 +267,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.27.0 +virtualenv==20.28.0 # via pre-commit wait-for-it==2.2.2 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index f84e0bdbcc8..3bc68c82273 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -259,7 +259,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.27.0 +virtualenv==20.28.0 # via pre-commit wait-for-it==2.2.2 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 152333d5689..c48f6cc1ded 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -104,5 +104,5 @@ uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.27.0 +virtualenv==20.28.0 # via pre-commit From 96fec582fc02d3e17cc3422e4b146b4d449f8655 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:36:03 +0000 Subject: [PATCH 011/111] Bump rich from 13.9.3 to 13.9.4 (#10209) Bumps [rich](https://github.com/Textualize/rich) from 13.9.3 to 13.9.4.
Release notes

Sourced from rich's releases.

The Faster is Faster release

[13.9.4] - 2024-11-01

Changed

Changelog

Sourced from rich's changelog.

[13.9.4] - 2024-11-01

Changed

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rich&package-manager=pip&previous-version=13.9.3&new-version=13.9.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 527f433e348..1682a3e5c5a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -198,7 +198,7 @@ requests==2.32.3 # via # cherry-picker # sphinx -rich==13.9.3 +rich==13.9.4 # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 3bc68c82273..996b5627a16 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -193,7 +193,7 @@ requests==2.32.3 # via # cherry-picker # sphinx -rich==13.9.3 +rich==13.9.4 # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index c48f6cc1ded..951e091a8ac 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -80,7 +80,7 @@ python-on-whales==0.74.0 # via -r requirements/lint.in pyyaml==6.0.2 # via pre-commit -rich==13.9.3 +rich==13.9.4 # via pytest-codspeed six==1.17.0 # via python-dateutil diff --git a/requirements/test.txt b/requirements/test.txt index 5b3575e95ca..e099eb15272 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -108,7 +108,7 @@ re-assert==1.1.0 # via -r requirements/test.in regex==2024.9.11 # via re-assert -rich==13.9.3 +rich==13.9.4 # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in From e67d8b71199ee68e806c251af7a7de220de0179c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:40:18 +0000 Subject: [PATCH 012/111] Bump packaging from 24.1 to 24.2 (#10215) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [packaging](https://github.com/pypa/packaging) from 24.1 to 24.2.
Release notes

Sourced from packaging's releases.

24.2

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/packaging/compare/24.1...24.2

Changelog

Sourced from packaging's changelog.

24.2 - 2024-11-08


* PEP 639: Implement License-Expression and License-File (:issue:`828`)
* Use ``!r`` formatter for error messages with filenames (:issue:`844`)
* Add support for PEP 730 iOS tags (:issue:`832`)
* Fix prerelease detection for ``>`` and ``<`` (:issue:`794`)
* Fix uninformative error message (:issue:`830`)
* Refactor ``canonicalize_version`` (:issue:`793`)
* Patch python_full_version unconditionally (:issue:`825`)
* Fix doc for ``canonicalize_version`` to mention
``strip_trailing_zero`` and a typo in a docstring (:issue:`801`)
* Fix typo in Version ``__str__`` (:issue:`817`)
* Support creating a ``SpecifierSet`` from an iterable of ``Specifier``
objects (:issue:`775`)
Commits
  • d8e3b31 Bump for release
  • 2de393d Update changelog for release
  • 9c66f5c Remove extraneous quotes in f-strings by using !r (#848)
  • 4dc334c Upgrade to latest mypy (#853)
  • d1a9f93 Bump the github-actions group with 4 updates (#852)
  • 029f415 PEP 639: Implement License-Expression and License-File (#828)
  • 6c338a8 Use !r formatter for error messages with filenames. (#844)
  • 28e7da7 Add a comment as to why Metadata.name isn't normalized (#842)
  • ce0d79c Mention updating changelog in release process (#841)
  • ac5bdf3 Update the changelog to reflect 24.1 changes (#840)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=packaging&package-manager=pip&previous-version=24.1&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 0f048bdd859..a5fb7154fb7 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -30,7 +30,7 @@ multidict==6.1.0 # via # -r requirements/runtime-deps.in # yarl -packaging==24.1 +packaging==24.2 # via gunicorn propcache==0.2.0 # via diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 1682a3e5c5a..2c2adfe0494 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -120,7 +120,7 @@ mypy-extensions==1.0.0 # via mypy nodeenv==1.9.1 # via pre-commit -packaging==24.1 +packaging==24.2 # via # build # gunicorn diff --git a/requirements/dev.txt b/requirements/dev.txt index 996b5627a16..1422b7d5394 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -117,7 +117,7 @@ mypy-extensions==1.0.0 # via mypy nodeenv==1.9.1 # via pre-commit -packaging==24.1 +packaging==24.2 # via # build # gunicorn diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 7d429607f56..3eb6767ff74 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -30,7 +30,7 @@ jinja2==3.1.4 # towncrier markupsafe==2.1.5 # via jinja2 -packaging==24.1 +packaging==24.2 # via sphinx pyenchant==3.2.2 # via sphinxcontrib-spelling diff --git a/requirements/doc.txt b/requirements/doc.txt index 5285514af94..fad7de91b2f 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -30,7 +30,7 @@ jinja2==3.1.4 # towncrier markupsafe==2.1.5 # via jinja2 -packaging==24.1 +packaging==24.2 # via sphinx pygments==2.18.0 # via sphinx diff --git a/requirements/lint.txt b/requirements/lint.txt index 951e091a8ac..53e4cc98a1b 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -47,7 +47,7 @@ mypy-extensions==1.0.0 # via mypy nodeenv==1.9.1 # via pre-commit -packaging==24.1 +packaging==24.2 # via pytest platformdirs==4.3.6 # via virtualenv diff --git a/requirements/test.txt b/requirements/test.txt index e099eb15272..6fe64c68e3b 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -63,7 +63,7 @@ mypy==1.11.2 ; implementation_name == "cpython" # via -r requirements/test.in mypy-extensions==1.0.0 # via mypy -packaging==24.1 +packaging==24.2 # via # gunicorn # pytest From 62497e44b556fb881437a2212902ec06406e611d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 14:48:14 +0000 Subject: [PATCH 013/111] Bump click from 8.1.7 to 8.1.8 (#10211) Bumps [click](https://github.com/pallets/click) from 8.1.7 to 8.1.8.
Release notes

Sourced from click's releases.

8.1.8

This is the Click 8.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.1.8/ Changes: https://click.palletsprojects.com/en/stable/changes/#version-8-1-8 Milestone https://github.com/pallets/click/milestones/23?closed=1

  • Fix an issue with type hints for click.open_file(). #2717
  • Fix issue where error message for invalid click.Path displays on multiple lines. #2697
  • Fixed issue that prevented a default value of "" from being displayed in the help for an option. #2500
  • The test runner handles stripping color consistently on Windows. #2705
  • Show correct value for flag default when using default_map. #2632
  • Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. #2606.
  • More robust bash version check, fixing problem on Windows with git-bash. #2638
  • Cache the help option generated by the help_option_names setting to respect its eagerness. #2811
  • Replace uses of os.system with subprocess.Popen. #1476
  • Exceptions generated during a command will use the context's color setting when being displayed. #2193
  • Error message when defining option with invalid name is more descriptive. #2452
  • Refactor code generating default --help option to deduplicate code. #2563
  • Test CLIRunner resets patched _compat.should_strip_ansi. #2732
Changelog

Sourced from click's changelog.

Version 8.1.8

Unreleased

  • Fix an issue with type hints for click.open_file(). :issue:2717
  • Fix issue where error message for invalid click.Path displays on multiple lines. :issue:2697
  • Fixed issue that prevented a default value of "" from being displayed in the help for an option. :issue:2500
  • The test runner handles stripping color consistently on Windows. :issue:2705
  • Show correct value for flag default when using default_map. :issue:2632
  • Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. :issue:2606.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=click&package-manager=pip&previous-version=8.1.7&new-version=8.1.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 2c2adfe0494..aad4f418ea0 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -43,7 +43,7 @@ charset-normalizer==3.4.0 # via requests cherry-picker==2.2.0 # via -r requirements/dev.in -click==8.1.7 +click==8.1.8 # via # cherry-picker # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index 1422b7d5394..6a7dc4ff2d5 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -43,7 +43,7 @@ charset-normalizer==3.4.0 # via requests cherry-picker==2.2.0 # via -r requirements/dev.in -click==8.1.7 +click==8.1.8 # via # cherry-picker # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 3eb6767ff74..92d02490bc5 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -14,7 +14,7 @@ certifi==2024.8.30 # via requests charset-normalizer==3.4.0 # via requests -click==8.1.7 +click==8.1.8 # via towncrier docutils==0.21.2 # via sphinx diff --git a/requirements/doc.txt b/requirements/doc.txt index fad7de91b2f..b9d01374dc0 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -14,7 +14,7 @@ certifi==2024.8.30 # via requests charset-normalizer==3.4.0 # via requests -click==8.1.7 +click==8.1.8 # via towncrier docutils==0.21.2 # via sphinx diff --git a/requirements/lint.txt b/requirements/lint.txt index 53e4cc98a1b..b905c59632a 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -17,7 +17,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -click==8.1.7 +click==8.1.8 # via slotscheck cryptography==43.0.3 # via trustme diff --git a/requirements/test.txt b/requirements/test.txt index 6fe64c68e3b..b40119bcb40 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -23,7 +23,7 @@ cffi==1.17.1 # cryptography # pycares # pytest-codspeed -click==8.1.7 +click==8.1.8 # via wait-for-it coverage==7.6.1 # via From 9bd0fb169dbadc08619096a8c6af2c3fba80ef7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 11:44:38 +0000 Subject: [PATCH 014/111] Bump markupsafe from 2.1.5 to 3.0.2 (#10233) Bumps [markupsafe](https://github.com/pallets/markupsafe) from 2.1.5 to 3.0.2.
Release notes

Sourced from markupsafe's releases.

3.0.2

This is the MarkupSafe 3.0.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.2/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-2 Milestone: https://github.com/pallets/markupsafe/milestone/14?closed=1

  • Fix compatibility when __str__ returns a str subclass. #472
  • Build requires setuptools >= 70.1. #475

3.0.1

This is the MarkupSafe 3.0.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.1/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-1 Milestone: https://github.com/pallets/markupsafe/milestone/13?closed=1

  • Address compiler warnings that became errors in GCC 14. #466
  • Fix compatibility with proxy objects. #467

3.0.0

This is the MarkupSafe 3.0.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. The 3.0.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/MarkupSafe/3.0.0/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-0 Milestone: https://github.com/pallets/markupsafe/milestone/10?closed=1

  • Support Python 3.13 and its experimental free-threaded build. #461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348
  • Change distutils imports to setuptools. #399
  • Use deferred evaluation of annotations. #400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402
  • Speed up escaping plain strings by 40%. #434
  • Simplify speedups implementation. #437
Changelog

Sourced from markupsafe's changelog.

Version 3.0.2

Released 2024-10-18

  • Fix compatibility when __str__ returns a str subclass. :issue:472
  • Build requires setuptools >= 70.1. :issue:475

Version 3.0.1

Released 2024-10-08

  • Address compiler warnings that became errors in GCC 14. :issue:466
  • Fix compatibility with proxy objects. :issue:467

Version 3.0.0

Released 2024-10-07

  • Support Python 3.13 and its experimental free-threaded build. :pr:461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:348
  • Change distutils imports to setuptools. :pr:399
  • Use deferred evaluation of annotations. :pr:400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. :pr:400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. :issue:401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. :pr:402
  • Speed up escaping plain strings by 40%. :pr:434
  • Simplify speedups implementation. :pr:437
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=markupsafe&package-manager=pip&previous-version=2.1.5&new-version=3.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index aad4f418ea0..05e83bdea58 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -103,7 +103,7 @@ jinja2==3.1.4 # towncrier markdown-it-py==3.0.0 # via rich -markupsafe==2.1.5 +markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py diff --git a/requirements/dev.txt b/requirements/dev.txt index 6a7dc4ff2d5..8b18cc82a60 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -101,7 +101,7 @@ jinja2==3.1.4 # towncrier markdown-it-py==3.0.0 # via rich -markupsafe==2.1.5 +markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 92d02490bc5..b8b26068f7e 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -28,7 +28,7 @@ jinja2==3.1.4 # via # sphinx # towncrier -markupsafe==2.1.5 +markupsafe==3.0.2 # via jinja2 packaging==24.2 # via sphinx diff --git a/requirements/doc.txt b/requirements/doc.txt index b9d01374dc0..6b0973acbf1 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -28,7 +28,7 @@ jinja2==3.1.4 # via # sphinx # towncrier -markupsafe==2.1.5 +markupsafe==3.0.2 # via jinja2 packaging==24.2 # via sphinx From 6f6fde20df504eb845788028dfc16f57bd2510a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 11:53:20 +0000 Subject: [PATCH 015/111] Bump pycares from 4.4.0 to 4.5.0 (#10234) Bumps [pycares](https://github.com/saghul/pycares) from 4.4.0 to 4.5.0.
Commits
  • cde3d47 Fixup CI
  • 6885e0e Fix building sdist
  • f770a07 Test building release wheels on PRs
  • 1a197b2 chore(ci): fix upload & add more platforms to cibuildwheel (#204)
  • 70443e0 Bump version to 4.5.0
  • da178fd Add 3.13 support, remove 3.8 (#202)
  • 57a82a0 build(deps): bump actions/download-artifact in /.github/workflows
  • 8964404 Drop distutils
  • de2ed40 Do not define HAVE_GETSERVBYPORT_R for platforms (#195)
  • b005f58 Update test_idna_encoding_query_a with new errno to align to new c-ares versi...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pycares&package-manager=pip&previous-version=4.4.0&new-version=4.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index a5fb7154fb7..d9aa1f719f8 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -36,7 +36,7 @@ propcache==0.2.0 # via # -r requirements/runtime-deps.in # yarl -pycares==4.4.0 +pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 05e83bdea58..d81e361d557 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -140,7 +140,7 @@ propcache==0.2.0 # yarl proxy-py==2.4.9 # via -r requirements/test.in -pycares==4.4.0 +pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/dev.txt b/requirements/dev.txt index 8b18cc82a60..bd3ce480021 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -137,7 +137,7 @@ propcache==0.2.0 # yarl proxy-py==2.4.9 # via -r requirements/test.in -pycares==4.4.0 +pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/lint.txt b/requirements/lint.txt index b905c59632a..fc026f67f00 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -55,7 +55,7 @@ pluggy==1.5.0 # via pytest pre-commit==3.5.0 # via -r requirements/lint.in -pycares==4.4.0 +pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 2bf55e750fe..5ded4ca04e2 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -32,7 +32,7 @@ propcache==0.2.0 # via # -r requirements/runtime-deps.in # yarl -pycares==4.4.0 +pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/test.txt b/requirements/test.txt index b40119bcb40..6edf71aaf8c 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -75,7 +75,7 @@ propcache==0.2.0 # yarl proxy-py==2.4.9 # via -r requirements/test.in -pycares==4.4.0 +pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi From 3af4152881e670aa607a72e0b5f3c9a5992289ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 11:53:29 +0000 Subject: [PATCH 016/111] Bump certifi from 2024.8.30 to 2024.12.14 (#10235) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.8.30 to 2024.12.14.
Commits
  • 4ba3900 2024.12.14 (#329)
  • 9164660 Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (#331)
  • 3dc3651 Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#328)
  • c5bf18d Bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 (#327)
  • b908391 Bump actions/setup-python from 5.2.0 to 5.3.0 (#326)
  • bc26b41 Bump actions/checkout from 4.2.1 to 4.2.2 (#325)
  • 57afc22 Bump actions/upload-artifact from 4.4.1 to 4.4.3 (#323)
  • a495091 test against 3.13 final
  • 62f8144 Added 3.13 classifier (#322)
  • 94d23a0 Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3 (#321)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2024.8.30&new-version=2024.12.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d81e361d557..b2a1ffd9a50 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -30,7 +30,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.2.2.post1 # via pip-tools -certifi==2024.8.30 +certifi==2024.12.14 # via requests cffi==1.17.1 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index bd3ce480021..ed7b6e3d591 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -30,7 +30,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.2.2.post1 # via pip-tools -certifi==2024.8.30 +certifi==2024.12.14 # via requests cffi==1.17.1 # via diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index b8b26068f7e..ad53f6dacd8 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -10,7 +10,7 @@ alabaster==1.0.0 # via sphinx babel==2.16.0 # via sphinx -certifi==2024.8.30 +certifi==2024.12.14 # via requests charset-normalizer==3.4.0 # via requests diff --git a/requirements/doc.txt b/requirements/doc.txt index 6b0973acbf1..1276552b375 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -10,7 +10,7 @@ alabaster==1.0.0 # via sphinx babel==2.16.0 # via sphinx -certifi==2024.8.30 +certifi==2024.12.14 # via requests charset-normalizer==3.4.0 # via requests From 6e6118237c1335c4ac191b4d691f14aa443d2c72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:10:55 +0000 Subject: [PATCH 017/111] Bump setuptools from 75.2.0 to 75.6.0 (#10236) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 75.2.0 to 75.6.0.
Changelog

Sourced from setuptools's changelog.

v75.6.0

Features

  • Preserve original PKG-INFO into METADATA when creating wheel (instead of calling wheel.metadata.pkginfo_to_metadata). This helps to be more compliant with the flow specified in PEP 517. (#4701)
  • Changed the WindowsSdkVersion, FrameworkVersion32 and FrameworkVersion64 properties of setuptools.msvc.PlatformInfo to return an empty tuple instead of None as a fallthrough case -- by :user:Avasam (#4754)

v75.5.0

Features

  • Removed support for SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION, as it is deemed prone to errors. (#4746)

v75.4.0

Features

  • Added support for the environment variable SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true, allowing users to bypass the validation of pyproject.toml. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that pyproject.toml complies with setuptools requirements. (#4611)

    .. attention:: This environment variable was removed in a later version of setuptools.

  • Require Python 3.9 or later. (#4718)

  • Remove dependency on importlib_resources and the vendored copy of the library. Instead, setuptools consistently rely on stdlib's importlib.resources (available on Python 3.9+). (#4718)

  • Setuptools' bdist_wheel implementation no longer produces wheels with the m SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:sys.abiflags). (#4718)

  • Updated vendored packaging version to 24.2. (#4740)

... (truncated)

Commits
  • bf2ced2 Bump version: 75.5.0 → 75.6.0
  • 8685c80 Empty tuple instead of None for PlatformInfo version properties fallthrough (...
  • 50d671b Rename news fragment
  • 2b471c2 Changed the WindowsSdkVersion, FrameworkVersion32 and ``FrameworkVers...
  • 2c77cd2 Runtime typing fixes for typeshed return type merge (#4753
  • 9a4c8d4 Runtime typing fixes for typeshed return type merge
  • e622859 Preserve original PKG-INFO contents when creating wheel (instead of calling...
  • 0b5b417 Mark tests that may depend on external network
  • a4fa01d Add news fragment
  • 089aca9 Ignore coverage in test code
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=75.2.0&new-version=75.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b2a1ffd9a50..318b8a7ce6c 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -279,7 +279,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==24.3.1 # via pip-tools -setuptools==75.2.0 +setuptools==75.6.0 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index ed7b6e3d591..75581b5c06c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -271,7 +271,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==24.3.1 # via pip-tools -setuptools==75.2.0 +setuptools==75.6.0 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index ad53f6dacd8..f27a01a77bf 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -74,5 +74,5 @@ urllib3==2.2.3 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==75.2.0 +setuptools==75.6.0 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index 1276552b375..45a7eafee78 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.2.3 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==75.2.0 +setuptools==75.6.0 # via incremental From 5e3ddf14c0e86f13181809f5585a0f2efa5849eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:11:07 +0000 Subject: [PATCH 018/111] Bump aiohappyeyeballs from 2.4.3 to 2.4.4 (#10237) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs) from 2.4.3 to 2.4.4.
Release notes

Sourced from aiohappyeyeballs's releases.

v2.4.4 (2024-11-30)

Fix

  • fix: handle OSError on failure to close socket instead of raising IndexError (#114)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@​users.noreply.github.com> Co-authored-by: J. Nick Koston <nick@koston.org> (c542f68)

Changelog

Sourced from aiohappyeyeballs's changelog.

v2.4.4 (2024-11-30)

Fix

  • Handle oserror on failure to close socket instead of raising indexerror (#114) (c542f68)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohappyeyeballs&package-manager=pip&previous-version=2.4.3&new-version=2.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index d9aa1f719f8..e7b278cdcdf 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -6,7 +6,7 @@ # aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.1 # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 318b8a7ce6c..91644fc6703 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via # -r requirements/lint.in # -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiohttp-theme==0.1.7 # via -r requirements/doc.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 75581b5c06c..9600bc5e013 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via # -r requirements/lint.in # -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiohttp-theme==0.1.7 # via -r requirements/doc.in diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 5ded4ca04e2..ca182b86a16 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -6,7 +6,7 @@ # aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.1 # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index 6edf71aaf8c..25ffb19dc0a 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -6,7 +6,7 @@ # aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.1 # via -r requirements/runtime-deps.in From 83a51b8829f50ea719c47f017379d7bdca486774 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:11:22 +0000 Subject: [PATCH 019/111] Bump trustme from 1.1.0 to 1.2.0 (#10239) Bumps [trustme](https://github.com/python-trio/trustme) from 1.1.0 to 1.2.0.
Release notes

Sourced from trustme's releases.

1.2.0

Features

  • Add support for Python 3.13. (#664)
  • Allow setting of cert's notBefore attribute (#628)

Bugfixes

  • Add the Authority Key Identifier extension to child CA certificates. (#642)

Deprecations and Removals

  • Remove support for Python 3.8 and PyPy 3.9. (#664)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=trustme&package-manager=pip&previous-version=1.1.0&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 91644fc6703..33bb95ba874 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -245,7 +245,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -trustme==1.1.0 ; platform_machine != "i686" +trustme==1.2.0 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 9600bc5e013..ffc2aee9f88 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -237,7 +237,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -trustme==1.1.0 ; platform_machine != "i686" +trustme==1.2.0 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index fc026f67f00..b8c637c5f7e 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -91,7 +91,7 @@ tomli==2.2.1 # mypy # pytest # slotscheck -trustme==1.1.0 +trustme==1.2.0 # via -r requirements/lint.in typing-extensions==4.12.2 # via diff --git a/requirements/test.txt b/requirements/test.txt index 25ffb19dc0a..62a5fee4da3 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -119,7 +119,7 @@ tomli==2.2.1 # coverage # mypy # pytest -trustme==1.1.0 ; platform_machine != "i686" +trustme==1.2.0 ; platform_machine != "i686" # via -r requirements/test.in typing-extensions==4.12.2 # via From 850f5a470cf6fcc988f0173598fd28428cc91f23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:11:26 +0000 Subject: [PATCH 020/111] Bump coverage from 7.6.1 to 7.6.9 (#10240) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.6.1 to 7.6.9.
Changelog

Sourced from coverage's changelog.

Version 7.6.9 — 2024-12-06

  • Fix: Tomas Uribe fixed <pull 1901_>_ a performance problem in the XML report. Large code bases should produce XML reports much faster now.

.. _pull 1901: nedbat/coveragepy#1901

.. _changes_7-6-8:

Version 7.6.8 — 2024-11-23

  • Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn't true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896_.

  • Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, "line 4 didn't jump to line 5 because line 4 was never true, and it didn't jump to line 7 because line 4 was always true." This was also shown in issue 1896_.

.. _issue 1896: nedbat/coveragepy#1896

.. _changes_7-6-7:

Version 7.6.7 — 2024-11-15

  • Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn.

.. _changes_7-6-6:

Version 7.6.6 — 2024-11-15

  • One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891_. The assert has been removed.

.. _issue 1891: nedbat/coveragepy#1891

.. _changes_7-6-5:

... (truncated)

Commits
  • daac76d docs: sample HTML for 7.6.9
  • f7d7e42 docs: prep for 7.6.9
  • 8fe3b2b docs: thanks, Tomas Uribe for #1901
  • 346cfc0 fix: use set instead of list for arcs_executed, fixes poor performance (#1901)
  • 484678e fix: COVERAGE_ONE_CORE should mean ctrace if possible
  • 37451ed chore: make upgrade doc_upgrade
  • bd23445 chore: bump the action-dependencies group with 2 updates (#1899)
  • 01cf50c test: add a test to satisfy a condition in results.py
  • 74d3c50 chore: make upgrade
  • f3b269c build: only comment once on an issue mentioned twice
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.6.1&new-version=7.6.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 33bb95ba874..fe5dad41761 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -50,7 +50,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.6.1 +coverage==7.6.9 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index ffc2aee9f88..775041cb817 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -50,7 +50,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.6.1 +coverage==7.6.9 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 62a5fee4da3..17471eae051 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -25,7 +25,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.6.1 +coverage==7.6.9 # via # -r requirements/test.in # pytest-cov From 7c2e2e73432f57439775575da63415a3d9a00c7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:30:56 +0000 Subject: [PATCH 021/111] Bump pytest-codspeed from 3.0.0 to 3.1.0 (#10242) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) from 3.0.0 to 3.1.0.
Release notes

Sourced from pytest-codspeed's releases.

v3.1.0

What's changed

🚀 Features

Full Changelog: https://github.com/CodSpeedHQ/pytest-codspeed/compare/v3.0.0...v3.1.0

Changelog

Sourced from pytest-codspeed's changelog.

[3.1.0] - 2024-12-09

🏗️ Refactor

  • Remove the scripted semver generation by @​art049

⚙️ Internals

[3.1.0-beta] - 2024-12-06

🚀 Features

  • Check buildability and fallback when build doesn't work by @​art049
  • Compile the callgrind wrapper at build time by @​art049

🐛 Bug Fixes

⚙️ Internals

Commits
  • 3b1a30c Release v3.1.0 🚀
  • ad1d411 refactor: remove the scripted semver generation
  • c4dfe74 chore: fix typo in cibuildwheel config
  • 58bd8de Release v3.1.0-beta 🚀
  • 804efe9 chore(ci): build wheels with cibuildwheel
  • c99efaf chore: allow forcing integrated tests
  • e7ef853 chore: fix release script
  • fab73b4 chore: use bumpver to manage versions
  • 5076be0 chore: add a changelog
  • 59989b0 fix: allow build on arm64
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-codspeed&package-manager=pip&previous-version=3.0.0&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 6 ++---- requirements/dev.txt | 6 ++---- requirements/lint.txt | 6 ++---- requirements/test.txt | 4 +--- 4 files changed, 7 insertions(+), 15 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index fe5dad41761..d5eaded92dc 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -69,9 +69,7 @@ exceptiongroup==1.2.2 execnet==2.1.1 # via pytest-xdist filelock==3.16.1 - # via - # pytest-codspeed - # virtualenv + # via virtualenv freezegun==1.5.1 # via # -r requirements/lint.in @@ -170,7 +168,7 @@ pytest==8.3.3 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.0.0 +pytest-codspeed==3.1.0 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 775041cb817..6fe52a5095d 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -67,9 +67,7 @@ exceptiongroup==1.2.2 execnet==2.1.1 # via pytest-xdist filelock==3.16.1 - # via - # pytest-codspeed - # virtualenv + # via virtualenv freezegun==1.5.1 # via # -r requirements/lint.in @@ -165,7 +163,7 @@ pytest==8.3.3 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.0.0 +pytest-codspeed==3.1.0 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index b8c637c5f7e..2e8d0692029 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -26,9 +26,7 @@ distlib==0.3.9 exceptiongroup==1.2.2 # via pytest filelock==3.16.1 - # via - # pytest-codspeed - # virtualenv + # via virtualenv freezegun==1.5.1 # via -r requirements/lint.in identify==2.6.1 @@ -70,7 +68,7 @@ pytest==8.3.3 # -r requirements/lint.in # pytest-codspeed # pytest-mock -pytest-codspeed==3.0.0 +pytest-codspeed==3.1.0 # via -r requirements/lint.in pytest-mock==3.14.0 # via -r requirements/lint.in diff --git a/requirements/test.txt b/requirements/test.txt index 17471eae051..f6888348ade 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -35,8 +35,6 @@ exceptiongroup==1.2.2 # via pytest execnet==2.1.1 # via pytest-xdist -filelock==3.16.1 - # via pytest-codspeed freezegun==1.5.1 # via -r requirements/test.in frozenlist==1.5.0 @@ -92,7 +90,7 @@ pytest==8.3.3 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.0.0 +pytest-codspeed==3.1.0 # via -r requirements/test.in pytest-cov==5.0.0 # via -r requirements/test.in From a3b50dd0a36d091875b9815ec873401bf3c05b98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 13:50:14 +0100 Subject: [PATCH 022/111] Bump urllib3 from 2.2.3 to 2.3.0 (#10241) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.3 to 2.3.0.
Release notes

Sourced from urllib3's releases.

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
  • Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

Full Changelog: https://github.com/urllib3/urllib3/compare/2.2.3...2.3.0

Changelog

Sourced from urllib3's changelog.

2.3.0 (2024-12-22)

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
  • Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

  • Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.2.3&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d5eaded92dc..350f004871d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -257,7 +257,7 @@ typing-extensions==4.12.2 # rich uritemplate==4.1.1 # via gidgethub -urllib3==2.2.3 +urllib3==2.3.0 # via requests uvloop==0.21.0 ; platform_system != "Windows" # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 6fe52a5095d..2f1f1d925d9 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -249,7 +249,7 @@ typing-extensions==4.12.2 # rich uritemplate==4.1.1 # via gidgethub -urllib3==2.2.3 +urllib3==2.3.0 # via requests uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" # via diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index f27a01a77bf..4b9688946a1 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -70,7 +70,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -urllib3==2.2.3 +urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/doc.txt b/requirements/doc.txt index 45a7eafee78..54b9969364c 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -65,7 +65,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -urllib3==2.2.3 +urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: From 7e0eac2acf5fa5ad9eb6a0486db6f570a3872fe6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:11:27 +0000 Subject: [PATCH 023/111] Bump regex from 2024.9.11 to 2024.11.6 (#10253) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.9.11 to 2024.11.6.
Changelog

Sourced from regex's changelog.

Version: 2024.11.7

Updated pyproject.toml and setup.py according to PEP 517.

Version: 2024.11.6

Git issue 546: Partial match not working in some instances
with non-greedy capture

Version: 2024.9.14

Reverted to actions/download-artifact@v3 and
actions/upload-artifact@v3 in main.yml because GitHub Actions failed
when using them.

Version: 2024.9.13

Updated to actions/upload-artifact@v4 in main.yml.

Version: 2024.9.12

Updated to actions/download-artifact@v4 in main.yml.

Version: 2024.9.11

Updated to Unicode 16.0.0.

Version: 2024.7.24

Git issue 539: Bug: Partial matching fails on a simple
example

Version: 2024.6.22

Git issue 535: Regex fails Unicode 15.1 GraphemeBreakTest due
to missing new GB9c rule implementation

Version: 2024.5.15

Git issue 530: hangs with fuzzy and optionals

It's not hanging, it'll finish eventually. It's just an example of
catastrophic backtracking.


The error printed when Ctrl+C is pressed does show a bug, though,
which is now fixed.

Version: 2024.5.10

Updated for Python 3.13.

<time.h> now needs to be included explicitly because Python.h
no longer includes it.

Version: 2024.4.28

Git issue 527: `VERBOSE`/`X` flag breaks `\N` escapes

... (truncated)

Commits
  • 930983a Git issue 546: Partial match not working in some instances with non-greedy ca...
  • 64834c7 Reverted to actions/download-artifact@v3 and actions/upload-artifact@v3 in ma...
  • 1bcd42e Updated to actions/upload-artifact@v4 in main.yml.
  • f467285 Updated to actions/download-artifact@v4 in main.yml.
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2024.9.11&new-version=2024.11.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 350f004871d..b72843d6ced 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -190,7 +190,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2024.9.11 +regex==2024.11.6 # via re-assert requests==2.32.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 2f1f1d925d9..448026c45a1 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -185,7 +185,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2024.9.11 +regex==2024.11.6 # via re-assert requests==2.32.3 # via diff --git a/requirements/test.txt b/requirements/test.txt index f6888348ade..d0c09fc0ea1 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -104,7 +104,7 @@ python-on-whales==0.74.0 # via -r requirements/test.in re-assert==1.1.0 # via -r requirements/test.in -regex==2024.9.11 +regex==2024.11.6 # via re-assert rich==13.9.4 # via pytest-codspeed From 4d910c422a522d09a7b7fcac1d87e4a38ef60495 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:13:02 +0000 Subject: [PATCH 024/111] Bump identify from 2.6.1 to 2.6.3 (#10254) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.1 to 2.6.3.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.1&new-version=2.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b72843d6ced..187512f01cd 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -82,7 +82,7 @@ gidgethub==5.3.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.1 +identify==2.6.3 # via pre-commit idna==3.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 448026c45a1..993c6a3008a 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -80,7 +80,7 @@ gidgethub==5.3.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.1 +identify==2.6.3 # via pre-commit idna==3.4 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 2e8d0692029..0d518445a09 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -29,7 +29,7 @@ filelock==3.16.1 # via virtualenv freezegun==1.5.1 # via -r requirements/lint.in -identify==2.6.1 +identify==2.6.3 # via pre-commit idna==3.7 # via trustme From 13b7fa5edc05bcd6ed423869f55563b72f48516e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:17:03 +0000 Subject: [PATCH 025/111] Bump charset-normalizer from 3.4.0 to 3.4.1 (#10258) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1.
Release notes

Sourced from charset-normalizer's releases.

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] Using Requests today is the rough equivalent of using EOL Windows 8! We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.

It leverages charset-normalizer in a better way! Check it out, you will gain up to being 3X faster and get a real/respectable support with it.

3.4.1 (2024-12-24)

Changed

  • Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
  • Enforce annotation delayed loading for a simpler and consistent types in the project.
  • Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

  • pre-commit configuration.
  • noxfile.

Removed

  • build-requirements.txt as per using pyproject.toml native build configuration.
  • bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
  • setup.cfg in favor of pyproject.toml metadata configuration.
  • Unused utils.range_scan function.

Fixed

  • Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
  • Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+
Changelog

Sourced from charset-normalizer's changelog.

3.4.1 (2024-12-24)

Changed

  • Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
  • Enforce annotation delayed loading for a simpler and consistent types in the project.
  • Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

  • pre-commit configuration.
  • noxfile.

Removed

  • build-requirements.txt as per using pyproject.toml native build configuration.
  • bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
  • setup.cfg in favor of pyproject.toml metadata configuration.
  • Unused utils.range_scan function.

Fixed

  • Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
  • Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+
Commits
  • ffdf7f5 :wrench: fix long description content-type inferred as rst instead of md
  • c7197b7 :pencil: fix changelog entries (#582)
  • c390e1f Merge pull request #581 from jawah/refresh-part-2
  • f9d6b8c :lock: add CODEOWNERS
  • 7ce1ef1 :wrench: use ubuntu-22.04 for cibuildwheel in continuous deployment workflow
  • deed205 :wrench: update LICENSE copyright
  • f11f571 :wrench: include noxfile in sdist
  • 1ec7c06 :wrench: update changelog
  • 14b4649 :bug: output(...) replace declarative mark using non iana compliant encoding ...
  • 1b06bc0 Merge branch 'refresh-part-2' of github.com:jawah/charset_normalizer into ref...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=charset-normalizer&package-manager=pip&previous-version=3.4.0&new-version=3.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 187512f01cd..b328bbe7e6e 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -39,7 +39,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.0 +charset-normalizer==3.4.1 # via requests cherry-picker==2.2.0 # via -r requirements/dev.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 993c6a3008a..5342971233f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -39,7 +39,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.0 +charset-normalizer==3.4.1 # via requests cherry-picker==2.2.0 # via -r requirements/dev.in diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 4b9688946a1..719b9b7e305 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -12,7 +12,7 @@ babel==2.16.0 # via sphinx certifi==2024.12.14 # via requests -charset-normalizer==3.4.0 +charset-normalizer==3.4.1 # via requests click==8.1.8 # via towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index 54b9969364c..4816b4ef1ee 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -12,7 +12,7 @@ babel==2.16.0 # via sphinx certifi==2024.12.14 # via requests -charset-normalizer==3.4.0 +charset-normalizer==3.4.1 # via requests click==8.1.8 # via towncrier From 64cc96ead9414096cd2eb8a1d65380df5a6f8fb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:25:45 +0000 Subject: [PATCH 026/111] Bump jinja2 from 3.1.4 to 3.1.5 (#10260) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253
Commits
  • 877f6e5 release version 3.1.5
  • 8d58859 remove test pypi
  • eda8fe8 update dev dependencies
  • c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
  • 66587ce Fix bug where set would sometimes fail within if
  • fbc3a69 Add support for namespaces in tuple parsing (#1664)
  • b8f4831 more comments about nsref assignment
  • ee83219 Add support for namespaces in tuple assignment
  • 1d55cdd Triple quotes in docs (#2064)
  • 8a8eafc edit block assignment section
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.4&new-version=3.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b328bbe7e6e..6ff8ea359cc 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -95,7 +95,7 @@ incremental==24.7.2 # via towncrier iniconfig==2.0.0 # via pytest -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier diff --git a/requirements/dev.txt b/requirements/dev.txt index 5342971233f..9577e0925d1 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -93,7 +93,7 @@ incremental==24.7.2 # via towncrier iniconfig==2.0.0 # via pytest -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 719b9b7e305..9292e082fa0 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -24,7 +24,7 @@ imagesize==1.4.1 # via sphinx incremental==24.7.2 # via towncrier -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index 4816b4ef1ee..625c45c3d66 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -24,7 +24,7 @@ imagesize==1.4.1 # via sphinx incremental==24.7.2 # via towncrier -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier From 40b7a9cc0da156b20ee7ffa22e39b3b3d714fecf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:25:49 +0000 Subject: [PATCH 027/111] Bump aiosignal from 1.3.1 to 1.3.2 (#10259) Bumps [aiosignal](https://github.com/aio-libs/aiosignal) from 1.3.1 to 1.3.2.
Release notes

Sourced from aiosignal's releases.

1.3.2

Deprecations and Removals

  • Dropped Python 3.7 support. (#413)

  • Dropped Python 3.8 support. (#645)

Misc

Changelog

Sourced from aiosignal's changelog.

1.3.2 (2024-12-13)

Deprecations and Removals

  • Dropped Python 3.7 support. [#413](https://github.com/aio-libs/aiosignal/issues/413) <https://github.com/aio-libs/aiosignal/issues/413>_

  • Dropped Python 3.8 support. [#645](https://github.com/aio-libs/aiosignal/issues/645) <https://github.com/aio-libs/aiosignal/issues/645>_

Misc

  • [#362](https://github.com/aio-libs/aiosignal/issues/362) <https://github.com/aio-libs/aiosignal/issues/362>_
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiosignal&package-manager=pip&previous-version=1.3.1&new-version=1.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index e7b278cdcdf..cea8fc91659 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via -r requirements/runtime-deps.in async-timeout==4.0.3 ; python_version < "3.11" # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 6ff8ea359cc..7a962f1520f 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -12,7 +12,7 @@ aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiohttp-theme==0.1.7 # via -r requirements/doc.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via -r requirements/runtime-deps.in alabaster==1.0.0 # via sphinx diff --git a/requirements/dev.txt b/requirements/dev.txt index 9577e0925d1..c9ef1602ba5 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -12,7 +12,7 @@ aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiohttp-theme==0.1.7 # via -r requirements/doc.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via -r requirements/runtime-deps.in alabaster==1.0.0 # via sphinx diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index ca182b86a16..10d6c122729 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via -r requirements/runtime-deps.in async-timeout==4.0.3 ; python_version < "3.11" # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index d0c09fc0ea1..e8c77c05114 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via -r requirements/runtime-deps.in annotated-types==0.7.0 # via pydantic From 8f22e58f250641da940a27fc4b861fc39dadb100 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:25:51 +0000 Subject: [PATCH 028/111] Bump attrs from 24.2.0 to 24.3.0 (#10261) Bumps [attrs](https://github.com/sponsors/hynek) from 24.2.0 to 24.3.0.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=attrs&package-manager=pip&previous-version=24.2.0&new-version=24.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index cea8fc91659..ce4157c5917 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -12,7 +12,7 @@ aiosignal==1.3.2 # via -r requirements/runtime-deps.in async-timeout==4.0.3 ; python_version < "3.11" # via -r requirements/runtime-deps.in -attrs==24.2.0 +attrs==24.3.0 # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 7a962f1520f..b58c0a13df8 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -22,7 +22,7 @@ async-timeout==4.0.3 ; python_version < "3.11" # via # -r requirements/runtime-deps.in # valkey -attrs==24.2.0 +attrs==24.3.0 # via -r requirements/runtime-deps.in babel==2.16.0 # via sphinx diff --git a/requirements/dev.txt b/requirements/dev.txt index c9ef1602ba5..086a5464aa6 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -22,7 +22,7 @@ async-timeout==4.0.3 ; python_version < "3.11" # via # -r requirements/runtime-deps.in # valkey -attrs==24.2.0 +attrs==24.3.0 # via -r requirements/runtime-deps.in babel==2.16.0 # via sphinx diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 10d6c122729..a790e54b1ed 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -12,7 +12,7 @@ aiosignal==1.3.2 # via -r requirements/runtime-deps.in async-timeout==4.0.3 ; python_version < "3.11" # via -r requirements/runtime-deps.in -attrs==24.2.0 +attrs==24.3.0 # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index e8c77c05114..6adaab1671b 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -14,7 +14,7 @@ annotated-types==0.7.0 # via pydantic async-timeout==4.0.3 ; python_version < "3.11" # via -r requirements/runtime-deps.in -attrs==24.2.0 +attrs==24.3.0 # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in From 1772493da140d5cdcb0463e180be8654d03c68d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:40:54 +0000 Subject: [PATCH 029/111] Bump cherry-picker from 2.2.0 to 2.4.0 (#10256) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [cherry-picker](https://github.com/python/cherry-picker) from 2.2.0 to 2.4.0.
Release notes

Sourced from cherry-picker's releases.

cherry-picker-v2.4.0

What's Changed

Full Changelog: https://github.com/python/cherry-picker/compare/cherry-picker-v2.3.0...cherry-picker-v2.4.0

cherry-picker v2.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/python/cherry-picker/compare/cherry-picker-v2.0.0...cherry-picker-v2.3.0

Changelog

Sourced from cherry-picker's changelog.

2.4.0

  • Add support for Python 3.14 (PR 145
  • Allow passing a base branch that doesn't have version info (PR 70
    • This makes cherry-picker useful for projects other than CPython that don't have versioned branch names.

2.3.0

  • Add support for Python 3.13 (PR 127, PR 134)
  • Drop support for EOL Python 3.8 (PR 133, PR 137)
  • Resolve usernames when the remote ends with a trailing slash (PR 110)
  • Optimize validate_sha() with --max-count=1 (PR 111)
  • Make # replacing more strict (PR 115)
  • Remove multiple commit prefixes (PR 118)
  • Handle whitespace when calculating usernames (PR 132)
  • Publish to PyPI using Trusted Publishers (PR 94)
  • Generate digital attestations for PyPI (PEP 740) (PR 135)
Commits
  • 34d27eb Update changelog for 2.4.0 (#146)
  • c81925c Add support for Python 3.14 (#145)
  • 940787a Allow passing a base branch that doesn't have version info (#70)
  • a1552fb Remove outdated README info (#143)
  • 7721133 PyPI metatada: re-add description (#140)
  • a7d1d0d Generate __version__ at build to avoid slow importlib.metadata import (#141)
  • 71490d0 Exclude bots from generated release notes (#139)
  • 52565cb Update changelog for 2.3.0 (#138)
  • 7fdaa08 Update minimum Python version to 3.9 in the configuration (#137)
  • e2540af Generate digital attestations for PyPI (PEP 740) (#135)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cherry-picker&package-manager=pip&previous-version=2.2.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b58c0a13df8..ab6808c3b3a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -41,7 +41,7 @@ cfgv==3.4.0 # via pre-commit charset-normalizer==3.4.1 # via requests -cherry-picker==2.2.0 +cherry-picker==2.4.0 # via -r requirements/dev.in click==8.1.8 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 086a5464aa6..a68749a7247 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -41,7 +41,7 @@ cfgv==3.4.0 # via pre-commit charset-normalizer==3.4.1 # via requests -cherry-picker==2.2.0 +cherry-picker==2.4.0 # via -r requirements/dev.in click==8.1.8 # via From 08dc3eaa760264badff5accf37ea32b2b8395f1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:07:54 +0000 Subject: [PATCH 030/111] Bump pydantic from 2.9.2 to 2.10.4 (#10262) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.9.2 to 2.10.4.
Release notes

Sourced from pydantic's releases.

v2.10.4 2024-12-18

What's Changed

Packaging

Fixes

New Contributors

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.10.3...v2.10.4

v2.10.3 2024-12-03

What's Changed

Fixes

  • Set fields when defer_build is set on Pydantic dataclasses by @​Viicos in #10984
  • Do not resolve the JSON Schema reference for dict core schema keys by @​Viicos in #10989
  • Use the globals of the function when evaluating the return type for PlainSerializer and WrapSerializer functions by @​Viicos in #11008
  • Fix host required enforcement for urls to be compatible with v2.9 behavior by @​sydney-runkle in #11027
  • Add a default_factory_takes_validated_data property to FieldInfo by @​Viicos in #11034
  • Fix url json schema in serialization mode by @​sydney-runkle in #11035

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.10.2...v2.10.3

v2.10.2 2024-11-26

What's Changed

Fixes

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.10.1...v2.10.2

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.10.4 (2024-12-18)

GitHub release

What's Changed

Packaging

Fixes

New Contributors

v2.10.3 (2024-12-03)

GitHub release

What's Changed

Fixes

  • Set fields when defer_build is set on Pydantic dataclasses by @​Viicos in #10984
  • Do not resolve the JSON Schema reference for dict core schema keys by @​Viicos in #10989
  • Use the globals of the function when evaluating the return type for PlainSerializer and WrapSerializer functions by @​Viicos in #11008
  • Fix host required enforcement for urls to be compatible with v2.9 behavior by @​sydney-runkle in #11027
  • Add a default_factory_takes_validated_data property to FieldInfo by @​Viicos in #11034
  • Fix url json schema in serialization mode by @​sydney-runkle in #11035

v2.10.2 (2024-11-25)

GitHub release

What's Changed

Fixes

  • Only evaluate FieldInfo annotations if required during schema building by @​Viicos in #10769

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.9.2&new-version=2.10.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 4 ++-- requirements/dev.txt | 4 ++-- requirements/lint.txt | 4 ++-- requirements/test.txt | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ab6808c3b3a..5bc55be769e 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -142,9 +142,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.9.2 +pydantic==2.10.4 # via python-on-whales -pydantic-core==2.23.4 +pydantic-core==2.27.2 # via pydantic pyenchant==3.2.2 # via sphinxcontrib-spelling diff --git a/requirements/dev.txt b/requirements/dev.txt index a68749a7247..c280c173d61 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -139,9 +139,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.9.2 +pydantic==2.10.4 # via python-on-whales -pydantic-core==2.23.4 +pydantic-core==2.27.2 # via pydantic pygments==2.18.0 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 0d518445a09..c5050b9df82 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -57,9 +57,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.9.2 +pydantic==2.10.4 # via python-on-whales -pydantic-core==2.23.4 +pydantic-core==2.27.2 # via pydantic pygments==2.18.0 # via rich diff --git a/requirements/test.txt b/requirements/test.txt index 6adaab1671b..300fc869dfa 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -77,9 +77,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.9.2 +pydantic==2.10.4 # via python-on-whales -pydantic-core==2.23.4 +pydantic-core==2.27.2 # via pydantic pygments==2.18.0 # via rich From 6c323e11746f336dad3e4de575a9ee213e4e7bb0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:20:18 +0000 Subject: [PATCH 031/111] Bump wait-for-it from 2.2.2 to 2.3.0 (#10263) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [wait-for-it](https://github.com/hartwork/wait-for-it) from 2.2.2 to 2.3.0.
Release notes

Sourced from wait-for-it's releases.

2.3.0

What's Changed

Full Changelog: https://github.com/hartwork/wait-for-it/compare/v2.2.2...v2.3.0

Commits
  • 6ba15ad Merge pull request #6 from hartwork/prepare-release
  • 902a160 Bump version to 2.3.0
  • b04be12 Merge pull request #5 from hartwork/drop-python-3-8-and-add-3-13
  • 42d90ee Drop end-of-life Python 3.8 and add Python 3.13
  • 3c95b9a Merge pull request #4 from hartwork/try-fixing-readthedocs-yml
  • 2fa50ba .readthedocs.yml: First try at fixing the Read the Docs build
  • cbffb59 Merge pull request #3 from hartwork/new-project-home
  • ff7a582 Apply new project home
  • cea7d83 setup.py: Extend author info
  • c3bb7c5 Stop GitHub Dependabot from requesting explicit review
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wait-for-it&package-manager=pip&previous-version=2.2.2&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5bc55be769e..775a06a74e7 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -267,7 +267,7 @@ valkey==6.0.2 # via -r requirements/lint.in virtualenv==20.28.0 # via pre-commit -wait-for-it==2.2.2 +wait-for-it==2.3.0 # via -r requirements/test.in wheel==0.45.1 # via pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index c280c173d61..1045a452088 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -259,7 +259,7 @@ valkey==6.0.2 # via -r requirements/lint.in virtualenv==20.28.0 # via pre-commit -wait-for-it==2.2.2 +wait-for-it==2.3.0 # via -r requirements/test.in wheel==0.45.1 # via pip-tools diff --git a/requirements/test.txt b/requirements/test.txt index 300fc869dfa..85d6b183fa3 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -129,7 +129,7 @@ typing-extensions==4.12.2 # rich uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" # via -r requirements/base.in -wait-for-it==2.2.2 +wait-for-it==2.3.0 # via -r requirements/test.in yarl==1.18.3 # via -r requirements/runtime-deps.in From 38224e03c50feeeadc1d6ab5a923b4cf26ecb038 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:20:32 +0000 Subject: [PATCH 032/111] Bump pre-commit from 3.5.0 to 4.0.1 (#10265) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.5.0 to 4.0.1.
Release notes

Sourced from pre-commit's releases.

pre-commit v4.0.1

Fixes

pre-commit v4.0.0

Features

Migrating

pre-commit v3.8.0

Features

pre-commit v3.7.1

Fixes

pre-commit v3.7.0

Features

  • Use a tty for docker and docker_image hooks when --color is specified.

Fixes

... (truncated)

Changelog

Sourced from pre-commit's changelog.

4.0.1 - 2024-10-08

Fixes

4.0.0 - 2024-10-05

Features

Migrating

3.8.0 - 2024-07-28

Features

3.7.1 - 2024-05-10

Fixes

  • Fix language: rust default language version check when rust-toolchain.toml is present.

... (truncated)

Commits
  • cc4a522 v4.0.1
  • 772d7d4 Merge pull request #3324 from pre-commit/migrate-config-purelib
  • 222c62b fix migrate-config for purelib yaml
  • 3d5548b Merge pull request #3323 from pre-commit/pre-commit-ci-update-config
  • 4235a87 [pre-commit.ci] pre-commit autoupdate
  • dbccd57 v4.0.0
  • d07e529 Merge pull request #3320 from pre-commit/remove-python-venv
  • 801b956 remove deprecated python_venv alias
  • a2f7b80 Merge pull request #3315 from pre-commit/warn-deprecated-stage-names-on-init
  • d317223 add warning for deprecates stages for remote repos on init
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pre-commit&package-manager=pip&previous-version=3.5.0&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 775a06a74e7..5cc48450a37 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -130,7 +130,7 @@ platformdirs==4.3.6 # via virtualenv pluggy==1.5.0 # via pytest -pre-commit==3.5.0 +pre-commit==4.0.1 # via -r requirements/lint.in propcache==0.2.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 1045a452088..65f9b06f5a8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -127,7 +127,7 @@ platformdirs==4.3.6 # via virtualenv pluggy==1.5.0 # via pytest -pre-commit==3.5.0 +pre-commit==4.0.1 # via -r requirements/lint.in propcache==0.2.0 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index c5050b9df82..aae57572972 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -51,7 +51,7 @@ platformdirs==4.3.6 # via virtualenv pluggy==1.5.0 # via pytest -pre-commit==3.5.0 +pre-commit==4.0.1 # via -r requirements/lint.in pycares==4.5.0 # via aiodns From b7dcc373cddc64a58ba2cb974e6a2bf4ae9b06f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:29:32 +0000 Subject: [PATCH 033/111] Bump cryptography from 43.0.3 to 44.0.0 (#10266) Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 44.0.0.
Changelog

Sourced from cryptography's changelog.

44.0.0 - 2024-11-27


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the
  Python core team. Support for Python 3.7 will be removed in a future
  ``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
  versions of macOS should upgrade, or they will need to build
  ``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions
must
  not be empty.
* Added support for timestamp extraction to the
  :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA
certificates
  during X.509 verification to allow fields permitted by :rfc:`5280` but
  forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
  when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions`
certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.

.. _v43-0-3:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=43.0.3&new-version=44.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5cc48450a37..59c1dfed71c 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ coverage==7.6.9 # via # -r requirements/test.in # pytest-cov -cryptography==43.0.3 +cryptography==44.0.0 # via # pyjwt # trustme diff --git a/requirements/dev.txt b/requirements/dev.txt index 65f9b06f5a8..90d7563238e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ coverage==7.6.9 # via # -r requirements/test.in # pytest-cov -cryptography==43.0.3 +cryptography==44.0.0 # via # pyjwt # trustme diff --git a/requirements/lint.txt b/requirements/lint.txt index aae57572972..bbdfd1f3970 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -19,7 +19,7 @@ cfgv==3.4.0 # via pre-commit click==8.1.8 # via slotscheck -cryptography==43.0.3 +cryptography==44.0.0 # via trustme distlib==0.3.9 # via virtualenv diff --git a/requirements/test.txt b/requirements/test.txt index 85d6b183fa3..8df87829116 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -29,7 +29,7 @@ coverage==7.6.9 # via # -r requirements/test.in # pytest-cov -cryptography==43.0.3 +cryptography==44.0.0 # via trustme exceptiongroup==1.2.2 # via pytest From 4790595f20c55da5714330d91e48540b4f0cf72c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:30:34 +0000 Subject: [PATCH 034/111] Bump pytest from 8.3.3 to 8.3.4 (#10267) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.3 to 8.3.4.
Release notes

Sourced from pytest's releases.

8.3.4

pytest 8.3.4 (2024-12-01)

Bug fixes

  • #12592: Fixed KeyError{.interpreted-text role="class"} crash when using --import-mode=importlib in a directory layout where a directory contains a child directory with the same name.

  • #12818: Assertion rewriting now preserves the source ranges of the original instructions, making it play well with tools that deal with the AST, like executing.

  • #12849: ANSI escape codes for colored output now handled correctly in pytest.fail{.interpreted-text role="func"} with [pytrace=False]{.title-ref}.

  • #9353: pytest.approx{.interpreted-text role="func"} now uses strict equality when given booleans.

Improved documentation

  • #10558: Fix ambiguous docstring of pytest.Config.getoption{.interpreted-text role="func"}.

  • #10829: Improve documentation on the current handling of the --basetemp option and its lack of retention functionality (temporary directory location and retention{.interpreted-text role="ref"}).

  • #12866: Improved cross-references concerning the recwarn{.interpreted-text role="fixture"} fixture.

  • #12966: Clarify filterwarnings{.interpreted-text role="ref"} docs on filter precedence/order when using multiple @pytest.mark.filterwarnings <pytest.mark.filterwarnings ref>{.interpreted-text role="ref"} marks.

Contributor-facing changes

  • #12497: Fixed two failing pdb-related tests on Python 3.13.
Commits
  • 53f8b4e Update pypa/gh-action-pypi-publish to v1.12.2
  • 98dff36 Prepare release version 8.3.4
  • 1b474e2 approx: use exact comparison for bool (#13013)
  • b541721 docs: Fix wrong statement about sys.modules with importlib import mode (#1298...
  • 16cb87b pytest.fail: fix ANSI escape codes for colored output (#12959) (#12990)
  • be6bc81 Issue #12966 Clarify filterwarnings docs on precedence when using multiple ma...
  • 7aeb72b Improve docs on basetemp and retention (#12912) (#12928)
  • c875841 Merge pull request #12917 from pytest-dev/patchback/backports/8.3.x/ded1f44e5...
  • 6502816 Merge pull request #12913 from jakkdl/dontfailonbadpath
  • 52135b0 Merge pull request #12885 from The-Compiler/pdb-py311 (#12887)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=pip&previous-version=8.3.3&new-version=8.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 59c1dfed71c..602cca60c60 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -160,7 +160,7 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.3.3 +pytest==8.3.4 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 90d7563238e..b3035cb7858 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -155,7 +155,7 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.3.3 +pytest==8.3.4 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index bbdfd1f3970..c7ea73277db 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -63,7 +63,7 @@ pydantic-core==2.27.2 # via pydantic pygments==2.18.0 # via rich -pytest==8.3.3 +pytest==8.3.4 # via # -r requirements/lint.in # pytest-codspeed diff --git a/requirements/test.txt b/requirements/test.txt index 8df87829116..4d1f840cc83 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -83,7 +83,7 @@ pydantic-core==2.27.2 # via pydantic pygments==2.18.0 # via rich -pytest==8.3.3 +pytest==8.3.4 # via # -r requirements/test.in # pytest-codspeed From fcdc28bb4a32843ce616c0906628a570366f5af0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:35:03 +0000 Subject: [PATCH 035/111] Bump async-timeout from 4.0.3 to 5.0.1 (#10268) Bumps [async-timeout](https://github.com/aio-libs/async-timeout) from 4.0.3 to 5.0.1.
Release notes

Sourced from async-timeout's releases.

5.0.1

Misc

  • [#423](https://github.com/aio-libs/async-timeout/issues/423) <https://github.com/aio-libs/async-timeout/issues/423>_

5.0.0

Features

  • Make asyncio_timeout fully compatible with the standard asyncio.Timeout but keep backward compatibility with existing asyncio_timeout.Timeout API. ([#422](https://github.com/aio-libs/async-timeout/issues/422) <https://github.com/aio-libs/async-timeout/issues/422>_)

Improved Documentation

  • On the CHANGES/README.rst <https://github.com/aio-libs/async-timeout/tree/master/CHANGES/README.rst>_ page, a link to the Towncrier philosophy has been fixed. ([#388](https://github.com/aio-libs/async-timeout/issues/388) <https://github.com/aio-libs/async-timeout/issues/388>_)

Deprecations and Removals

  • Drop deprecated sync context manager support, use async with timeout(...): ... instead. ([#421](https://github.com/aio-libs/async-timeout/issues/421) <https://github.com/aio-libs/async-timeout/issues/421>_)
Changelog

Sourced from async-timeout's changelog.

5.0.1 (2024-11-06)

Misc

  • [#423](https://github.com/aio-libs/async-timeout/issues/423) <https://github.com/aio-libs/async-timeout/issues/423>_

5.0.0 (2024-10-31)

Features

  • Make asyncio_timeout fully compatible with the standard asyncio.Timeout but keep backward compatibility with existing asyncio_timeout.Timeout API. ([#422](https://github.com/aio-libs/async-timeout/issues/422) <https://github.com/aio-libs/async-timeout/issues/422>_)

Improved Documentation

  • On the CHANGES/README.rst <https://github.com/aio-libs/async-timeout/tree/master/CHANGES/README.rst>_ page, a link to the Towncrier philosophy has been fixed. ([#388](https://github.com/aio-libs/async-timeout/issues/388) <https://github.com/aio-libs/async-timeout/issues/388>_)

Deprecations and Removals

  • Drop deprecated sync context manager support, use async with timeout(...): ... instead. ([#421](https://github.com/aio-libs/async-timeout/issues/421) <https://github.com/aio-libs/async-timeout/issues/421>_)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-timeout&package-manager=pip&previous-version=4.0.3&new-version=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index ce4157c5917..6d24a73a24f 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -10,7 +10,7 @@ aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in attrs==24.3.0 # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 602cca60c60..03c8469587b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -18,7 +18,7 @@ alabaster==1.0.0 # via sphinx annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via # -r requirements/runtime-deps.in # valkey diff --git a/requirements/dev.txt b/requirements/dev.txt index b3035cb7858..86e91f468e6 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -18,7 +18,7 @@ alabaster==1.0.0 # via sphinx annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via # -r requirements/runtime-deps.in # valkey diff --git a/requirements/lint.txt b/requirements/lint.txt index c7ea73277db..bfd9361e831 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 # via -r requirements/lint.in annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 +async-timeout==5.0.1 # via valkey cffi==1.17.1 # via diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index a790e54b1ed..a10f2328e88 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -10,7 +10,7 @@ aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in attrs==24.3.0 # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index 4d1f840cc83..e9d5d06a3fb 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -12,7 +12,7 @@ aiosignal==1.3.2 # via -r requirements/runtime-deps.in annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in attrs==24.3.0 # via -r requirements/runtime-deps.in From c9bec0a576d8dc2afd4e74bcb9ed45bdef411c45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:46:44 +0000 Subject: [PATCH 036/111] Bump pytest-cov from 5.0.0 to 6.0.0 (#10269) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 5.0.0 to 6.0.0.
Changelog

Sourced from pytest-cov's changelog.

6.0.0 (2024-10-29)

  • Updated various documentation inaccuracies, especially on subprocess handling.
  • Changed fail under checks to use the precision set in the coverage configuration. Now it will perform the check just like coverage report would.
  • Added a --cov-precision cli option that can override the value set in your coverage configuration.
  • Dropped support for now EOL Python 3.8.
Commits
  • 9540437 Bump version: 5.0.0 → 6.0.0
  • 9f81754 Further trim down envs and drop Python 3.8.
  • b12b5ec Update conf.
  • 23f4b27 Update changelog.
  • 291a04f Bump test deps and trim config.
  • 08f1101 Add --cov-precision option. Close #655.
  • 76fe2a7 Move the warnings/errors in a place that doesn't import anything.
  • a9ea7b7 Implement error/warning for the bad dynamic_context being set in config.
  • c299e01 Add explicit suffixing to make it easier to see the identify the sources/usag...
  • c87e546 Add reproducer for weird xdist dynamic_context interaction. Ref #604.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-cov&package-manager=pip&previous-version=5.0.0&new-version=6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 03c8469587b..d7f7429fb03 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -172,7 +172,7 @@ pytest-codspeed==3.1.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==5.0.0 +pytest-cov==6.0.0 # via -r requirements/test.in pytest-mock==3.14.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 86e91f468e6..b9f77016b9e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -167,7 +167,7 @@ pytest-codspeed==3.1.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==5.0.0 +pytest-cov==6.0.0 # via -r requirements/test.in pytest-mock==3.14.0 # via diff --git a/requirements/test.txt b/requirements/test.txt index e9d5d06a3fb..07870950c38 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -92,7 +92,7 @@ pytest==8.3.4 # pytest-xdist pytest-codspeed==3.1.0 # via -r requirements/test.in -pytest-cov==5.0.0 +pytest-cov==6.0.0 # via -r requirements/test.in pytest-mock==3.14.0 # via -r requirements/test.in From b48fcb9c53eb93d967d0a901cdbca8f71eb8c323 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:50:50 +0000 Subject: [PATCH 037/111] Bump propcache from 0.2.0 to 0.2.1 (#10264) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [propcache](https://github.com/aio-libs/propcache) from 0.2.0 to 0.2.1.
Release notes

Sourced from propcache's releases.

0.2.1

Bug fixes

  • Stopped implicitly allowing the use of Cython pre-release versions when building the distribution package -- by :user:ajsanchezsanz and :user:markgreene74.

    Related commits on GitHub: :commit:64df0a6.

  • Fixed wrapped and func not being accessible in the Cython versions of :func:propcache.api.cached_property and :func:propcache.api.under_cached_property decorators -- by :user:bdraco.

    Related issues and pull requests on GitHub: #72.

Removals and backward incompatible breaking changes

  • Removed support for Python 3.8 as it has reached end of life -- by :user:bdraco.

    Related issues and pull requests on GitHub: #57.

Packaging updates and notes for downstreams

  • Stopped implicitly allowing the use of Cython pre-release versions when building the distribution package -- by :user:ajsanchezsanz and :user:markgreene74.

    Related commits on GitHub: :commit:64df0a6.

Changelog

Sourced from propcache's changelog.

0.2.1

(2024-12-01)

Bug fixes

  • Stopped implicitly allowing the use of Cython pre-release versions when building the distribution package -- by :user:ajsanchezsanz and :user:markgreene74.

    Related commits on GitHub: :commit:64df0a6.

  • Fixed wrapped and func not being accessible in the Cython versions of :func:propcache.api.cached_property and :func:propcache.api.under_cached_property decorators -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:72.

Removals and backward incompatible breaking changes

  • Removed support for Python 3.8 as it has reached end of life -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:57.

Packaging updates and notes for downstreams

  • Stopped implicitly allowing the use of Cython pre-release versions when building the distribution package -- by :user:ajsanchezsanz and :user:markgreene74.

    Related commits on GitHub: :commit:64df0a6.

Commits
  • 24fd58a Split wheel builds to disable manylinux armv7l wheels (#76)
  • 08091df Fix wheel builds when cffi needs to be built from source (#75)
  • b0a554f Release 0.2.1 (#74)
  • 4c94388 Fix codecov upload (#73)
  • 2514c3f Ensure wrapped function is accessible in Cython versions (#72)
  • cf8aab9 Bump pypa/cibuildwheel from 2.21.3 to 2.22.0 (#71)
  • ef6af70 Cleanup mypy config for codspeed (#67)
  • d6980a7 🧪 Exclude requirements/ from pytest discovery
  • 57eb5ae 🧪 Fail test jobs on Codecov upload problems
  • 6222b01 🧪 Declare a packaging flag @ codecov
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=propcache&package-manager=pip&previous-version=0.2.0&new-version=0.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 6d24a73a24f..990179d8b17 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -32,7 +32,7 @@ multidict==6.1.0 # yarl packaging==24.2 # via gunicorn -propcache==0.2.0 +propcache==0.2.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d7f7429fb03..615f7c84ef5 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -132,7 +132,7 @@ pluggy==1.5.0 # via pytest pre-commit==4.0.1 # via -r requirements/lint.in -propcache==0.2.0 +propcache==0.2.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/dev.txt b/requirements/dev.txt index b9f77016b9e..c11f5443ae2 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -129,7 +129,7 @@ pluggy==1.5.0 # via pytest pre-commit==4.0.1 # via -r requirements/lint.in -propcache==0.2.0 +propcache==0.2.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index a10f2328e88..7fb7ffb3589 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -28,7 +28,7 @@ multidict==6.1.0 # via # -r requirements/runtime-deps.in # yarl -propcache==0.2.0 +propcache==0.2.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test.txt b/requirements/test.txt index 07870950c38..eac7f7f1e39 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -67,7 +67,7 @@ packaging==24.2 # pytest pluggy==1.5.0 # via pytest -propcache==0.2.0 +propcache==0.2.1 # via # -r requirements/runtime-deps.in # yarl From 622d3669deb1b235f722b6a1c1d14ae1914e7dce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 10:37:50 +0000 Subject: [PATCH 038/111] Bump sphinxcontrib-spelling from 8.0.0 to 8.0.1 (#10272) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [sphinxcontrib-spelling](https://github.com/sphinx-contrib/spelling) from 8.0.0 to 8.0.1.
Release notes

Sourced from sphinxcontrib-spelling's releases.

8.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/sphinx-contrib/spelling/compare/8.0.0...8.0.1

Commits
  • 58821a6 Merge pull request #232 from dhellmann/enable-pypi-names-docs
  • 9b088c3 re-enable use of pypi filter in our doc build
  • d41eceb Merge pull request #231 from dhellmann/pypi-filter-factory-json
  • 2eafb07 use json api to retrieve names from pypi.org
  • 65a9b84 Merge pull request #229 from blmaier/fix-git-missing
  • 7b10eea update history
  • 2201693 gracefully handle if git is not installed
  • 13ac4cc Merge pull request #230 from dhellmann/ci-fixes-2024
  • b86d87a fix docstring test
  • 596dfc2 switch linter to ruff
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sphinxcontrib-spelling&package-manager=pip&previous-version=8.0.0&new-version=8.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 3 ++- requirements/doc-spelling.txt | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 615f7c84ef5..c6669e2b7b0 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -196,6 +196,7 @@ requests==2.32.3 # via # cherry-picker # sphinx + # sphinxcontrib-spelling rich==13.9.4 # via pytest-codspeed setuptools-git==1.2 @@ -223,7 +224,7 @@ sphinxcontrib-qthelp==2.0.0 # via sphinx sphinxcontrib-serializinghtml==2.0.0 # via sphinx -sphinxcontrib-spelling==8.0.0 ; platform_system != "Windows" +sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows" # via -r requirements/doc-spelling.in sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 9292e082fa0..d6793b46c9c 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -37,7 +37,9 @@ pyenchant==3.2.2 pygments==2.18.0 # via sphinx requests==2.32.3 - # via sphinx + # via + # sphinx + # sphinxcontrib-spelling snowballstemmer==2.2.0 # via sphinx sphinx==8.1.3 @@ -57,7 +59,7 @@ sphinxcontrib-qthelp==2.0.0 # via sphinx sphinxcontrib-serializinghtml==2.0.0 # via sphinx -sphinxcontrib-spelling==8.0.0 ; platform_system != "Windows" +sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows" # via -r requirements/doc-spelling.in sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in From 1b9fada3501360196b2951dd128fc33d243638e8 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:02:31 +0000 Subject: [PATCH 039/111] [PR #10270/2a55afee backport][3.11] fix: include carriage return in multipartform.decode() (#10274) **This is a backport of PR #10270 as merged into master (2a55afeed7e769877d9f6f1eb7aab7ff595e1313).** Co-authored-by: James Ward --- CHANGES/10270.bugfix.rst | 2 ++ CONTRIBUTORS.txt | 1 + aiohttp/multipart.py | 2 +- tests/test_web_response.py | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 CHANGES/10270.bugfix.rst diff --git a/CHANGES/10270.bugfix.rst b/CHANGES/10270.bugfix.rst new file mode 100644 index 00000000000..e3252464dc8 --- /dev/null +++ b/CHANGES/10270.bugfix.rst @@ -0,0 +1,2 @@ +``MultipartForm.decode()`` must follow RFC1341 7.2.1 with a ``CRLF`` after the boundary +-- by :user:`imnotjames`. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 589784b29cb..fb1b87ccc9d 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -167,6 +167,7 @@ Jaesung Lee Jake Davis Jakob Ackermann Jakub Wilk +James Ward Jan Buchar Jan Gosmann Jarno Elonen diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py index e0bcce07449..bd4d8ae1ddf 100644 --- a/aiohttp/multipart.py +++ b/aiohttp/multipart.py @@ -979,7 +979,7 @@ def decode(self, encoding: str = "utf-8", errors: str = "strict") -> str: return "".join( "--" + self.boundary - + "\n" + + "\r\n" + part._binary_headers.decode(encoding, errors) + part.decode() for part, _e, _te in self._parts diff --git a/tests/test_web_response.py b/tests/test_web_response.py index f4acf23f61b..0591426c57b 100644 --- a/tests/test_web_response.py +++ b/tests/test_web_response.py @@ -1201,7 +1201,7 @@ def read(self, size: int = -1) -> bytes: (BodyPartReader("x", CIMultiDictProxy(CIMultiDict()), mock.Mock()), None), ( mpwriter, - "--x\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4\r\n\r\ntest", + "--x\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4\r\n\r\ntest", ), ), ) From b222fb921b87d0178a4e6537bf6ea082d31c19bc Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:14:49 +0000 Subject: [PATCH 040/111] [PR #10270/2a55afee backport][3.12] fix: include carriage return in multipartform.decode() (#10275) **This is a backport of PR #10270 as merged into master (2a55afeed7e769877d9f6f1eb7aab7ff595e1313).** Co-authored-by: James Ward --- CHANGES/10270.bugfix.rst | 2 ++ CONTRIBUTORS.txt | 1 + aiohttp/multipart.py | 2 +- tests/test_web_response.py | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 CHANGES/10270.bugfix.rst diff --git a/CHANGES/10270.bugfix.rst b/CHANGES/10270.bugfix.rst new file mode 100644 index 00000000000..e3252464dc8 --- /dev/null +++ b/CHANGES/10270.bugfix.rst @@ -0,0 +1,2 @@ +``MultipartForm.decode()`` must follow RFC1341 7.2.1 with a ``CRLF`` after the boundary +-- by :user:`imnotjames`. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 930815d8b62..7eb48579097 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -168,6 +168,7 @@ Jaesung Lee Jake Davis Jakob Ackermann Jakub Wilk +James Ward Jan Buchar Jan Gosmann Jarno Elonen diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py index e0bcce07449..bd4d8ae1ddf 100644 --- a/aiohttp/multipart.py +++ b/aiohttp/multipart.py @@ -979,7 +979,7 @@ def decode(self, encoding: str = "utf-8", errors: str = "strict") -> str: return "".join( "--" + self.boundary - + "\n" + + "\r\n" + part._binary_headers.decode(encoding, errors) + part.decode() for part, _e, _te in self._parts diff --git a/tests/test_web_response.py b/tests/test_web_response.py index 1e65f7364b6..6eb52d480ff 100644 --- a/tests/test_web_response.py +++ b/tests/test_web_response.py @@ -1209,7 +1209,7 @@ def read(self, size: int = -1) -> bytes: (BodyPartReader("x", CIMultiDictProxy(CIMultiDict()), mock.Mock()), None), ( mpwriter, - "--x\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4\r\n\r\ntest", + "--x\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4\r\n\r\ntest", ), ), ) From 8fe93ba82d12cd9bd7e4410809d35f6713462832 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:29:33 +0000 Subject: [PATCH 041/111] Bump coverage from 7.6.9 to 7.6.10 (#10273) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.6.9 to 7.6.10.
Changelog

Sourced from coverage's changelog.

Version 7.6.10 — 2024-12-26

  • Fix: some descriptions of missing branches in HTML and LCOV reports were incorrect when multi-line statements were involved (issue 1874_ and issue 1875_). These are now fixed.

  • Fix: Python 3.14 defers evaluation of annotations <pep649_>_ by moving them into separate code objects. That code is rarely executed, so coverage.py would mark them as missing, as reported in issue 1908_. Now they are ignored by coverage automatically.

  • Fixed an obscure and mysterious problem on PyPy 3.10 seemingly involving mocks, imports, and trace functions: issue 1902_. To be honest, I don't understand the problem or the solution, but git bisect helped find it, and now it's fixed.

  • Docs: re-wrote the :ref:subprocess page to put multiprocessing first and to highlight the correct use of :class:multiprocessing.Pool <python:multiprocessing.pool.Pool>.

.. _issue 1874: nedbat/coveragepy#1874 .. _issue 1875: nedbat/coveragepy#1875 .. _issue 1902: nedbat/coveragepy#1902 .. _issue 1908: nedbat/coveragepy#1908 .. _pep649: https://docs.python.org/3.14/whatsnew/3.14.html#pep-649-deferred-evaluation-of-annotations

.. _changes_7-6-9:

Commits
  • f0dcf65 docs: sample HTML for 7.6.10
  • 0f26f35 docs: prep for 7.6.10
  • 81c5e43 docs: rewrite the subprocess page
  • 878410c chore: make doc_upgrade
  • f1d320d chore: make upgrade
  • 67f1440 debug: this condition is never true. really?
  • c85eaba fix: multi-line statements no longer confuse branch target descriptions. #187...
  • 73e58fa refactor: clarify the code that fixes with-statement exits
  • e16c9cc typo: backslask
  • 865fd7f chore: bump the action-dependencies group with 4 updates (#1909)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.6.9&new-version=7.6.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c6669e2b7b0..d913a2c65f4 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -50,7 +50,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.6.9 +coverage==7.6.10 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index c11f5443ae2..7cc628723b4 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -50,7 +50,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.6.9 +coverage==7.6.10 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index eac7f7f1e39..11fc4409769 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -25,7 +25,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.6.9 +coverage==7.6.10 # via # -r requirements/test.in # pytest-cov From 7fea1913f0bd114c661580ac7f54641a6886c5bf Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 17:37:50 +0000 Subject: [PATCH 042/111] [PR #10283/e5d6016c backport][3.12] Clarify purpose of parameters `allow_redirects`, `max_redirects` for `ClientSession.request` (and related functions) (#10285) **This is a backport of PR #10283 as merged into master (e5d6016c8054a9b31f777e01bd400aa26bd6730d).** Co-authored-by: asrelo <47759736+asrelo@users.noreply.github.com> --- docs/client_reference.rst | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/docs/client_reference.rst b/docs/client_reference.rst index 7e7cdf12184..e18785ea796 100644 --- a/docs/client_reference.rst +++ b/docs/client_reference.rst @@ -452,11 +452,16 @@ The client session supports the context manager protocol for self closing. :param aiohttp.BasicAuth auth: an object that represents HTTP Basic Authorization (optional) - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed (up to ``max_redirects`` times) + and logged into :attr:`ClientResponse.history` and ``trace_configs``. + When ``False``, the original response is returned. + ``True`` by default (optional). :param int max_redirects: Maximum number of redirects to follow. - ``10`` by default. + :exc:`TooManyRedirects` is raised if the number is exceeded. + Ignored when ``allow_redirects=False``. + ``10`` by default. :param bool compress: Set to ``True`` if request has to be compressed with deflate encoding. If `compress` can not be combined @@ -558,8 +563,11 @@ The client session supports the context manager protocol for self closing. :param url: Request URL, :class:`str` or :class:`~yarl.URL` - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed and logged into + :attr:`ClientResponse.history`. + When ``False``, the original response is returned. + ``True`` by default (optional). :return ClientResponse: a :class:`client response ` object. @@ -627,8 +635,11 @@ The client session supports the context manager protocol for self closing. :param url: Request URL, :class:`str` or :class:`~yarl.URL` - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``False`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed and logged into + :attr:`ClientResponse.history`. + When ``False``, the original response is returned. + ``False`` by default (optional). :return ClientResponse: a :class:`client response ` object. @@ -645,8 +656,11 @@ The client session supports the context manager protocol for self closing. :param url: Request URL, :class:`str` or :class:`~yarl.URL` - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed and logged into + :attr:`ClientResponse.history`. + When ``False``, the original response is returned. + ``True`` by default (optional). :return ClientResponse: a :class:`client response ` object. @@ -878,8 +892,11 @@ certification chaining. :param aiohttp.BasicAuth auth: an object that represents HTTP Basic Authorization (optional) - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed (up to ``max_redirects`` times) + and logged into :attr:`ClientResponse.history` and ``trace_configs``. + When ``False``, the original response is returned. + ``True`` by default (optional). :param aiohttp.protocol.HttpVersion version: Request HTTP version (optional) From b103bbca6b753e5b5357367cbaed10c7eade5a44 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 17:37:59 +0000 Subject: [PATCH 043/111] [PR #10283/e5d6016c backport][3.11] Clarify purpose of parameters `allow_redirects`, `max_redirects` for `ClientSession.request` (and related functions) (#10284) **This is a backport of PR #10283 as merged into master (e5d6016c8054a9b31f777e01bd400aa26bd6730d).** Co-authored-by: asrelo <47759736+asrelo@users.noreply.github.com> --- docs/client_reference.rst | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/docs/client_reference.rst b/docs/client_reference.rst index c9031de5383..19e221a27ca 100644 --- a/docs/client_reference.rst +++ b/docs/client_reference.rst @@ -448,11 +448,16 @@ The client session supports the context manager protocol for self closing. :param aiohttp.BasicAuth auth: an object that represents HTTP Basic Authorization (optional) - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed (up to ``max_redirects`` times) + and logged into :attr:`ClientResponse.history` and ``trace_configs``. + When ``False``, the original response is returned. + ``True`` by default (optional). :param int max_redirects: Maximum number of redirects to follow. - ``10`` by default. + :exc:`TooManyRedirects` is raised if the number is exceeded. + Ignored when ``allow_redirects=False``. + ``10`` by default. :param bool compress: Set to ``True`` if request has to be compressed with deflate encoding. If `compress` can not be combined @@ -554,8 +559,11 @@ The client session supports the context manager protocol for self closing. :param url: Request URL, :class:`str` or :class:`~yarl.URL` - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed and logged into + :attr:`ClientResponse.history`. + When ``False``, the original response is returned. + ``True`` by default (optional). :return ClientResponse: a :class:`client response ` object. @@ -623,8 +631,11 @@ The client session supports the context manager protocol for self closing. :param url: Request URL, :class:`str` or :class:`~yarl.URL` - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``False`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed and logged into + :attr:`ClientResponse.history`. + When ``False``, the original response is returned. + ``False`` by default (optional). :return ClientResponse: a :class:`client response ` object. @@ -641,8 +652,11 @@ The client session supports the context manager protocol for self closing. :param url: Request URL, :class:`str` or :class:`~yarl.URL` - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed and logged into + :attr:`ClientResponse.history`. + When ``False``, the original response is returned. + ``True`` by default (optional). :return ClientResponse: a :class:`client response ` object. @@ -874,8 +888,11 @@ certification chaining. :param aiohttp.BasicAuth auth: an object that represents HTTP Basic Authorization (optional) - :param bool allow_redirects: If set to ``False``, do not follow redirects. - ``True`` by default (optional). + :param bool allow_redirects: Whether to process redirects or not. + When ``True``, redirects are followed (up to ``max_redirects`` times) + and logged into :attr:`ClientResponse.history` and ``trace_configs``. + When ``False``, the original response is returned. + ``True`` by default (optional). :param aiohttp.protocol.HttpVersion version: Request HTTP version (optional) From d8f38531007360e73af11a84984a022793010f0d Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 14:05:11 +0100 Subject: [PATCH 044/111] [PR #10281/d54b3e27 backport][3.12] Update workflow to use upload-artifact v4 and download-artifact v4 (#10289) **This is a backport of PR #10281 as merged into master (d54b3e2712bb40644752f35787f701fef792f969).** ## What do these changes do? This updates the ci/cd workflow to use the upload-artifact v4 and download-artifact v4 github actions. The currently used upload-artifact and download-artifact will no longer work at the end of next month. The changes are needed since v4 no longer has mutable artifacts, which was used to collect wheels from different architectures. Fix #8588, Fix #8589, Fix #9009, Fix #10189, Fix #10191 ## Are there changes in behavior for the user? No, the ci/cd workflow has been tested although without publishing. ## Related issue number ## Checklist - [x] I think the code is well written - [ ] Unit tests for the changes exist - [ ] Documentation reflects the changes - [ ] If you provide code modification, please add yourself to `CONTRIBUTORS.txt` * The format is <Name> <Surname>. * Please keep alphabetical order, the file is sorted by names. - [x] Add a new news fragment into the `CHANGES/` folder * name it `..rst` (e.g. `588.bugfix.rst`) * if you don't have an issue number, change it to the pull request number after creating the PR * `.bugfix`: A bug fix for something the maintainers deemed an improper undesired behavior that got corrected to match pre-agreed expectations. * `.feature`: A new behavior, public APIs. That sort of stuff. * `.deprecation`: A declaration of future API removals and breaking changes in behavior. * `.breaking`: When something public is removed in a breaking way. Could be deprecated in an earlier release. * `.doc`: Notable updates to the documentation structure or build process. * `.packaging`: Notes for downstreams about unobvious side effects and tooling. Changes in the test invocation considerations and runtime assumptions. * `.contrib`: Stuff that affects the contributor experience. e.g. Running tests, building the docs, setting up the development environment. * `.misc`: Changes that are hard to assign to any of the above categories. * Make sure to use full sentences with correct case and punctuation, for example: ```rst Fixed issue with non-ascii contents in doctest text files -- by :user:`contributor-gh-handle`. ``` Use the past tense or the present tense a non-imperative mood, referring to what's changed compared to the last released version of this project. Co-authored-by: Simon Lamon <32477463+silamon@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 28 +++++++++++++++++----------- CHANGES/10281.contrib.rst | 1 + 2 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 CHANGES/10281.contrib.rst diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index d5e119b779d..93d1ddded65 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -114,7 +114,7 @@ jobs: run: | make generate-llhttp - name: Upload llhttp generated files - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: llhttp path: vendor/llhttp/build @@ -177,7 +177,7 @@ jobs: python -m pip install -r requirements/test.in -c requirements/test.txt - name: Restore llhttp generated files if: ${{ matrix.no-extensions == '' }} - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -264,7 +264,7 @@ jobs: run: | python -m pip install -r requirements/test.in -c requirements/test.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -325,7 +325,7 @@ jobs: python -m pip install -r requirements/cython.in -c requirements/cython.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -336,9 +336,9 @@ jobs: run: | python -m build --sdist - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: dist + name: dist-sdist path: dist build-wheels: @@ -388,7 +388,7 @@ jobs: python -m pip install -r requirements/cython.in -c requirements/cython.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -399,9 +399,15 @@ jobs: uses: pypa/cibuildwheel@v2.22.0 env: CIBW_ARCHS_MACOS: x86_64 arm64 universal2 - - uses: actions/upload-artifact@v3 + - name: Upload wheels + uses: actions/upload-artifact@v4 with: - name: dist + name: >- + dist-${{ matrix.os }}-${{ + matrix.qemu + && matrix.qemu + || 'native' + }} path: ./wheelhouse/*.whl deploy: @@ -426,10 +432,10 @@ jobs: run: | echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token - name: Download distributions - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: - name: dist path: dist + pattern: dist-* - name: Collected dists run: | tree dist diff --git a/CHANGES/10281.contrib.rst b/CHANGES/10281.contrib.rst new file mode 100644 index 00000000000..b50b4d2f955 --- /dev/null +++ b/CHANGES/10281.contrib.rst @@ -0,0 +1 @@ +The CI/CD workflow has been updated to use `upload-artifact` v4 and `download-artifact` v4 GitHub Actions -- by :user:`silamon`. From 0c32bc88674f8d3814f0419eba14c0039d14d63e Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 14:05:30 +0100 Subject: [PATCH 045/111] [PR #10281/d54b3e27 backport][3.11] Update workflow to use upload-artifact v4 and download-artifact v4 (#10288) **This is a backport of PR #10281 as merged into master (d54b3e2712bb40644752f35787f701fef792f969).** ## What do these changes do? This updates the ci/cd workflow to use the upload-artifact v4 and download-artifact v4 github actions. The currently used upload-artifact and download-artifact will no longer work at the end of next month. The changes are needed since v4 no longer has mutable artifacts, which was used to collect wheels from different architectures. Fix #8588, Fix #8589, Fix #9009, Fix #10189, Fix #10191 ## Are there changes in behavior for the user? No, the ci/cd workflow has been tested although without publishing. ## Related issue number ## Checklist - [x] I think the code is well written - [ ] Unit tests for the changes exist - [ ] Documentation reflects the changes - [ ] If you provide code modification, please add yourself to `CONTRIBUTORS.txt` * The format is <Name> <Surname>. * Please keep alphabetical order, the file is sorted by names. - [x] Add a new news fragment into the `CHANGES/` folder * name it `..rst` (e.g. `588.bugfix.rst`) * if you don't have an issue number, change it to the pull request number after creating the PR * `.bugfix`: A bug fix for something the maintainers deemed an improper undesired behavior that got corrected to match pre-agreed expectations. * `.feature`: A new behavior, public APIs. That sort of stuff. * `.deprecation`: A declaration of future API removals and breaking changes in behavior. * `.breaking`: When something public is removed in a breaking way. Could be deprecated in an earlier release. * `.doc`: Notable updates to the documentation structure or build process. * `.packaging`: Notes for downstreams about unobvious side effects and tooling. Changes in the test invocation considerations and runtime assumptions. * `.contrib`: Stuff that affects the contributor experience. e.g. Running tests, building the docs, setting up the development environment. * `.misc`: Changes that are hard to assign to any of the above categories. * Make sure to use full sentences with correct case and punctuation, for example: ```rst Fixed issue with non-ascii contents in doctest text files -- by :user:`contributor-gh-handle`. ``` Use the past tense or the present tense a non-imperative mood, referring to what's changed compared to the last released version of this project. Co-authored-by: Simon Lamon <32477463+silamon@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 28 +++++++++++++++++----------- CHANGES/10281.contrib.rst | 1 + 2 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 CHANGES/10281.contrib.rst diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index d5e119b779d..93d1ddded65 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -114,7 +114,7 @@ jobs: run: | make generate-llhttp - name: Upload llhttp generated files - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: llhttp path: vendor/llhttp/build @@ -177,7 +177,7 @@ jobs: python -m pip install -r requirements/test.in -c requirements/test.txt - name: Restore llhttp generated files if: ${{ matrix.no-extensions == '' }} - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -264,7 +264,7 @@ jobs: run: | python -m pip install -r requirements/test.in -c requirements/test.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -325,7 +325,7 @@ jobs: python -m pip install -r requirements/cython.in -c requirements/cython.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -336,9 +336,9 @@ jobs: run: | python -m build --sdist - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: dist + name: dist-sdist path: dist build-wheels: @@ -388,7 +388,7 @@ jobs: python -m pip install -r requirements/cython.in -c requirements/cython.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: llhttp path: vendor/llhttp/build/ @@ -399,9 +399,15 @@ jobs: uses: pypa/cibuildwheel@v2.22.0 env: CIBW_ARCHS_MACOS: x86_64 arm64 universal2 - - uses: actions/upload-artifact@v3 + - name: Upload wheels + uses: actions/upload-artifact@v4 with: - name: dist + name: >- + dist-${{ matrix.os }}-${{ + matrix.qemu + && matrix.qemu + || 'native' + }} path: ./wheelhouse/*.whl deploy: @@ -426,10 +432,10 @@ jobs: run: | echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token - name: Download distributions - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: - name: dist path: dist + pattern: dist-* - name: Collected dists run: | tree dist diff --git a/CHANGES/10281.contrib.rst b/CHANGES/10281.contrib.rst new file mode 100644 index 00000000000..b50b4d2f955 --- /dev/null +++ b/CHANGES/10281.contrib.rst @@ -0,0 +1 @@ +The CI/CD workflow has been updated to use `upload-artifact` v4 and `download-artifact` v4 GitHub Actions -- by :user:`silamon`. From a286cc937714bbe65ad17bc7c4364bb1f115ccad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 16:12:22 +0000 Subject: [PATCH 046/111] Bump identify from 2.6.3 to 2.6.4 (#10278) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.3 to 2.6.4.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.3&new-version=2.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d913a2c65f4..f260d298f46 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -82,7 +82,7 @@ gidgethub==5.3.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.3 +identify==2.6.4 # via pre-commit idna==3.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 7cc628723b4..fcfb8b87d8b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -80,7 +80,7 @@ gidgethub==5.3.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.3 +identify==2.6.4 # via pre-commit idna==3.4 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index bfd9361e831..b1aacb161f2 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -29,7 +29,7 @@ filelock==3.16.1 # via virtualenv freezegun==1.5.1 # via -r requirements/lint.in -identify==2.6.3 +identify==2.6.4 # via pre-commit idna==3.7 # via trustme From 5cb5d968c8022a9165527a21d8db99859935b2d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Jan 2025 10:55:11 +0000 Subject: [PATCH 047/111] Bump trustme from 1.2.0 to 1.2.1 (#10291) Bumps [trustme](https://github.com/python-trio/trustme) from 1.2.0 to 1.2.1.
Release notes

Sourced from trustme's releases.

1.2.1

Bugfixes

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=trustme&package-manager=pip&previous-version=1.2.0&new-version=1.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f260d298f46..23ddeca1404 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -244,7 +244,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -trustme==1.2.0 ; platform_machine != "i686" +trustme==1.2.1 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index fcfb8b87d8b..6288bd3c3fe 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -235,7 +235,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -trustme==1.2.0 ; platform_machine != "i686" +trustme==1.2.1 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index b1aacb161f2..8fb469df46e 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -89,7 +89,7 @@ tomli==2.2.1 # mypy # pytest # slotscheck -trustme==1.2.0 +trustme==1.2.1 # via -r requirements/lint.in typing-extensions==4.12.2 # via diff --git a/requirements/test.txt b/requirements/test.txt index 11fc4409769..f100eccd210 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -117,7 +117,7 @@ tomli==2.2.1 # coverage # mypy # pytest -trustme==1.2.0 ; platform_machine != "i686" +trustme==1.2.1 ; platform_machine != "i686" # via -r requirements/test.in typing-extensions==4.12.2 # via From bd9a636e8eb44e36679425abf27cd712a3aff88b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Jan 2025 10:46:01 +0000 Subject: [PATCH 048/111] Bump virtualenv from 20.28.0 to 20.28.1 (#10292) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.28.0 to 20.28.1.
Release notes

Sourced from virtualenv's releases.

20.28.1

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.28.0...20.28.1

Changelog

Sourced from virtualenv's changelog.

v20.28.1 (2025-01-02)

Bugfixes - 20.28.1

- Skip tcsh tests on broken tcsh versions - by
:user:`gaborbernat`. (:issue:`2814`)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.28.0&new-version=20.28.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 23ddeca1404..bd8f825e079 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -266,7 +266,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.28.0 +virtualenv==20.28.1 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 6288bd3c3fe..794aa9618c3 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -257,7 +257,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.28.0 +virtualenv==20.28.1 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 8fb469df46e..47f9ee6388d 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -102,5 +102,5 @@ uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.28.0 +virtualenv==20.28.1 # via pre-commit From 1146697f1849f3d853f06284159cb426e19898a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 11:17:25 +0000 Subject: [PATCH 049/111] Bump setuptools from 75.6.0 to 75.7.0 (#10297) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 75.6.0 to 75.7.0.
Changelog

Sourced from setuptools's changelog.

v75.7.0

Features

  • pypa/distutils#310#4478)
  • Synced with pypa/distutils@ff11eed0c including bugfix for duplicate CFLAGS and adaption to support Python 3.13 is_abs in the C compiler (#4669). (#4790)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=75.6.0&new-version=75.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index bd8f825e079..5b201089fbe 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -278,7 +278,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==24.3.1 # via pip-tools -setuptools==75.6.0 +setuptools==75.7.0 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index 794aa9618c3..4ec810be26e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -269,7 +269,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==24.3.1 # via pip-tools -setuptools==75.6.0 +setuptools==75.7.0 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index d6793b46c9c..8b0d8032c7c 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -76,5 +76,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==75.6.0 +setuptools==75.7.0 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index 625c45c3d66..7163dda8abd 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==75.6.0 +setuptools==75.7.0 # via incremental From bee424c97b1981a997feac414393d44bee83439b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 11:19:52 +0000 Subject: [PATCH 050/111] Bump pygments from 2.18.0 to 2.19.0 (#10298) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pygments](https://github.com/pygments/pygments) from 2.18.0 to 2.19.0.
Release notes

Sourced from pygments's releases.

2.19.0

  • New lexers:

  • Updated lexers:

    • BQN: Various improvements (#2789)
    • C#: Fix number highlighting (#986, #2727), add file keyword (#2726, #2805, #2806), add various other keywords (#2745, #2770)
    • CSS: Add revert (#2766, #2775)
    • Debian control: Add Change-By field (#2757)
    • Elip: Improve punctuation handling (#2651)
    • Igor: Add int (#2801)
    • Ini: Fix quoted strings with embedded comment characters (#2767, #2720)
    • Java: Support functions returning types containing a question mark (#2737)
    • JavaScript: Support private identiiers (#2729, #2671)
    • LLVM: Add splat, improve floating-point number parsing (#2755)
    • Lua: Improve variable detection, add built-in functions (#2829)
    • Macaulay2: Update to 1.24.11 (#2800)
    • PostgreSQL: Add more EXPLAIN keywords (#2785), handle / (#2774)
    • S-Lexer: Fix keywords (#2082, #2750)
    • TransactSQL: Fix single-line comments (#2717)
    • Turtle: Fix triple quoted strings (#2744, #2758)
    • Typst: Various improvements (#2724)
    • Various: Add ^ as an operator to Matlab, Octave and Scilab (#2798)
    • Vyper: Add staticcall and extcall (#2719)
  • Mark file extensions for HTML/XML+Evoque as aliases (#2743)
  • Add a color for Operator.Word to the rrt style (#2709)
  • Fix broken link in the documentation (#2803, #2804)
  • Drop executable bit where not needed (#2781)
  • Reduce Mojo priority relative to Python in ``analyze_text´` (#2771, #2772)
  • Fix documentation builds (#2712)
  • Match example file names to the lexer's name (#2713, #2715)
  • Ensure lexer metadata is present (#2714)
  • Search more directories on macOS for fonts (#2809)
  • Improve test robustness (#2812)
Changelog

Sourced from pygments's changelog.

Version 2.19.0

(released January 5th, 2025)

  • New lexers:

  • Updated lexers:

    • BQN: Various improvements (#2789)
    • C#: Fix number highlighting (#986, #2727), add file keyword (#2726, #2805, #2806), add various other keywords (#2745, #2770)
    • CSS: Add revert (#2766, #2775)
    • Debian control: Add Change-By field (#2757)
    • Elip: Improve punctuation handling (#2651)
    • Igor: Add int (#2801)
    • Ini: Fix quoted strings with embedded comment characters (#2767, #2720)
    • Java: Support functions returning types containing a question mark (#2737)
    • JavaScript: Support private identiiers (#2729, #2671)
    • LLVM: Add splat, improve floating-point number parsing (#2755)
    • Lua: Improve variable detection, add built-in functions (#2829)
    • Macaulay2: Update to 1.24.11 (#2800)
    • PostgreSQL: Add more EXPLAIN keywords (#2785), handle / (#2774)
    • S-Lexer: Fix keywords (#2082, #2750)
    • TransactSQL: Fix single-line comments (#2717)
    • Turtle: Fix triple quoted strings (#2744, #2758)
    • Typst: Various improvements (#2724)
    • Various: Add ^ as an operator to Matlab, Octave and Scilab (#2798)
    • Vyper: Add staticcall and extcall (#2719)
  • Mark file extensions for HTML/XML+Evoque as aliases (#2743)
  • Add a color for Operator.Word to the rrt style (#2709)
  • Fix broken link in the documentation (#2803, #2804)
  • Drop executable bit where not needed (#2781)
  • Reduce Mojo priority relative to Python in ``analyze_text´` (#2771, #2772)
  • Fix documentation builds (#2712)
  • Match example file names to the lexer's name (#2713, #2715)
  • Ensure lexer metadata is present (#2714)
  • Search more directories on macOS for fonts (#2809)
  • Improve test robustness (#2812)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pygments&package-manager=pip&previous-version=2.18.0&new-version=2.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5b201089fbe..72ee160e7d6 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -148,7 +148,7 @@ pydantic-core==2.27.2 # via pydantic pyenchant==3.2.2 # via sphinxcontrib-spelling -pygments==2.18.0 +pygments==2.19.0 # via # rich # sphinx diff --git a/requirements/dev.txt b/requirements/dev.txt index 4ec810be26e..54c0722ec1f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -143,7 +143,7 @@ pydantic==2.10.4 # via python-on-whales pydantic-core==2.27.2 # via pydantic -pygments==2.18.0 +pygments==2.19.0 # via # rich # sphinx diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 8b0d8032c7c..9d979436ded 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -34,7 +34,7 @@ packaging==24.2 # via sphinx pyenchant==3.2.2 # via sphinxcontrib-spelling -pygments==2.18.0 +pygments==2.19.0 # via sphinx requests==2.32.3 # via diff --git a/requirements/doc.txt b/requirements/doc.txt index 7163dda8abd..281cd202d6e 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -32,7 +32,7 @@ markupsafe==3.0.2 # via jinja2 packaging==24.2 # via sphinx -pygments==2.18.0 +pygments==2.19.0 # via sphinx requests==2.32.3 # via sphinx diff --git a/requirements/lint.txt b/requirements/lint.txt index 47f9ee6388d..0f9e999eae4 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -61,7 +61,7 @@ pydantic==2.10.4 # via python-on-whales pydantic-core==2.27.2 # via pydantic -pygments==2.18.0 +pygments==2.19.0 # via rich pytest==8.3.4 # via diff --git a/requirements/test.txt b/requirements/test.txt index f100eccd210..4a187bbdc28 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -81,7 +81,7 @@ pydantic==2.10.4 # via python-on-whales pydantic-core==2.27.2 # via pydantic -pygments==2.18.0 +pygments==2.19.0 # via rich pytest==8.3.4 # via From d5dd9d049a47cfba92746973aa862b13a09668b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 11:26:36 +0000 Subject: [PATCH 051/111] Bump identify from 2.6.4 to 2.6.5 (#10299) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.4 to 2.6.5.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.4&new-version=2.6.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 72ee160e7d6..f5ef3c0b380 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -82,7 +82,7 @@ gidgethub==5.3.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.4 +identify==2.6.5 # via pre-commit idna==3.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 54c0722ec1f..922f5caed8b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -80,7 +80,7 @@ gidgethub==5.3.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.4 +identify==2.6.5 # via pre-commit idna==3.4 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 0f9e999eae4..70360ce5c30 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -29,7 +29,7 @@ filelock==3.16.1 # via virtualenv freezegun==1.5.1 # via -r requirements/lint.in -identify==2.6.4 +identify==2.6.5 # via pre-commit idna==3.7 # via trustme From 52e4ea6785579dee2e1b397a4ce7e844f88b8526 Mon Sep 17 00:00:00 2001 From: Cycloctane Date: Tue, 7 Jan 2025 03:20:02 +0800 Subject: [PATCH 052/111] [PR #10300/3d06cc1][3.12] Use kwargs in aiohttp.client.request (#10302) (cherry picked from commit 3d06cc14ad82ce4c207449b593955c23bd5e4d88) --- CHANGES/10300.feature.rst | 2 + aiohttp/client.py | 178 ++++++++++++++------------------ docs/spelling_wordlist.txt | 2 + tests/test_client_functional.py | 16 +++ 4 files changed, 96 insertions(+), 102 deletions(-) create mode 100644 CHANGES/10300.feature.rst diff --git a/CHANGES/10300.feature.rst b/CHANGES/10300.feature.rst new file mode 100644 index 00000000000..3632c3d41a7 --- /dev/null +++ b/CHANGES/10300.feature.rst @@ -0,0 +1,2 @@ +Update :py:func:`~aiohttp.request` to make it accept ``_RequestOptions`` kwargs. +-- by :user:`Cycloctane`. diff --git a/aiohttp/client.py b/aiohttp/client.py index fbf691e89d1..2d5a9a4cdce 100644 --- a/aiohttp/client.py +++ b/aiohttp/client.py @@ -1469,106 +1469,80 @@ async def __aexit__( await self._session.close() -def request( - method: str, - url: StrOrURL, - *, - params: Query = None, - data: Any = None, - json: Any = None, - headers: Optional[LooseHeaders] = None, - skip_auto_headers: Optional[Iterable[str]] = None, - auth: Optional[BasicAuth] = None, - allow_redirects: bool = True, - max_redirects: int = 10, - compress: Optional[str] = None, - chunked: Optional[bool] = None, - expect100: bool = False, - raise_for_status: Optional[bool] = None, - read_until_eof: bool = True, - proxy: Optional[StrOrURL] = None, - proxy_auth: Optional[BasicAuth] = None, - timeout: Union[ClientTimeout, object] = sentinel, - cookies: Optional[LooseCookies] = None, - version: HttpVersion = http.HttpVersion11, - connector: Optional[BaseConnector] = None, - read_bufsize: Optional[int] = None, - loop: Optional[asyncio.AbstractEventLoop] = None, - max_line_size: int = 8190, - max_field_size: int = 8190, -) -> _SessionRequestContextManager: - """Constructs and sends a request. - - Returns response object. - method - HTTP method - url - request url - params - (optional) Dictionary or bytes to be sent in the query - string of the new request - data - (optional) Dictionary, bytes, or file-like object to - send in the body of the request - json - (optional) Any json compatible python object - headers - (optional) Dictionary of HTTP Headers to send with - the request - cookies - (optional) Dict object to send with the request - auth - (optional) BasicAuth named tuple represent HTTP Basic Auth - auth - aiohttp.helpers.BasicAuth - allow_redirects - (optional) If set to False, do not follow - redirects - version - Request HTTP version. - compress - Set to True if request has to be compressed - with deflate encoding. - chunked - Set to chunk size for chunked transfer encoding. - expect100 - Expect 100-continue response from server. - connector - BaseConnector sub-class instance to support - connection pooling. - read_until_eof - Read response until eof if response - does not have Content-Length header. - loop - Optional event loop. - timeout - Optional ClientTimeout settings structure, 5min - total timeout by default. - Usage:: - >>> import aiohttp - >>> resp = await aiohttp.request('GET', 'http://python.org/') - >>> resp - - >>> data = await resp.read() - """ - connector_owner = False - if connector is None: - connector_owner = True - connector = TCPConnector(loop=loop, force_close=True) - - session = ClientSession( - loop=loop, - cookies=cookies, - version=version, - timeout=timeout, - connector=connector, - connector_owner=connector_owner, - ) +if sys.version_info >= (3, 11) and TYPE_CHECKING: - return _SessionRequestContextManager( - session._request( - method, - url, - params=params, - data=data, - json=json, - headers=headers, - skip_auto_headers=skip_auto_headers, - auth=auth, - allow_redirects=allow_redirects, - max_redirects=max_redirects, - compress=compress, - chunked=chunked, - expect100=expect100, - raise_for_status=raise_for_status, - read_until_eof=read_until_eof, - proxy=proxy, - proxy_auth=proxy_auth, - read_bufsize=read_bufsize, - max_line_size=max_line_size, - max_field_size=max_field_size, - ), - session, - ) + def request( + method: str, + url: StrOrURL, + *, + version: HttpVersion = http.HttpVersion11, + connector: Optional[BaseConnector] = None, + loop: Optional[asyncio.AbstractEventLoop] = None, + **kwargs: Unpack[_RequestOptions], + ) -> _SessionRequestContextManager: ... + +else: + + def request( + method: str, + url: StrOrURL, + *, + version: HttpVersion = http.HttpVersion11, + connector: Optional[BaseConnector] = None, + loop: Optional[asyncio.AbstractEventLoop] = None, + **kwargs: Any, + ) -> _SessionRequestContextManager: + """Constructs and sends a request. + + Returns response object. + method - HTTP method + url - request url + params - (optional) Dictionary or bytes to be sent in the query + string of the new request + data - (optional) Dictionary, bytes, or file-like object to + send in the body of the request + json - (optional) Any json compatible python object + headers - (optional) Dictionary of HTTP Headers to send with + the request + cookies - (optional) Dict object to send with the request + auth - (optional) BasicAuth named tuple represent HTTP Basic Auth + auth - aiohttp.helpers.BasicAuth + allow_redirects - (optional) If set to False, do not follow + redirects + version - Request HTTP version. + compress - Set to True if request has to be compressed + with deflate encoding. + chunked - Set to chunk size for chunked transfer encoding. + expect100 - Expect 100-continue response from server. + connector - BaseConnector sub-class instance to support + connection pooling. + read_until_eof - Read response until eof if response + does not have Content-Length header. + loop - Optional event loop. + timeout - Optional ClientTimeout settings structure, 5min + total timeout by default. + Usage:: + >>> import aiohttp + >>> async with aiohttp.request('GET', 'http://python.org/') as resp: + ... print(resp) + ... data = await resp.read() + + """ + connector_owner = False + if connector is None: + connector_owner = True + connector = TCPConnector(loop=loop, force_close=True) + + session = ClientSession( + loop=loop, + cookies=kwargs.pop("cookies", None), + version=version, + timeout=kwargs.pop("timeout", sentinel), + connector=connector, + connector_owner=connector_owner, + ) + + return _SessionRequestContextManager( + session._request(method, url, **kwargs), + session, + ) diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index c4e10b44987..3e41af824e4 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -13,6 +13,7 @@ app app’s apps arg +args Arsenic async asyncio @@ -169,6 +170,7 @@ keepaliving kib KiB kwarg +kwargs latin lifecycle linux diff --git a/tests/test_client_functional.py b/tests/test_client_functional.py index 05af9ae25ad..ba75e8e93c6 100644 --- a/tests/test_client_functional.py +++ b/tests/test_client_functional.py @@ -3382,6 +3382,22 @@ async def handler(request: web.Request) -> web.Response: await server.close() +async def test_aiohttp_request_ssl( + aiohttp_server: AiohttpServer, + ssl_ctx: ssl.SSLContext, + client_ssl_ctx: ssl.SSLContext, +) -> None: + async def handler(request: web.Request) -> web.Response: + return web.Response() + + app = web.Application() + app.router.add_get("/", handler) + server = await aiohttp_server(app, ssl=ssl_ctx) + + async with aiohttp.request("GET", server.make_url("/"), ssl=client_ssl_ctx) as resp: + assert resp.status == 200 + + async def test_yield_from_in_session_request(aiohttp_client: AiohttpClient) -> None: # a test for backward compatibility with yield from syntax async def handler(request): From 3d3a088447434bb9b048d5e74d6da07ef416da09 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:10:40 +0000 Subject: [PATCH 053/111] [PR #10301/77f25a0a backport][3.12] Update docs for aiohttp.request (#10308) **This is a backport of PR #10301 as merged into master (77f25a0a4da3cc20f4c5b6d12be9d273ea02f1df).** Co-authored-by: Cycloctane --- docs/client_reference.rst | 125 +++++++++++++++++++++++++++++--------- 1 file changed, 97 insertions(+), 28 deletions(-) diff --git a/docs/client_reference.rst b/docs/client_reference.rst index e18785ea796..013c43a13e4 100644 --- a/docs/client_reference.rst +++ b/docs/client_reference.rst @@ -517,7 +517,7 @@ The client session supports the context manager protocol for self closing. .. versionadded:: 3.0 :param str server_hostname: Sets or overrides the host name that the - target server’s certificate will be matched against. + target server's certificate will be matched against. See :py:meth:`asyncio.loop.create_connection` for more information. @@ -854,14 +854,21 @@ certification chaining. .. function:: request(method, url, *, params=None, data=None, \ json=None,\ - headers=None, cookies=None, auth=None, \ + cookies=None, headers=None, skip_auto_headers=None, auth=None, \ allow_redirects=True, max_redirects=10, \ - encoding='utf-8', \ - version=HttpVersion(major=1, minor=1), \ - compress=None, chunked=None, expect100=False, raise_for_status=False, \ + compress=False, chunked=None, expect100=False, raise_for_status=None, \ + read_until_eof=True, \ + proxy=None, proxy_auth=None, \ + timeout=sentinel, ssl=True, \ + server_hostname=None, \ + proxy_headers=None, \ + trace_request_ctx=None, \ read_bufsize=None, \ - connector=None, loop=None,\ - read_until_eof=True, timeout=sentinel) + auto_decompress=None, \ + max_line_size=None, \ + max_field_size=None, \ + version=aiohttp.HttpVersion11, \ + connector=None) :async: Asynchronous context manager for performing an asynchronous HTTP @@ -874,8 +881,20 @@ certification chaining. be encoded with :class:`~yarl.URL` (see :class:`~yarl.URL` to skip encoding). - :param dict params: Parameters to be sent in the query - string of the new request (optional) + :param params: Mapping, iterable of tuple of *key*/*value* pairs or + string to be sent as parameters in the query + string of the new request. Ignored for subsequent + redirected requests (optional) + + Allowed values are: + + - :class:`collections.abc.Mapping` e.g. :class:`dict`, + :class:`multidict.MultiDict` or + :class:`multidict.MultiDictProxy` + - :class:`collections.abc.Iterable` e.g. :class:`tuple` or + :class:`list` + - :class:`str` with preferably url-encoded content + (**Warning:** content will not be encoded by *aiohttp*) :param data: The data to send in the body of the request. This can be a :class:`FormData` object or anything that can be passed into @@ -885,28 +904,46 @@ certification chaining. :param json: Any json compatible python object (optional). *json* and *data* parameters could not be used at the same time. + :param dict cookies: HTTP Cookies to send with the request (optional) + :param dict headers: HTTP Headers to send with the request (optional) - :param dict cookies: Cookies to send with the request (optional) + :param skip_auto_headers: set of headers for which autogeneration + should be skipped. + + *aiohttp* autogenerates headers like ``User-Agent`` or + ``Content-Type`` if these headers are not explicitly + passed. Using ``skip_auto_headers`` parameter allows to skip + that generation. + + Iterable of :class:`str` or :class:`~multidict.istr` + (optional) :param aiohttp.BasicAuth auth: an object that represents HTTP Basic Authorization (optional) :param bool allow_redirects: Whether to process redirects or not. - When ``True``, redirects are followed (up to ``max_redirects`` times) - and logged into :attr:`ClientResponse.history` and ``trace_configs``. - When ``False``, the original response is returned. - ``True`` by default (optional). + When ``True``, redirects are followed (up to ``max_redirects`` times) + and logged into :attr:`ClientResponse.history` and ``trace_configs``. + When ``False``, the original response is returned. + ``True`` by default (optional). - :param aiohttp.protocol.HttpVersion version: Request HTTP version (optional) + :param int max_redirects: Maximum number of redirects to follow. + :exc:`TooManyRedirects` is raised if the number is exceeded. + Ignored when ``allow_redirects=False``. + ``10`` by default. :param bool compress: Set to ``True`` if request has to be compressed - with deflate encoding. - ``False`` instructs aiohttp to not compress data. + with deflate encoding. If `compress` can not be combined + with a *Content-Encoding* and *Content-Length* headers. ``None`` by default (optional). :param int chunked: Enables chunked transfer encoding. - ``None`` by default (optional). + It is up to the developer + to decide how to chunk data streams. If chunking is enabled, aiohttp + encodes the provided chunks in the "Transfer-encoding: chunked" format. + If *chunked* is set, then the *Transfer-encoding* and *content-length* + headers are disallowed. ``None`` by default (optional). :param bool expect100: Expect 100-continue response from server. ``False`` by default (optional). @@ -920,28 +957,60 @@ certification chaining. .. versionadded:: 3.4 - :param aiohttp.BaseConnector connector: BaseConnector sub-class - instance to support connection pooling. - :param bool read_until_eof: Read response until EOF if response does not have Content-Length header. ``True`` by default (optional). + :param proxy: Proxy URL, :class:`str` or :class:`~yarl.URL` (optional) + + :param aiohttp.BasicAuth proxy_auth: an object that represents proxy HTTP + Basic Authorization (optional) + + :param timeout: a :class:`ClientTimeout` settings structure, 300 seconds (5min) + total timeout, 30 seconds socket connect timeout by default. + + :param ssl: SSL validation mode. ``True`` for default SSL check + (:func:`ssl.create_default_context` is used), + ``False`` for skip SSL certificate validation, + :class:`aiohttp.Fingerprint` for fingerprint + validation, :class:`ssl.SSLContext` for custom SSL + certificate validation. + + Supersedes *verify_ssl*, *ssl_context* and + *fingerprint* parameters. + + :param str server_hostname: Sets or overrides the host name that the + target server's certificate will be matched against. + + See :py:meth:`asyncio.loop.create_connection` + for more information. + + :param collections.abc.Mapping proxy_headers: HTTP headers to send to the proxy + if the parameter proxy has been provided. + + :param trace_request_ctx: Object used to give as a kw param for each new + :class:`TraceConfig` object instantiated, + used to give information to the + tracers that is only available at request time. + :param int read_bufsize: Size of the read buffer (:attr:`ClientResponse.content`). ``None`` by default, it means that the session global value is used. .. versionadded:: 3.7 - :param timeout: a :class:`ClientTimeout` settings structure, 300 seconds (5min) - total timeout, 30 seconds socket connect timeout by default. + :param bool auto_decompress: Automatically decompress response body. + May be used to enable/disable auto decompression on a per-request basis. - :param loop: :ref:`event loop` - used for processing HTTP requests. - If param is ``None``, :func:`asyncio.get_event_loop` - is used for getting default event loop. + :param int max_line_size: Maximum allowed size of lines in responses. - .. deprecated:: 2.0 + :param int max_field_size: Maximum allowed size of header fields in responses. + + :param aiohttp.protocol.HttpVersion version: Request HTTP version, + ``HTTP 1.1`` by default. (optional) + + :param aiohttp.BaseConnector connector: BaseConnector sub-class + instance to support connection pooling. (optional) :return ClientResponse: a :class:`client response ` object. From c42472fac83026562d9f41183918f214528ebce2 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:11:02 +0000 Subject: [PATCH 054/111] =?UTF-8?q?[PR=20#10304/b6ffb1d1=20backport][3.12]?= =?UTF-8?q?=20Add=20aiohttp-openmetrics=20to=20list=20of=20third=20party?= =?UTF-8?q?=20aiohttp-related=20python=E2=80=A6=20(#10306)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **This is a backport of PR #10304 as merged into master (b6ffb1d1a3b710c600f06c9d21cf62f75d324767).** Co-authored-by: Jelmer Vernooij --- CHANGES/10304.doc.rst | 1 + docs/third_party.rst | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 CHANGES/10304.doc.rst diff --git a/CHANGES/10304.doc.rst b/CHANGES/10304.doc.rst new file mode 100644 index 00000000000..cedac3ef881 --- /dev/null +++ b/CHANGES/10304.doc.rst @@ -0,0 +1 @@ +Added ``aiohttp-openmetrics`` to list of third-party libraries -- by :user:`jelmer`. diff --git a/docs/third_party.rst b/docs/third_party.rst index e8095c7f09d..145a505a5de 100644 --- a/docs/third_party.rst +++ b/docs/third_party.rst @@ -305,3 +305,6 @@ ask to raise the status. - `aiohttp-asgi-connector `_ An aiohttp connector for using a ``ClientSession`` to interface directly with separate ASGI applications. + +- `aiohttp-openmetrics `_ + An aiohttp middleware for exposing Prometheus metrics. From 64730512593d58b389f8e203f7966da72fe13a92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:26:08 +0000 Subject: [PATCH 055/111] Bump pygments from 2.19.0 to 2.19.1 (#10310) Bumps [pygments](https://github.com/pygments/pygments) from 2.19.0 to 2.19.1.
Release notes

Sourced from pygments's releases.

2.19.1

  • Updated lexers:

    • Ini: Fix quoted string regression introduced in 2.19.0
    • Lua: Fix a regression introduced in 2.19.0
Changelog

Sourced from pygments's changelog.

Version 2.19.1

(released January 6th, 2025)

  • Updated lexers:

    • Ini: Fix quoted string regression introduced in 2.19.0
    • Lua: Fix a regression introduced in 2.19.0
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pygments&package-manager=pip&previous-version=2.19.0&new-version=2.19.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f5ef3c0b380..c762661470a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -148,7 +148,7 @@ pydantic-core==2.27.2 # via pydantic pyenchant==3.2.2 # via sphinxcontrib-spelling -pygments==2.19.0 +pygments==2.19.1 # via # rich # sphinx diff --git a/requirements/dev.txt b/requirements/dev.txt index 922f5caed8b..75cf289cad1 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -143,7 +143,7 @@ pydantic==2.10.4 # via python-on-whales pydantic-core==2.27.2 # via pydantic -pygments==2.19.0 +pygments==2.19.1 # via # rich # sphinx diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 9d979436ded..01941d6a212 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -34,7 +34,7 @@ packaging==24.2 # via sphinx pyenchant==3.2.2 # via sphinxcontrib-spelling -pygments==2.19.0 +pygments==2.19.1 # via sphinx requests==2.32.3 # via diff --git a/requirements/doc.txt b/requirements/doc.txt index 281cd202d6e..918dee7658d 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -32,7 +32,7 @@ markupsafe==3.0.2 # via jinja2 packaging==24.2 # via sphinx -pygments==2.19.0 +pygments==2.19.1 # via sphinx requests==2.32.3 # via sphinx diff --git a/requirements/lint.txt b/requirements/lint.txt index 70360ce5c30..affc479af2c 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -61,7 +61,7 @@ pydantic==2.10.4 # via python-on-whales pydantic-core==2.27.2 # via pydantic -pygments==2.19.0 +pygments==2.19.1 # via rich pytest==8.3.4 # via diff --git a/requirements/test.txt b/requirements/test.txt index 4a187bbdc28..d4c088096ce 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -81,7 +81,7 @@ pydantic==2.10.4 # via python-on-whales pydantic-core==2.27.2 # via pydantic -pygments==2.19.0 +pygments==2.19.1 # via rich pytest==8.3.4 # via From 8bd21e22815e9d349731a5458e8f13c317bfe852 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 10:48:24 +0000 Subject: [PATCH 056/111] Bump pytest-codspeed from 3.1.0 to 3.1.1 (#10312) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) from 3.1.0 to 3.1.1.
Release notes

Sourced from pytest-codspeed's releases.

v3.1.1

What's Changed

⚙️ Internals

Full Changelog: https://github.com/CodSpeedHQ/pytest-codspeed/compare/v3.1.0...v3.1.1

Changelog

Sourced from pytest-codspeed's changelog.

[3.1.1] - 2025-01-07

⚙️ Internals

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-codspeed&package-manager=pip&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c762661470a..b9506be1126 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -168,7 +168,7 @@ pytest==8.3.4 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.1.0 +pytest-codspeed==3.1.1 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 75cf289cad1..951be055777 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -163,7 +163,7 @@ pytest==8.3.4 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.1.0 +pytest-codspeed==3.1.1 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index affc479af2c..e1a78ab3f46 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -68,7 +68,7 @@ pytest==8.3.4 # -r requirements/lint.in # pytest-codspeed # pytest-mock -pytest-codspeed==3.1.0 +pytest-codspeed==3.1.1 # via -r requirements/lint.in pytest-mock==3.14.0 # via -r requirements/lint.in diff --git a/requirements/test.txt b/requirements/test.txt index d4c088096ce..da5b81f617b 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -90,7 +90,7 @@ pytest==8.3.4 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.1.0 +pytest-codspeed==3.1.1 # via -r requirements/test.in pytest-cov==6.0.0 # via -r requirements/test.in From 49be3829dd74e7a62ece705315813d62877c176f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 11:16:07 +0000 Subject: [PATCH 057/111] Bump pytest-codspeed from 3.1.1 to 3.1.2 (#10318) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) from 3.1.1 to 3.1.2.
Release notes

Sourced from pytest-codspeed's releases.

v3.1.2

What's Changed

🐛 Bug Fixes

Full Changelog: https://github.com/CodSpeedHQ/pytest-codspeed/compare/v3.1.1...v3.1.2

Changelog

Sourced from pytest-codspeed's changelog.

[3.1.2] - 2025-01-09

🐛 Bug Fixes

  • Update package_data to include header and source files for valgrind wrapper by @​art049 in #64
Commits
  • da9270d Release v3.1.2 🚀
  • 2cdee69 fix: update package_data to include header and source files for valgrind wrapper
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-codspeed&package-manager=pip&previous-version=3.1.1&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b9506be1126..4664c6a392a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -168,7 +168,7 @@ pytest==8.3.4 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.1.1 +pytest-codspeed==3.1.2 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 951be055777..def1d779cf4 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -163,7 +163,7 @@ pytest==8.3.4 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.1.1 +pytest-codspeed==3.1.2 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index e1a78ab3f46..4652d40247c 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -68,7 +68,7 @@ pytest==8.3.4 # -r requirements/lint.in # pytest-codspeed # pytest-mock -pytest-codspeed==3.1.1 +pytest-codspeed==3.1.2 # via -r requirements/lint.in pytest-mock==3.14.0 # via -r requirements/lint.in diff --git a/requirements/test.txt b/requirements/test.txt index da5b81f617b..00beee69f1e 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -90,7 +90,7 @@ pytest==8.3.4 # pytest-cov # pytest-mock # pytest-xdist -pytest-codspeed==3.1.1 +pytest-codspeed==3.1.2 # via -r requirements/test.in pytest-cov==6.0.0 # via -r requirements/test.in From 6ef83f516c8a13918a5f673ec171cb5bfba04319 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 03:28:25 +0100 Subject: [PATCH 058/111] [PR #10301/77f25a0a backport][3.11] Update docs for aiohttp.request (#10307) **This is a backport of PR #10301 as merged into master (77f25a0a4da3cc20f4c5b6d12be9d273ea02f1df).** ## What do these changes do? Noticed that the content of `aiohttp.request` reference in documentation needs to be changed after #10300 . This pr update docs for that. ## Are there changes in behavior for the user? ## Is it a substantial burden for the maintainers to support this? ## Related issue number ## Checklist - [ ] I think the code is well written - [ ] Unit tests for the changes exist - [x] Documentation reflects the changes - [ ] If you provide code modification, please add yourself to `CONTRIBUTORS.txt` * The format is <Name> <Surname>. * Please keep alphabetical order, the file is sorted by names. - [ ] Add a new news fragment into the `CHANGES/` folder Co-authored-by: Cycloctane --- docs/client_reference.rst | 125 +++++++++++++++++++++++++++++--------- 1 file changed, 97 insertions(+), 28 deletions(-) diff --git a/docs/client_reference.rst b/docs/client_reference.rst index 19e221a27ca..26537161971 100644 --- a/docs/client_reference.rst +++ b/docs/client_reference.rst @@ -513,7 +513,7 @@ The client session supports the context manager protocol for self closing. .. versionadded:: 3.0 :param str server_hostname: Sets or overrides the host name that the - target server’s certificate will be matched against. + target server's certificate will be matched against. See :py:meth:`asyncio.loop.create_connection` for more information. @@ -850,14 +850,21 @@ certification chaining. .. function:: request(method, url, *, params=None, data=None, \ json=None,\ - headers=None, cookies=None, auth=None, \ + cookies=None, headers=None, skip_auto_headers=None, auth=None, \ allow_redirects=True, max_redirects=10, \ - encoding='utf-8', \ - version=HttpVersion(major=1, minor=1), \ - compress=None, chunked=None, expect100=False, raise_for_status=False, \ + compress=False, chunked=None, expect100=False, raise_for_status=None, \ + read_until_eof=True, \ + proxy=None, proxy_auth=None, \ + timeout=sentinel, ssl=True, \ + server_hostname=None, \ + proxy_headers=None, \ + trace_request_ctx=None, \ read_bufsize=None, \ - connector=None, loop=None,\ - read_until_eof=True, timeout=sentinel) + auto_decompress=None, \ + max_line_size=None, \ + max_field_size=None, \ + version=aiohttp.HttpVersion11, \ + connector=None) :async: Asynchronous context manager for performing an asynchronous HTTP @@ -870,8 +877,20 @@ certification chaining. be encoded with :class:`~yarl.URL` (see :class:`~yarl.URL` to skip encoding). - :param dict params: Parameters to be sent in the query - string of the new request (optional) + :param params: Mapping, iterable of tuple of *key*/*value* pairs or + string to be sent as parameters in the query + string of the new request. Ignored for subsequent + redirected requests (optional) + + Allowed values are: + + - :class:`collections.abc.Mapping` e.g. :class:`dict`, + :class:`multidict.MultiDict` or + :class:`multidict.MultiDictProxy` + - :class:`collections.abc.Iterable` e.g. :class:`tuple` or + :class:`list` + - :class:`str` with preferably url-encoded content + (**Warning:** content will not be encoded by *aiohttp*) :param data: The data to send in the body of the request. This can be a :class:`FormData` object or anything that can be passed into @@ -881,28 +900,46 @@ certification chaining. :param json: Any json compatible python object (optional). *json* and *data* parameters could not be used at the same time. + :param dict cookies: HTTP Cookies to send with the request (optional) + :param dict headers: HTTP Headers to send with the request (optional) - :param dict cookies: Cookies to send with the request (optional) + :param skip_auto_headers: set of headers for which autogeneration + should be skipped. + + *aiohttp* autogenerates headers like ``User-Agent`` or + ``Content-Type`` if these headers are not explicitly + passed. Using ``skip_auto_headers`` parameter allows to skip + that generation. + + Iterable of :class:`str` or :class:`~multidict.istr` + (optional) :param aiohttp.BasicAuth auth: an object that represents HTTP Basic Authorization (optional) :param bool allow_redirects: Whether to process redirects or not. - When ``True``, redirects are followed (up to ``max_redirects`` times) - and logged into :attr:`ClientResponse.history` and ``trace_configs``. - When ``False``, the original response is returned. - ``True`` by default (optional). + When ``True``, redirects are followed (up to ``max_redirects`` times) + and logged into :attr:`ClientResponse.history` and ``trace_configs``. + When ``False``, the original response is returned. + ``True`` by default (optional). - :param aiohttp.protocol.HttpVersion version: Request HTTP version (optional) + :param int max_redirects: Maximum number of redirects to follow. + :exc:`TooManyRedirects` is raised if the number is exceeded. + Ignored when ``allow_redirects=False``. + ``10`` by default. :param bool compress: Set to ``True`` if request has to be compressed - with deflate encoding. - ``False`` instructs aiohttp to not compress data. + with deflate encoding. If `compress` can not be combined + with a *Content-Encoding* and *Content-Length* headers. ``None`` by default (optional). :param int chunked: Enables chunked transfer encoding. - ``None`` by default (optional). + It is up to the developer + to decide how to chunk data streams. If chunking is enabled, aiohttp + encodes the provided chunks in the "Transfer-encoding: chunked" format. + If *chunked* is set, then the *Transfer-encoding* and *content-length* + headers are disallowed. ``None`` by default (optional). :param bool expect100: Expect 100-continue response from server. ``False`` by default (optional). @@ -916,28 +953,60 @@ certification chaining. .. versionadded:: 3.4 - :param aiohttp.BaseConnector connector: BaseConnector sub-class - instance to support connection pooling. - :param bool read_until_eof: Read response until EOF if response does not have Content-Length header. ``True`` by default (optional). + :param proxy: Proxy URL, :class:`str` or :class:`~yarl.URL` (optional) + + :param aiohttp.BasicAuth proxy_auth: an object that represents proxy HTTP + Basic Authorization (optional) + + :param timeout: a :class:`ClientTimeout` settings structure, 300 seconds (5min) + total timeout, 30 seconds socket connect timeout by default. + + :param ssl: SSL validation mode. ``True`` for default SSL check + (:func:`ssl.create_default_context` is used), + ``False`` for skip SSL certificate validation, + :class:`aiohttp.Fingerprint` for fingerprint + validation, :class:`ssl.SSLContext` for custom SSL + certificate validation. + + Supersedes *verify_ssl*, *ssl_context* and + *fingerprint* parameters. + + :param str server_hostname: Sets or overrides the host name that the + target server's certificate will be matched against. + + See :py:meth:`asyncio.loop.create_connection` + for more information. + + :param collections.abc.Mapping proxy_headers: HTTP headers to send to the proxy + if the parameter proxy has been provided. + + :param trace_request_ctx: Object used to give as a kw param for each new + :class:`TraceConfig` object instantiated, + used to give information to the + tracers that is only available at request time. + :param int read_bufsize: Size of the read buffer (:attr:`ClientResponse.content`). ``None`` by default, it means that the session global value is used. .. versionadded:: 3.7 - :param timeout: a :class:`ClientTimeout` settings structure, 300 seconds (5min) - total timeout, 30 seconds socket connect timeout by default. + :param bool auto_decompress: Automatically decompress response body. + May be used to enable/disable auto decompression on a per-request basis. - :param loop: :ref:`event loop` - used for processing HTTP requests. - If param is ``None``, :func:`asyncio.get_event_loop` - is used for getting default event loop. + :param int max_line_size: Maximum allowed size of lines in responses. - .. deprecated:: 2.0 + :param int max_field_size: Maximum allowed size of header fields in responses. + + :param aiohttp.protocol.HttpVersion version: Request HTTP version, + ``HTTP 1.1`` by default. (optional) + + :param aiohttp.BaseConnector connector: BaseConnector sub-class + instance to support connection pooling. (optional) :return ClientResponse: a :class:`client response ` object. From 5f34c3bdd83b25b8b72d1b6b9a25546e9ee596f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Jan 2025 11:02:35 +0000 Subject: [PATCH 059/111] Bump virtualenv from 20.28.1 to 20.29.0 (#10328) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.28.1 to 20.29.0.
Release notes

Sourced from virtualenv's releases.

20.29.0

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/virtualenv/compare/20.28.1...20.29.0

Changelog

Sourced from virtualenv's changelog.

v20.29.0 (2025-01-15)

Features - 20.29.0

- Add support for selecting free-threaded Python
interpreters, e.g., `python3.13t`. (:issue:`2809`)

Bugfixes - 20.29.0

  • Upgrade embedded wheels:

    • setuptools to 75.8.0 from 75.6.0 (:issue:2823)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.28.1&new-version=20.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 4664c6a392a..bcc0597c34c 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -266,7 +266,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.28.1 +virtualenv==20.29.0 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index def1d779cf4..ae4a5e91e29 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -257,7 +257,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.28.1 +virtualenv==20.29.0 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 4652d40247c..8e330c63da2 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -102,5 +102,5 @@ uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.28.1 +virtualenv==20.29.0 # via pre-commit From de81d3b8224d0184e5d3f274bebf7f01eda1ee2b Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 19:11:05 +0000 Subject: [PATCH 060/111] [PR #10339/089e7de2 backport][3.12] Add sphinx configuration for readthedocs (#10341) Co-authored-by: J. Nick Koston --- .readthedocs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.readthedocs.yml b/.readthedocs.yml index b3edaf4b8ea..b7d8a9236f6 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -5,6 +5,10 @@ --- version: 2 +sphinx: + # Path to your Sphinx configuration file. + configuration: docs/conf.py + submodules: include: all exclude: [] From b088a2cbca34da38079b8088764b9d1ea9a6a514 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 10:04:43 -1000 Subject: [PATCH 061/111] [PR #10342/755299d0 backport][3.11] Increase allowed import time for Python 3.12+ (#10343) --- tests/test_imports.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_imports.py b/tests/test_imports.py index 5a2bb76b03c..b3f545ad900 100644 --- a/tests/test_imports.py +++ b/tests/test_imports.py @@ -38,7 +38,7 @@ def test_web___all__(pytester: pytest.Pytester) -> None: # and even slower under pytest-xdist, especially in CI _XDIST_WORKER_COUNT * 100 * (1 if _IS_CI_ENV else 1.53) if _IS_XDIST_RUN - else 265 + else 295 ), } _TARGET_TIMINGS_BY_PYTHON_VERSION["3.13"] = _TARGET_TIMINGS_BY_PYTHON_VERSION["3.12"] From 016cbaee87a90f00c9a3689457037ca98b4e2ece Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 20:19:45 +0000 Subject: [PATCH 062/111] [PR #10342/755299d0 backport][3.12] Increase allowed import time for Python 3.12+ (#10344) --- tests/test_imports.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_imports.py b/tests/test_imports.py index 5a2bb76b03c..b3f545ad900 100644 --- a/tests/test_imports.py +++ b/tests/test_imports.py @@ -38,7 +38,7 @@ def test_web___all__(pytester: pytest.Pytester) -> None: # and even slower under pytest-xdist, especially in CI _XDIST_WORKER_COUNT * 100 * (1 if _IS_CI_ENV else 1.53) if _IS_XDIST_RUN - else 265 + else 295 ), } _TARGET_TIMINGS_BY_PYTHON_VERSION["3.13"] = _TARGET_TIMINGS_BY_PYTHON_VERSION["3.12"] From 6c3f6f0dcc12937c793d5fa252e2dadffa036338 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 20:29:07 +0000 Subject: [PATCH 063/111] [PR #10339/089e7de2 backport][3.11] Add sphinx configuration for readthedocs (#10340) --- .readthedocs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.readthedocs.yml b/.readthedocs.yml index b3edaf4b8ea..b7d8a9236f6 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -5,6 +5,10 @@ --- version: 2 +sphinx: + # Path to your Sphinx configuration file. + configuration: docs/conf.py + submodules: include: all exclude: [] From 5a62ec94a1df7b4fa21fb98892bdd70e0668ff6e Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 20:36:28 +0000 Subject: [PATCH 064/111] [PR #10332/a0e64bb4 backport][3.12] Log the remote that generates request errors (#10338) --- CHANGES/10332.feature.rst | 1 + aiohttp/web_protocol.py | 8 ++++++-- tests/test_web_server.py | 36 +++++++++++++++++++++++++++--------- 3 files changed, 34 insertions(+), 11 deletions(-) create mode 100644 CHANGES/10332.feature.rst diff --git a/CHANGES/10332.feature.rst b/CHANGES/10332.feature.rst new file mode 100644 index 00000000000..e5c84adf50d --- /dev/null +++ b/CHANGES/10332.feature.rst @@ -0,0 +1 @@ +Improved logging of HTTP protocol errors to include the remote address -- by :user:`bdraco`. diff --git a/aiohttp/web_protocol.py b/aiohttp/web_protocol.py index 3306b86bded..32f503474a9 100644 --- a/aiohttp/web_protocol.py +++ b/aiohttp/web_protocol.py @@ -694,9 +694,13 @@ def handle_error( # or encrypted traffic to an HTTP port. This is expected # to happen when connected to the public internet so we log # it at the debug level as to not fill logs with noise. - self.logger.debug("Error handling request", exc_info=exc) + self.logger.debug( + "Error handling request from %s", request.remote, exc_info=exc + ) else: - self.log_exception("Error handling request", exc_info=exc) + self.log_exception( + "Error handling request from %s", request.remote, exc_info=exc + ) # some data already got sent, connection is broken if request.writer.output_size > 0: diff --git a/tests/test_web_server.py b/tests/test_web_server.py index 7b9b87a374a..910f074e90f 100644 --- a/tests/test_web_server.py +++ b/tests/test_web_server.py @@ -56,7 +56,9 @@ async def handler(request): assert txt.startswith("500 Internal Server Error") assert "Traceback" not in txt - logger.exception.assert_called_with("Error handling request", exc_info=exc) + logger.exception.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_logs_invalid_method_with_loop_debug( @@ -85,7 +87,9 @@ async def handler(request: web.BaseRequest) -> NoReturn: # on the first request since the client may # be probing for TLS/SSL support which is # expected to fail - logger.debug.assert_called_with("Error handling request", exc_info=exc) + logger.debug.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) logger.debug.reset_mock() # Now make another connection to the server @@ -99,7 +103,9 @@ async def handler(request: web.BaseRequest) -> NoReturn: # on the first request since the client may # be probing for TLS/SSL support which is # expected to fail - logger.debug.assert_called_with("Error handling request", exc_info=exc) + logger.debug.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_logs_invalid_method_without_loop_debug( @@ -128,7 +134,9 @@ async def handler(request: web.BaseRequest) -> NoReturn: # on the first request since the client may # be probing for TLS/SSL support which is # expected to fail - logger.debug.assert_called_with("Error handling request", exc_info=exc) + logger.debug.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_logs_invalid_method_second_request( @@ -159,7 +167,9 @@ async def handler(request: web.BaseRequest) -> web.Response: # BadHttpMethod should be logged as an exception # if its not the first request since we know # that the client already was speaking HTTP - logger.exception.assert_called_with("Error handling request", exc_info=exc) + logger.exception.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_logs_bad_status_line_as_exception( @@ -184,7 +194,9 @@ async def handler(request: web.BaseRequest) -> NoReturn: txt = await resp.text() assert "Traceback (most recent call last):\n" not in txt - logger.exception.assert_called_with("Error handling request", exc_info=exc) + logger.exception.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_handler_timeout( @@ -254,7 +266,9 @@ async def handler(request): txt = await resp.text() assert "Traceback (most recent call last):\n" in txt - logger.exception.assert_called_with("Error handling request", exc_info=exc) + logger.exception.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_html_exception(aiohttp_raw_server, aiohttp_client): @@ -278,7 +292,9 @@ async def handler(request): "\n" ) - logger.exception.assert_called_with("Error handling request", exc_info=exc) + logger.exception.assert_called_with( + "Error handling request from %s", cli.host, exc_info=exc + ) async def test_raw_server_html_exception_debug(aiohttp_raw_server, aiohttp_client): @@ -302,7 +318,9 @@ async def handler(request): "
Traceback (most recent call last):\n"
     )
 
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_handler_cancellation(unused_port_socket: socket.socket) -> None:

From 68e426c1684e59d54c57b707418f7b1e0587ad4b Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 11:04:50 -1000
Subject: [PATCH 065/111] [PR #10332/a0e64bb4 backport][3.11] Log the remote
 that generates request errors (#10337)

---
 CHANGES/10332.feature.rst |  1 +
 aiohttp/web_protocol.py   |  8 ++++++--
 tests/test_web_server.py  | 36 +++++++++++++++++++++++++++---------
 3 files changed, 34 insertions(+), 11 deletions(-)
 create mode 100644 CHANGES/10332.feature.rst

diff --git a/CHANGES/10332.feature.rst b/CHANGES/10332.feature.rst
new file mode 100644
index 00000000000..e5c84adf50d
--- /dev/null
+++ b/CHANGES/10332.feature.rst
@@ -0,0 +1 @@
+Improved logging of HTTP protocol errors to include the remote address -- by :user:`bdraco`.
diff --git a/aiohttp/web_protocol.py b/aiohttp/web_protocol.py
index 3306b86bded..32f503474a9 100644
--- a/aiohttp/web_protocol.py
+++ b/aiohttp/web_protocol.py
@@ -694,9 +694,13 @@ def handle_error(
             # or encrypted traffic to an HTTP port. This is expected
             # to happen when connected to the public internet so we log
             # it at the debug level as to not fill logs with noise.
-            self.logger.debug("Error handling request", exc_info=exc)
+            self.logger.debug(
+                "Error handling request from %s", request.remote, exc_info=exc
+            )
         else:
-            self.log_exception("Error handling request", exc_info=exc)
+            self.log_exception(
+                "Error handling request from %s", request.remote, exc_info=exc
+            )
 
         # some data already got sent, connection is broken
         if request.writer.output_size > 0:
diff --git a/tests/test_web_server.py b/tests/test_web_server.py
index 7b9b87a374a..910f074e90f 100644
--- a/tests/test_web_server.py
+++ b/tests/test_web_server.py
@@ -56,7 +56,9 @@ async def handler(request):
     assert txt.startswith("500 Internal Server Error")
     assert "Traceback" not in txt
 
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_logs_invalid_method_with_loop_debug(
@@ -85,7 +87,9 @@ async def handler(request: web.BaseRequest) -> NoReturn:
     # on the first request since the client may
     # be probing for TLS/SSL support which is
     # expected to fail
-    logger.debug.assert_called_with("Error handling request", exc_info=exc)
+    logger.debug.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
     logger.debug.reset_mock()
 
     # Now make another connection to the server
@@ -99,7 +103,9 @@ async def handler(request: web.BaseRequest) -> NoReturn:
     # on the first request since the client may
     # be probing for TLS/SSL support which is
     # expected to fail
-    logger.debug.assert_called_with("Error handling request", exc_info=exc)
+    logger.debug.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_logs_invalid_method_without_loop_debug(
@@ -128,7 +134,9 @@ async def handler(request: web.BaseRequest) -> NoReturn:
     # on the first request since the client may
     # be probing for TLS/SSL support which is
     # expected to fail
-    logger.debug.assert_called_with("Error handling request", exc_info=exc)
+    logger.debug.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_logs_invalid_method_second_request(
@@ -159,7 +167,9 @@ async def handler(request: web.BaseRequest) -> web.Response:
     # BadHttpMethod should be logged as an exception
     # if its not the first request since we know
     # that the client already was speaking HTTP
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_logs_bad_status_line_as_exception(
@@ -184,7 +194,9 @@ async def handler(request: web.BaseRequest) -> NoReturn:
     txt = await resp.text()
     assert "Traceback (most recent call last):\n" not in txt
 
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_handler_timeout(
@@ -254,7 +266,9 @@ async def handler(request):
     txt = await resp.text()
     assert "Traceback (most recent call last):\n" in txt
 
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_html_exception(aiohttp_raw_server, aiohttp_client):
@@ -278,7 +292,9 @@ async def handler(request):
         "\n"
     )
 
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_raw_server_html_exception_debug(aiohttp_raw_server, aiohttp_client):
@@ -302,7 +318,9 @@ async def handler(request):
         "
Traceback (most recent call last):\n"
     )
 
-    logger.exception.assert_called_with("Error handling request", exc_info=exc)
+    logger.exception.assert_called_with(
+        "Error handling request from %s", cli.host, exc_info=exc
+    )
 
 
 async def test_handler_cancellation(unused_port_socket: socket.socket) -> None:

From d3c52656eabfdb6f7c88e821a704256db4d2b256 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 21:25:34 +0000
Subject: [PATCH 066/111] Bump cherry-picker from 2.4.0 to 2.5.0 (#10336)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [cherry-picker](https://github.com/python/cherry-picker) from
2.4.0 to 2.5.0.


Release notes

Sourced from cherry-picker's
releases.




cherry-picker-v2.5.0



What's Changed



New Contributors



Full Changelog: https://github.com/python/cherry-picker/compare/cherry-picker-v2.4.0...cherry-picker-v2.5.0







Changelog

Sourced from cherry-picker's
changelog.




2.5.0








Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cherry-picker&package-manager=pip&previous-version=2.4.0&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 6 +++++-
 requirements/dev.txt         | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index bcc0597c34c..3a4b94c75e7 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -41,7 +41,7 @@ cfgv==3.4.0
     # via pre-commit
 charset-normalizer==3.4.1
     # via requests
-cherry-picker==2.4.0
+cherry-picker==2.5.0
     # via -r requirements/dev.in
 click==8.1.8
     # via
@@ -228,6 +228,10 @@ sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows"
     # via -r requirements/doc-spelling.in
 sphinxcontrib-towncrier==0.4.0a0
     # via -r requirements/doc.in
+stamina==24.3.0
+    # via cherry-picker
+tenacity==9.0.0
+    # via stamina
 tomli==2.2.1
     # via
     #   build
diff --git a/requirements/dev.txt b/requirements/dev.txt
index ae4a5e91e29..e0a34857e36 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -41,7 +41,7 @@ cfgv==3.4.0
     # via pre-commit
 charset-normalizer==3.4.1
     # via requests
-cherry-picker==2.4.0
+cherry-picker==2.5.0
     # via -r requirements/dev.in
 click==8.1.8
     # via
@@ -219,6 +219,10 @@ sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-towncrier==0.4.0a0
     # via -r requirements/doc.in
+stamina==24.3.0
+    # via cherry-picker
+tenacity==9.0.0
+    # via stamina
 tomli==2.2.1
     # via
     #   build

From 976e0a86ef710e1a1289d965668ceb486444593d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 21:26:59 +0000
Subject: [PATCH 067/111] Bump setuptools from 75.7.0 to 75.8.0 (#10320)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [setuptools](https://github.com/pypa/setuptools) from 75.7.0 to
75.8.0.


Changelog

Sourced from setuptools's
changelog.




v75.8.0


Features


    

  • Implemented Dynamic field for core metadata (as
introduced in PEP 643).
The existing implementation is currently experimental and the exact
approach
may change in future releases. (#4698)
    • 








Commits

    

  • 5c9d980
Bump version: 75.7.0 → 75.8.0
    • 

  • 72c4222
Avoid using Any in function
    • 

  • 1c61d47
Add news fragments for PEP 643
    • 

  • f285d01
Implement PEP 643 (Dynamic field for core metadata) (#4698)
    • 

  • a50f6e2
Fix _static.Dict.ior for Python 3.8
    • 

  • b055895
Add extra tests for static/dynamic metadata
    • 

  • 770b4fc
Remove test workaround for unmarked static values from
pyproject.toml
    • 

  • 8b22d73
Mark values from pyproject.toml as static
    • 

  • f699fd8
Fix spelling error
    • 

  • 8b4c8a3
Add tests for static 'attr' directive
    • 

  • Additional commits viewable in compare
view
    • 








[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=75.7.0&new-version=75.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 3a4b94c75e7..53c49012e5c 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -282,7 +282,7 @@ yarl==1.18.3
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.3.1
     # via pip-tools
-setuptools==75.7.0
+setuptools==75.8.0
     # via
     #   incremental
     #   pip-tools
diff --git a/requirements/dev.txt b/requirements/dev.txt
index e0a34857e36..c6461895361 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -273,7 +273,7 @@ yarl==1.18.3
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.3.1
     # via pip-tools
-setuptools==75.7.0
+setuptools==75.8.0
     # via
     #   incremental
     #   pip-tools
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 01941d6a212..8aad3bd4045 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -76,5 +76,5 @@ urllib3==2.3.0
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==75.7.0
+setuptools==75.8.0
     # via incremental
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 918dee7658d..d94908fb12e 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -69,5 +69,5 @@ urllib3==2.3.0
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==75.7.0
+setuptools==75.8.0
     # via incremental

From d6f0bbc7154351429420841a39f9c3cb5e0e767a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 21:27:01 +0000
Subject: [PATCH 068/111] Bump python-on-whales from 0.74.0 to 0.75.1 (#10324)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[python-on-whales](https://github.com/gabrieldemarmiesse/python-on-whales)
from 0.74.0 to 0.75.1.


Release notes

Sourced from python-on-whales's
releases.




v0.75.1


What's Changed



Full Changelog: https://github.com/gabrieldemarmiesse/python-on-whales/compare/v0.75.0...v0.75.1


v0.75.0


What's Changed



New Contributors



Full Changelog: https://github.com/gabrieldemarmiesse/python-on-whales/compare/v0.74.0...v0.75.0







Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-on-whales&package-manager=pip&previous-version=0.74.0&new-version=0.75.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 requirements/test.txt        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 53c49012e5c..cd83de715ab 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -182,7 +182,7 @@ pytest-xdist==3.6.1
     # via -r requirements/test.in
 python-dateutil==2.9.0.post0
     # via freezegun
-python-on-whales==0.74.0
+python-on-whales==0.75.1
     # via
     #   -r requirements/lint.in
     #   -r requirements/test.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index c6461895361..5e7dd758f75 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -177,7 +177,7 @@ pytest-xdist==3.6.1
     # via -r requirements/test.in
 python-dateutil==2.9.0.post0
     # via freezegun
-python-on-whales==0.74.0
+python-on-whales==0.75.1
     # via
     #   -r requirements/lint.in
     #   -r requirements/test.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 8e330c63da2..47b42f0425f 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -74,7 +74,7 @@ pytest-mock==3.14.0
     # via -r requirements/lint.in
 python-dateutil==2.9.0.post0
     # via freezegun
-python-on-whales==0.74.0
+python-on-whales==0.75.1
     # via -r requirements/lint.in
 pyyaml==6.0.2
     # via pre-commit
diff --git a/requirements/test.txt b/requirements/test.txt
index 00beee69f1e..4d101628f08 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -100,7 +100,7 @@ pytest-xdist==3.6.1
     # via -r requirements/test.in
 python-dateutil==2.9.0.post0
     # via freezegun
-python-on-whales==0.74.0
+python-on-whales==0.75.1
     # via -r requirements/test.in
 re-assert==1.1.0
     # via -r requirements/test.in

From c73c1db081a352bbcbe1300c7e7e9c0820ebf180 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 21:27:08 +0000
Subject: [PATCH 069/111] Bump virtualenv from 20.29.0 to 20.29.1 (#10335)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.29.0 to
20.29.1.


Release notes

Sourced from virtualenv's
releases.




20.29.1



What's Changed



New Contributors



Full Changelog: https://github.com/pypa/virtualenv/compare/20.29.0...20.29.1







Changelog

Sourced from virtualenv's
changelog.




v20.29.1 (2025-01-17)


Bugfixes - 20.29.1


- Fix PyInfo cache incompatbility warnings - by
:user:`robsdedude`. (:issue:`2827`)








Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.29.0&new-version=20.29.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index cd83de715ab..6ab80eb2b4e 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -270,7 +270,7 @@ uvloop==0.21.0 ; platform_system != "Windows"
     #   -r requirements/lint.in
 valkey==6.0.2
     # via -r requirements/lint.in
-virtualenv==20.29.0
+virtualenv==20.29.1
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5e7dd758f75..acb03f54aa8 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -261,7 +261,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho
     #   -r requirements/lint.in
 valkey==6.0.2
     # via -r requirements/lint.in
-virtualenv==20.29.0
+virtualenv==20.29.1
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 47b42f0425f..510b34d814e 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -102,5 +102,5 @@ uvloop==0.21.0 ; platform_system != "Windows"
     # via -r requirements/lint.in
 valkey==6.0.2
     # via -r requirements/lint.in
-virtualenv==20.29.0
+virtualenv==20.29.1
     # via pre-commit

From 9fc9ebc13dae1782bb1b3feac6a202f43c6068b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 21:37:21 +0000
Subject: [PATCH 070/111] Bump pydantic from 2.10.4 to 2.10.5 (#10319)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.10.4 to
2.10.5.


Changelog

Sourced from pydantic's
changelog.




v2.10.5 (2025-01-08)


GitHub
release


What's Changed








Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.10.4&new-version=2.10.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 requirements/test.txt        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 6ab80eb2b4e..f79b6a3ce62 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -142,7 +142,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.4
+pydantic==2.10.5
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic
diff --git a/requirements/dev.txt b/requirements/dev.txt
index acb03f54aa8..bc61e753db9 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -139,7 +139,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.4
+pydantic==2.10.5
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 510b34d814e..8c20d5baa18 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -57,7 +57,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.4
+pydantic==2.10.5
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic
diff --git a/requirements/test.txt b/requirements/test.txt
index 4d101628f08..d4f6156ff04 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -77,7 +77,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.4
+pydantic==2.10.5
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic

From bc9abe475c9c9c5f45336ef7a4c612f606149175 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Tue, 21 Jan 2025 02:56:57 +0000
Subject: [PATCH 071/111] =?UTF-8?q?[PR=20#10304/b6ffb1d1=20backport][3.11]?=
 =?UTF-8?q?=20Add=20aiohttp-openmetrics=20to=20list=20of=20third=20party?=
 =?UTF-8?q?=20aiohttp-related=20python=E2=80=A6=20(#10305)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

**This is a backport of PR #10304 as merged into master
(b6ffb1d1a3b710c600f06c9d21cf62f75d324767).**

Co-authored-by: Jelmer Vernooij 
---
 CHANGES/10304.doc.rst | 1 +
 docs/third_party.rst  | 3 +++
 2 files changed, 4 insertions(+)
 create mode 100644 CHANGES/10304.doc.rst

diff --git a/CHANGES/10304.doc.rst b/CHANGES/10304.doc.rst
new file mode 100644
index 00000000000..cedac3ef881
--- /dev/null
+++ b/CHANGES/10304.doc.rst
@@ -0,0 +1 @@
+Added ``aiohttp-openmetrics`` to list of third-party libraries -- by :user:`jelmer`.
diff --git a/docs/third_party.rst b/docs/third_party.rst
index e8095c7f09d..145a505a5de 100644
--- a/docs/third_party.rst
+++ b/docs/third_party.rst
@@ -305,3 +305,6 @@ ask to raise the status.
 
 - `aiohttp-asgi-connector `_
   An aiohttp connector for using a ``ClientSession`` to interface directly with separate ASGI applications.
+
+- `aiohttp-openmetrics `_
+  An aiohttp middleware for exposing Prometheus metrics.

From ac895b8830a91dec625edf5b1293b8884c5f8956 Mon Sep 17 00:00:00 2001
From: Cycloctane 
Date: Tue, 21 Jan 2025 10:57:27 +0800
Subject: [PATCH 072/111] [PR #10300/3d06cc1][3.11] Use kwargs in
 aiohttp.client.request (#10303)

(cherry picked from commit 3d06cc14ad82ce4c207449b593955c23bd5e4d88)
---
 CHANGES/10300.feature.rst       |   2 +
 aiohttp/client.py               | 178 ++++++++++++++------------------
 docs/spelling_wordlist.txt      |   2 +
 tests/test_client_functional.py |  16 +++
 4 files changed, 96 insertions(+), 102 deletions(-)
 create mode 100644 CHANGES/10300.feature.rst

diff --git a/CHANGES/10300.feature.rst b/CHANGES/10300.feature.rst
new file mode 100644
index 00000000000..3632c3d41a7
--- /dev/null
+++ b/CHANGES/10300.feature.rst
@@ -0,0 +1,2 @@
+Update :py:func:`~aiohttp.request` to make it accept ``_RequestOptions`` kwargs.
+-- by :user:`Cycloctane`.
diff --git a/aiohttp/client.py b/aiohttp/client.py
index 3b1dc08544f..7c788e825eb 100644
--- a/aiohttp/client.py
+++ b/aiohttp/client.py
@@ -1471,106 +1471,80 @@ async def __aexit__(
         await self._session.close()
 
 
-def request(
-    method: str,
-    url: StrOrURL,
-    *,
-    params: Query = None,
-    data: Any = None,
-    json: Any = None,
-    headers: Optional[LooseHeaders] = None,
-    skip_auto_headers: Optional[Iterable[str]] = None,
-    auth: Optional[BasicAuth] = None,
-    allow_redirects: bool = True,
-    max_redirects: int = 10,
-    compress: Optional[str] = None,
-    chunked: Optional[bool] = None,
-    expect100: bool = False,
-    raise_for_status: Optional[bool] = None,
-    read_until_eof: bool = True,
-    proxy: Optional[StrOrURL] = None,
-    proxy_auth: Optional[BasicAuth] = None,
-    timeout: Union[ClientTimeout, object] = sentinel,
-    cookies: Optional[LooseCookies] = None,
-    version: HttpVersion = http.HttpVersion11,
-    connector: Optional[BaseConnector] = None,
-    read_bufsize: Optional[int] = None,
-    loop: Optional[asyncio.AbstractEventLoop] = None,
-    max_line_size: int = 8190,
-    max_field_size: int = 8190,
-) -> _SessionRequestContextManager:
-    """Constructs and sends a request.
-
-    Returns response object.
-    method - HTTP method
-    url - request url
-    params - (optional) Dictionary or bytes to be sent in the query
-      string of the new request
-    data - (optional) Dictionary, bytes, or file-like object to
-      send in the body of the request
-    json - (optional) Any json compatible python object
-    headers - (optional) Dictionary of HTTP Headers to send with
-      the request
-    cookies - (optional) Dict object to send with the request
-    auth - (optional) BasicAuth named tuple represent HTTP Basic Auth
-    auth - aiohttp.helpers.BasicAuth
-    allow_redirects - (optional) If set to False, do not follow
-      redirects
-    version - Request HTTP version.
-    compress - Set to True if request has to be compressed
-       with deflate encoding.
-    chunked - Set to chunk size for chunked transfer encoding.
-    expect100 - Expect 100-continue response from server.
-    connector - BaseConnector sub-class instance to support
-       connection pooling.
-    read_until_eof - Read response until eof if response
-       does not have Content-Length header.
-    loop - Optional event loop.
-    timeout - Optional ClientTimeout settings structure, 5min
-       total timeout by default.
-    Usage::
-      >>> import aiohttp
-      >>> resp = await aiohttp.request('GET', 'http://python.org/')
-      >>> resp
-      
-      >>> data = await resp.read()
-    """
-    connector_owner = False
-    if connector is None:
-        connector_owner = True
-        connector = TCPConnector(loop=loop, force_close=True)
-
-    session = ClientSession(
-        loop=loop,
-        cookies=cookies,
-        version=version,
-        timeout=timeout,
-        connector=connector,
-        connector_owner=connector_owner,
-    )
+if sys.version_info >= (3, 11) and TYPE_CHECKING:
 
-    return _SessionRequestContextManager(
-        session._request(
-            method,
-            url,
-            params=params,
-            data=data,
-            json=json,
-            headers=headers,
-            skip_auto_headers=skip_auto_headers,
-            auth=auth,
-            allow_redirects=allow_redirects,
-            max_redirects=max_redirects,
-            compress=compress,
-            chunked=chunked,
-            expect100=expect100,
-            raise_for_status=raise_for_status,
-            read_until_eof=read_until_eof,
-            proxy=proxy,
-            proxy_auth=proxy_auth,
-            read_bufsize=read_bufsize,
-            max_line_size=max_line_size,
-            max_field_size=max_field_size,
-        ),
-        session,
-    )
+    def request(
+        method: str,
+        url: StrOrURL,
+        *,
+        version: HttpVersion = http.HttpVersion11,
+        connector: Optional[BaseConnector] = None,
+        loop: Optional[asyncio.AbstractEventLoop] = None,
+        **kwargs: Unpack[_RequestOptions],
+    ) -> _SessionRequestContextManager: ...
+
+else:
+
+    def request(
+        method: str,
+        url: StrOrURL,
+        *,
+        version: HttpVersion = http.HttpVersion11,
+        connector: Optional[BaseConnector] = None,
+        loop: Optional[asyncio.AbstractEventLoop] = None,
+        **kwargs: Any,
+    ) -> _SessionRequestContextManager:
+        """Constructs and sends a request.
+
+        Returns response object.
+        method - HTTP method
+        url - request url
+        params - (optional) Dictionary or bytes to be sent in the query
+        string of the new request
+        data - (optional) Dictionary, bytes, or file-like object to
+        send in the body of the request
+        json - (optional) Any json compatible python object
+        headers - (optional) Dictionary of HTTP Headers to send with
+        the request
+        cookies - (optional) Dict object to send with the request
+        auth - (optional) BasicAuth named tuple represent HTTP Basic Auth
+        auth - aiohttp.helpers.BasicAuth
+        allow_redirects - (optional) If set to False, do not follow
+        redirects
+        version - Request HTTP version.
+        compress - Set to True if request has to be compressed
+        with deflate encoding.
+        chunked - Set to chunk size for chunked transfer encoding.
+        expect100 - Expect 100-continue response from server.
+        connector - BaseConnector sub-class instance to support
+        connection pooling.
+        read_until_eof - Read response until eof if response
+        does not have Content-Length header.
+        loop - Optional event loop.
+        timeout - Optional ClientTimeout settings structure, 5min
+        total timeout by default.
+        Usage::
+        >>> import aiohttp
+        >>> async with aiohttp.request('GET', 'http://python.org/') as resp:
+        ...    print(resp)
+        ...    data = await resp.read()
+        
+        """
+        connector_owner = False
+        if connector is None:
+            connector_owner = True
+            connector = TCPConnector(loop=loop, force_close=True)
+
+        session = ClientSession(
+            loop=loop,
+            cookies=kwargs.pop("cookies", None),
+            version=version,
+            timeout=kwargs.pop("timeout", sentinel),
+            connector=connector,
+            connector_owner=connector_owner,
+        )
+
+        return _SessionRequestContextManager(
+            session._request(method, url, **kwargs),
+            session,
+        )
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index c4e10b44987..3e41af824e4 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -13,6 +13,7 @@ app
 app’s
 apps
 arg
+args
 Arsenic
 async
 asyncio
@@ -169,6 +170,7 @@ keepaliving
 kib
 KiB
 kwarg
+kwargs
 latin
 lifecycle
 linux
diff --git a/tests/test_client_functional.py b/tests/test_client_functional.py
index 05af9ae25ad..ba75e8e93c6 100644
--- a/tests/test_client_functional.py
+++ b/tests/test_client_functional.py
@@ -3382,6 +3382,22 @@ async def handler(request: web.Request) -> web.Response:
     await server.close()
 
 
+async def test_aiohttp_request_ssl(
+    aiohttp_server: AiohttpServer,
+    ssl_ctx: ssl.SSLContext,
+    client_ssl_ctx: ssl.SSLContext,
+) -> None:
+    async def handler(request: web.Request) -> web.Response:
+        return web.Response()
+
+    app = web.Application()
+    app.router.add_get("/", handler)
+    server = await aiohttp_server(app, ssl=ssl_ctx)
+
+    async with aiohttp.request("GET", server.make_url("/"), ssl=client_ssl_ctx) as resp:
+        assert resp.status == 200
+
+
 async def test_yield_from_in_session_request(aiohttp_client: AiohttpClient) -> None:
     # a test for backward compatibility with yield from syntax
     async def handler(request):

From 76a026f9113502e5b77832771918d71907f153be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Jan 2025 10:53:18 +0000
Subject: [PATCH 073/111] Bump pre-commit from 4.0.1 to 4.1.0 (#10346)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.0.1
to 4.1.0.


Release notes

Sourced from pre-commit's
releases.




pre-commit v4.1.0


Features



Fixes








Changelog

Sourced from pre-commit's
changelog.




4.1.0 - 2025-01-20


Features



Fixes








Commits

    

  • b152e92
v4.1.0
    • 

  • c3125a4
Merge pull request #3389
from lorenzwalthert/dev-always-unset-renv
    • 

  • c2c061c
fix: ensure env patch is applied for vanilla emulation
    • 

  • cd429db
Merge pull request #3382
from pre-commit/pre-commit-ci-update-config
    • 

  • 9b9f8e2
[pre-commit.ci] pre-commit autoupdate
    • 

  • 86300a4
Merge pull request #3376
from pre-commit/r-gone
    • 

  • 77edad8
install r on ubuntu runners
    • 

  • 18b3939
Merge pull request #3375
from pre-commit/dotnet-tests-ubuntu-latest
    • 

  • 31cb945
Merge pull request #3374
from pre-commit/docker-image-tests-ubuntu-22-not-pre...
    • 

  • 28c3d81
update .net tests to use .net 8
    • 

  • Additional commits viewable in compare
view
    • 








[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pre-commit&package-manager=pip&previous-version=4.0.1&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index f79b6a3ce62..3ee444267f3 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -130,7 +130,7 @@ platformdirs==4.3.6
     # via virtualenv
 pluggy==1.5.0
     # via pytest
-pre-commit==4.0.1
+pre-commit==4.1.0
     # via -r requirements/lint.in
 propcache==0.2.1
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index bc61e753db9..ec9daddbe35 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -127,7 +127,7 @@ platformdirs==4.3.6
     # via virtualenv
 pluggy==1.5.0
     # via pytest
-pre-commit==4.0.1
+pre-commit==4.1.0
     # via -r requirements/lint.in
 propcache==0.2.1
     # via
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 8c20d5baa18..e2d26683d30 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -51,7 +51,7 @@ platformdirs==4.3.6
     # via virtualenv
 pluggy==1.5.0
     # via pytest
-pre-commit==4.0.1
+pre-commit==4.1.0
     # via -r requirements/lint.in
 pycares==4.5.0
     # via aiodns

From 06e4d51e59cea31e5c9e923dc1c2313744a16c27 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Jan 2025 10:58:16 +0000
Subject: [PATCH 074/111] Bump identify from 2.6.5 to 2.6.6 (#10347)

Bumps [identify](https://github.com/pre-commit/identify) from 2.6.5 to
2.6.6.


Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.5&new-version=2.6.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 3ee444267f3..7a3e1866f4e 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -82,7 +82,7 @@ gidgethub==5.3.0
     # via cherry-picker
 gunicorn==23.0.0
     # via -r requirements/base.in
-identify==2.6.5
+identify==2.6.6
     # via pre-commit
 idna==3.3
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec9daddbe35..cf3b7b2f7e5 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -80,7 +80,7 @@ gidgethub==5.3.0
     # via cherry-picker
 gunicorn==23.0.0
     # via -r requirements/base.in
-identify==2.6.5
+identify==2.6.6
     # via pre-commit
 idna==3.4
     # via
diff --git a/requirements/lint.txt b/requirements/lint.txt
index e2d26683d30..5a9793e11e5 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -29,7 +29,7 @@ filelock==3.16.1
     # via virtualenv
 freezegun==1.5.1
     # via -r requirements/lint.in
-identify==2.6.5
+identify==2.6.6
     # via pre-commit
 idna==3.7
     # via trustme

From 3c5de4610175f2a00139317f8e70c7fd2b1675b7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Jan 2025 10:55:09 +0000
Subject: [PATCH 075/111] Bump filelock from 3.16.1 to 3.17.0 (#10351)

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.16.1 to
3.17.0.


Release notes

Sourced from filelock's
releases.




Drop 3.8



Full Changelog: https://github.com/tox-dev/filelock/compare/3.16.1...3.17.0







Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.16.1&new-version=3.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 7a3e1866f4e..aed5148bd29 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -68,7 +68,7 @@ exceptiongroup==1.2.2
     # via pytest
 execnet==2.1.1
     # via pytest-xdist
-filelock==3.16.1
+filelock==3.17.0
     # via virtualenv
 freezegun==1.5.1
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index cf3b7b2f7e5..1064cfc151b 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -66,7 +66,7 @@ exceptiongroup==1.2.2
     # via pytest
 execnet==2.1.1
     # via pytest-xdist
-filelock==3.16.1
+filelock==3.17.0
     # via virtualenv
 freezegun==1.5.1
     # via
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 5a9793e11e5..ad34c33a885 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -25,7 +25,7 @@ distlib==0.3.9
     # via virtualenv
 exceptiongroup==1.2.2
     # via pytest
-filelock==3.16.1
+filelock==3.17.0
     # via virtualenv
 freezegun==1.5.1
     # via -r requirements/lint.in

From a120800a6c27a8cb1b420cddf03fe53473472ade Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 22 Jan 2025 14:22:45 +0000
Subject: [PATCH 076/111] [PR #10330/d3dc087b backport][3.12] Start building
 riscv64 platform wheels in CI/CD (#10354)

**This is a backport of PR #10330 as merged into master
(d3dc087b8e9aa665d47045550e5d9f2eddf8f512).**

Co-authored-by: E Shattow 
---
 .github/workflows/ci-cd.yml | 2 ++
 CHANGES/10330.packaging.rst | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 CHANGES/10330.packaging.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 93d1ddded65..d471f5658f6 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -355,6 +355,8 @@ jobs:
           qemu: aarch64
         - os: ubuntu
           qemu: ppc64le
+        - os: ubuntu
+          qemu: riscv64
         - os: ubuntu
           qemu: s390x
     steps:
diff --git a/CHANGES/10330.packaging.rst b/CHANGES/10330.packaging.rst
new file mode 100644
index 00000000000..c159cf3a57d
--- /dev/null
+++ b/CHANGES/10330.packaging.rst
@@ -0,0 +1 @@
+Started publishing ``riscv64`` wheels -- by :user:`eshattow`.

From 7bac47eff1b9e29e71577f982061094edad5a02b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Jan 2025 10:40:29 +0000
Subject: [PATCH 077/111] Bump attrs from 24.3.0 to 25.1.0 (#10364)

Bumps [attrs](https://github.com/sponsors/hynek) from 24.3.0 to 25.1.0.


Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=attrs&package-manager=pip&previous-version=24.3.0&new-version=25.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/base.txt         | 2 +-
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/runtime-deps.txt | 2 +-
 requirements/test.txt         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 990179d8b17..ddd4e082f20 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -12,7 +12,7 @@ aiosignal==1.3.2
     # via -r requirements/runtime-deps.in
 async-timeout==5.0.1 ; python_version < "3.11"
     # via -r requirements/runtime-deps.in
-attrs==24.3.0
+attrs==25.1.0
     # via -r requirements/runtime-deps.in
 brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index aed5148bd29..4d2e2fa5c31 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -22,7 +22,7 @@ async-timeout==5.0.1 ; python_version < "3.11"
     # via
     #   -r requirements/runtime-deps.in
     #   valkey
-attrs==24.3.0
+attrs==25.1.0
     # via -r requirements/runtime-deps.in
 babel==2.16.0
     # via sphinx
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 1064cfc151b..e3de751d397 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -22,7 +22,7 @@ async-timeout==5.0.1 ; python_version < "3.11"
     # via
     #   -r requirements/runtime-deps.in
     #   valkey
-attrs==24.3.0
+attrs==25.1.0
     # via -r requirements/runtime-deps.in
 babel==2.16.0
     # via sphinx
diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt
index 7fb7ffb3589..fcc9a417a1a 100644
--- a/requirements/runtime-deps.txt
+++ b/requirements/runtime-deps.txt
@@ -12,7 +12,7 @@ aiosignal==1.3.2
     # via -r requirements/runtime-deps.in
 async-timeout==5.0.1 ; python_version < "3.11"
     # via -r requirements/runtime-deps.in
-attrs==24.3.0
+attrs==25.1.0
     # via -r requirements/runtime-deps.in
 brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
diff --git a/requirements/test.txt b/requirements/test.txt
index d4f6156ff04..691b1c74b8f 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -14,7 +14,7 @@ annotated-types==0.7.0
     # via pydantic
 async-timeout==5.0.1 ; python_version < "3.11"
     # via -r requirements/runtime-deps.in
-attrs==24.3.0
+attrs==25.1.0
     # via -r requirements/runtime-deps.in
 brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in

From b5c141570ed20ed35c755b46d7d2f1737d1ba6bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Jan 2025 10:44:50 +0000
Subject: [PATCH 078/111] Bump pip from 24.3.1 to 25.0 (#10365)

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.


Changelog

Sourced from pip's
changelog.




25.0 (2025-01-26)


Deprecations and Removals


    

  • Deprecate the no-python-version-warning flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
([#13154](https://github.com/pypa/pip/issues/13154)
<https://github.com/pypa/pip/issues/13154>_)
    • 



Features


    

  • Prefer to display :pep:639
License-Expression in pip show if metadata
version is at least 2.4.
([#13112](https://github.com/pypa/pip/issues/13112)
<https://github.com/pypa/pip/issues/13112>_)
    • 

  • Support :pep:639 License-Expression and
License-File metadata fields in JSON
output. pip inspect and pip install --report
now emit
license_expression and license_file fields in
the metadata object,
if the corresponding fields are present in the installed
METADATA file.
([#13134](https://github.com/pypa/pip/issues/13134)
<https://github.com/pypa/pip/issues/13134>_)
    • 

  • Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
([#11012](https://github.com/pypa/pip/issues/11012)
<https://github.com/pypa/pip/issues/11012>_)
    • 

  • Return the size, along with the number, of files cleared on
pip cache purge and pip cache remove
([#12176](https://github.com/pypa/pip/issues/12176)
<https://github.com/pypa/pip/issues/12176>_)
    • 

  • Cache python-requires checks while filtering potential
installation candidates.
([#13128](https://github.com/pypa/pip/issues/13128)
<https://github.com/pypa/pip/issues/13128>_)
    • 

  • Optimize package collection by avoiding unnecessary URL parsing and
other processing.
([#13132](https://github.com/pypa/pip/issues/13132)
<https://github.com/pypa/pip/issues/13132>_)
    • 



Bug Fixes


    

  • Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
([#12771](https://github.com/pypa/pip/issues/12771)
<https://github.com/pypa/pip/issues/12771>_)
    • 

  • The pip version self check is disabled on
EXTERNALLY-MANAGED environments.
([#11820](https://github.com/pypa/pip/issues/11820)
<https://github.com/pypa/pip/issues/11820>_)
    • 

  • Fix a security bug allowing a specially crafted wheel to execute
code during
installation. ([#13079](https://github.com/pypa/pip/issues/13079)
<https://github.com/pypa/pip/issues/13079>_)
    • 

  • The inclusion of packaging 24.2 changes how pre-release
specifiers with < and >
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <2.0dev can include
1.0rc1). To avoid
implying pre-releases, avoid specifying them (e.g., use
<2.0).
The exception is !=, which never implies pre-releases.
([#13163](https://github.com/pypa/pip/issues/13163)
<https://github.com/pypa/pip/issues/13163>_)
    • 

  • The --cert and --client-cert command-line
options are now respected while
installing build dependencies. Consequently, the private
_PIP_STANDALONE_CERT
environment variable is no longer used.
([#5502](https://github.com/pypa/pip/issues/5502)
<https://github.com/pypa/pip/issues/5502>_)
    • 

  • The --proxy command-line option is now respected while
installing build dependencies.
([#6018](https://github.com/pypa/pip/issues/6018)
<https://github.com/pypa/pip/issues/6018>_)
    • 



Vendored Libraries


    

  • Upgrade CacheControl to 0.14.1
    • 

  • Upgrade idna to 3.10
    • 

  • Upgrade msgpack to 1.1.0
    • 

  • Upgrade packaging to 24.2
    • 






... (truncated)





Commits

    

  • f47b587
Bump for release
    • 

  • 74a7f33
Update AUTHORS.txt
    • 

  • a008888
Merge pull request #13171 from
pypa/dependabot/github_actions/github-actions-...
    • 

  • d265fb7
Merge pull request #13174 from
ichard26/changelog
    • 

  • d35384e
Copyedit news entries before 25.0
    • 

  • adc4f99
Reorder requirements file decoding (#12795)
    • 

  • 40c4214
Bump pypa/gh-action-pypi-publish in the github-actions group
    • 

  • 6b0fb90
Merge pull request #13048 from
sbidoul/trusted-publisher-sbi
    • 

  • c7fb1e1
Merge pull request #13145 from
befeleme/pip-show-pep639
    • 

  • 41c807c
Show License-Expression if present in package metadata
    • 

  • Additional commits viewable in compare
view
    • 








[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 4d2e2fa5c31..32bfe2d3ea9 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -280,7 +280,7 @@ yarl==1.18.3
     # via -r requirements/runtime-deps.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==24.3.1
+pip==25.0
     # via pip-tools
 setuptools==75.8.0
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index e3de751d397..f45999ed5cf 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -271,7 +271,7 @@ yarl==1.18.3
     # via -r requirements/runtime-deps.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==24.3.1
+pip==25.0
     # via pip-tools
 setuptools==75.8.0
     # via

From c990568c8b29e5b677c71fde167ae03a7e93783b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Jan 2025 10:57:02 +0000
Subject: [PATCH 079/111] Bump pydantic from 2.10.5 to 2.10.6 (#10357)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.10.5 to
2.10.6.


Release notes

Sourced from pydantic's
releases.




v2.10.6 2025-01-23


What's Changed


Fixes



Full Changelog: https://github.com/pydantic/pydantic/compare/v2.10.5...v2.10.6







Changelog

Sourced from pydantic's
changelog.




v2.10.6 (2025-01-23)


GitHub
release


What's Changed


Fixes








Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.10.5&new-version=2.10.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 requirements/test.txt        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 32bfe2d3ea9..0cd05bd7cb8 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -142,7 +142,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.5
+pydantic==2.10.6
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic
diff --git a/requirements/dev.txt b/requirements/dev.txt
index f45999ed5cf..4fed3549612 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -139,7 +139,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.5
+pydantic==2.10.6
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic
diff --git a/requirements/lint.txt b/requirements/lint.txt
index ad34c33a885..821cf156e76 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -57,7 +57,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.5
+pydantic==2.10.6
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic
diff --git a/requirements/test.txt b/requirements/test.txt
index 691b1c74b8f..058eb3d0c72 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -77,7 +77,7 @@ pycares==4.5.0
     # via aiodns
 pycparser==2.22
     # via cffi
-pydantic==2.10.5
+pydantic==2.10.6
     # via python-on-whales
 pydantic-core==2.27.2
     # via pydantic

From db2a367b718e9228946c6e456333bc9e7e268e6d Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 29 Jan 2025 16:21:49 +0000
Subject: [PATCH 080/111] [PR #10366/3fb2c8df backport][3.12] Fix sdist make
 (#10368)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

**This is a backport of PR #10366 as merged into master
(3fb2c8dfcc8f52089cb48a1136d3e569d1ac73ff).**

Co-authored-by: Michał Górny 
---
 CHANGES/10366.packaging | 2 ++
 MANIFEST.in             | 1 +
 Makefile                | 3 +++
 tools/gen.py            | 2 +-
 4 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/10366.packaging

diff --git a/CHANGES/10366.packaging b/CHANGES/10366.packaging
new file mode 100644
index 00000000000..f0e9f62095a
--- /dev/null
+++ b/CHANGES/10366.packaging
@@ -0,0 +1,2 @@
+Added missing files to the source distribution to fix ``Makefile`` targets.
+Added a ``cythonize-nodeps`` target to run Cython without invoking pip to install dependencies.
diff --git a/MANIFEST.in b/MANIFEST.in
index d7c5cef6aad..64cee139a1f 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -7,6 +7,7 @@ graft aiohttp
 graft docs
 graft examples
 graft tests
+graft tools
 graft requirements
 recursive-include vendor *
 global-include aiohttp *.pyi
diff --git a/Makefile b/Makefile
index b0a3ef3226b..c6193fea9e4 100644
--- a/Makefile
+++ b/Makefile
@@ -81,6 +81,9 @@ generate-llhttp: .llhttp-gen
 .PHONY: cythonize
 cythonize: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c
 
+.PHONY: cythonize-nodeps
+cythonize-nodeps: $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c
+
 .install-deps: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c $(call to-hash,$(CYS) $(REQS))
 	@python -m pip install -r requirements/dev.in -c requirements/dev.txt
 	@touch .install-deps
diff --git a/tools/gen.py b/tools/gen.py
index ab2b39a2df0..24fb71bdd9d 100755
--- a/tools/gen.py
+++ b/tools/gen.py
@@ -7,7 +7,7 @@
 import multidict
 
 ROOT = pathlib.Path.cwd()
-while ROOT.parent != ROOT and not (ROOT / ".git").exists():
+while ROOT.parent != ROOT and not (ROOT / "pyproject.toml").exists():
     ROOT = ROOT.parent
 
 

From 3ef5f00f4cb4b4f7b2d6080485b399207c6a525f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 31 Jan 2025 11:04:45 +0000
Subject: [PATCH 081/111] Bump certifi from 2024.12.14 to 2025.1.31 (#10370)

Bumps [certifi](https://github.com/certifi/python-certifi) from
2024.12.14 to 2025.1.31.


Commits







[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2024.12.14&new-version=2025.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 0cd05bd7cb8..d47696d8709 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -30,7 +30,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
 build==1.2.2.post1
     # via pip-tools
-certifi==2024.12.14
+certifi==2025.1.31
     # via requests
 cffi==1.17.1
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 4fed3549612..c496d9403bc 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -30,7 +30,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
 build==1.2.2.post1
     # via pip-tools
-certifi==2024.12.14
+certifi==2025.1.31
     # via requests
 cffi==1.17.1
     # via
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 8aad3bd4045..1a51f608fd4 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -10,7 +10,7 @@ alabaster==1.0.0
     # via sphinx
 babel==2.16.0
     # via sphinx
-certifi==2024.12.14
+certifi==2025.1.31
     # via requests
 charset-normalizer==3.4.1
     # via requests
diff --git a/requirements/doc.txt b/requirements/doc.txt
index d94908fb12e..a6fb751909d 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -10,7 +10,7 @@ alabaster==1.0.0
     # via sphinx
 babel==2.16.0
     # via sphinx
-certifi==2024.12.14
+certifi==2025.1.31
     # via requests
 charset-normalizer==3.4.1
     # via requests

From 3ddced79dadc4e83606408ab3b1d86392019054e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Feb 2025 11:00:48 +0000
Subject: [PATCH 082/111] Bump babel from 2.16.0 to 2.17.0 (#10374)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [babel](https://github.com/python-babel/babel) from 2.16.0 to
2.17.0.


Release notes

Sourced from babel's
releases.




v2.17.0


Happy 2025! This release is being made from FOSDEM 2025, in Brussels,
Belgium. 🇧🇪


Thank you to all contributors, new and old, and here's to another
great year of internationalization and localization!




The changelog below is auto-generated by GitHub.


Please see CHANGELOG.rst
for additional details.




What's Changed



New Contributors






... (truncated)





Changelog

Sourced from babel's
changelog.




Version 2.17.0


Happy 2025! This release is being made from FOSDEM 2025, in Brussels,
Belgium.


Thank you to all contributors, new and old,
and here's to another great year of internationalization and
localization!


Features



* CLDR: Babel now uses CLDR 46, by @tomasr8 in :gh:`1145`
* Dates: Allow specifying an explicit format in parse_date/parse_time by
@tomasr8 in :gh:`1131`
* Dates: More alternate characters are now supported by
`format_skeleton`. By @tomasr8 in :gh:`1122`
* Dates: Support short and narrow formats for format_timedelta when
using `add_direction`, by @akx in :gh:`1163`
* Messages: .po files now enclose white spaces in filenames like GNU
gettext does. By @Dunedan in :gh:`1105`, and @tomasr8 in :gh:`1120`
* Messages: Initial support for `Message.python_brace_format`, by
@tomasr8 in :gh:`1169`
* Numbers: LC_MONETARY is now preferred when formatting currencies, by
@akx in :gh:`1173`

Bugfixes




    

  • Dates: Make seconds optional in parse_time time formats
by @​tomasr8 in
:gh:1141
    • 

  • Dates: Replace str.index with str.find by
@​tomasr8 in
:gh:1130
    • 

  • Dates: Strip extra leading slashes in /etc/localtime by
@​akx in
:gh:1165
    • 

  • Dates: Week numbering and formatting of dates with week numbers was
repaired by @​jun66j5 in
:gh:1179
    • 

  • General: Improve handling for locale=None by @​akx in
:gh:1164
    • 

  • General: Remove redundant assignment in
Catalog.__setitem__ by @​tomasr8 in
:gh:1167
    • 

  • Messages: Fix extracted lineno with nested calls, by @​dylankiss in
:gh:1126
    • 

  • Messages: Fix of list index out of range when translations is empty,
by @​gabe-sherman
in :gh:1135
    • 

  • Messages: Fix the way obsolete messages are stored by @​tomasr8 in
:gh:1132
    • 

  • Messages: Simplify read_mo logic regarding
catalog.charset by @​tomasr8 in
:gh:1148
    • 

  • Messages: Use the first matching method & options, rather than
first matching method & last options, by @​jpmckinney in
:gh:1121
    • 



Deprecation and compatibility



* Dates: Fix deprecation warnings for `datetime.utcnow()` by @tomasr8 in
:gh:`1119`
* Docs: Adjust docs/conf.py to add compatibility with sphinx 8 by
@hrnciar in :gh:`1155`
* General: Import `Literal` from the typing module by @tomasr8 in
:gh:`1175`
* General: Replace `OrderedDict` with just `dict` by @tomasr8 in
:gh:`1149`
* Messages: Mark `wraptext` deprecated; use `TextWrapper` directly in
`write_po` by @akx in :gh:`1140`

Infrastructure



* Add tzdata as dev dependency and sync with tox.ini by @wandrew004 in
:gh:`1159`
* Duplicate test code was deleted by @mattdiaz007 in :gh:`1138`
* Increase test coverage of the `python_format` checker by @tomasr8 in
:gh:`1176`
* Small cleanups by @akx in :gh:`1160`, :gh:`1166`, :gh:`1170` and
:gh:`1172`
&lt;/tr&gt;&lt;/table&gt;
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a
href="https://github.com/python-babel/babel/commit/b50a1d2186c20f3359f7e10853d2b2225a46ed40"><code>b50a1d2</code></a>
Prepare for 2.17.0 (<a
href="https://redirect.github.com/python-babel/babel/issues/1182">#1182</a>)</li>
<li><a
href="https://github.com/python-babel/babel/commit/5f117b2689573aa98acc8a47108c49b99f4d1394"><code>5f117b2</code></a>
Increase test coverage of the <code>python_format</code>
checker (<a
href="https://redirect.github.com/python-babel/babel/issues/1176">#1176</a>)</li>
<li><a
href="https://github.com/python-babel/babel/commit/363ad7531fb5dcdc3e9844573592b0b44afb914b"><code>363ad75</code></a>
Fix dates formatting <code>Y</code>,
<code>w</code> and <code>W</code> symbols for
week-numbering (<a
href="https://redirect.github.com/python-babel/babel/issues/1179">#1179</a>)</li>
<li><a
href="https://github.com/python-babel/babel/commit/e9c3ef8d0de3080ca59f7f8dbabf9b52983adc7d"><code>e9c3ef8</code></a>
Merge pull request <a
href="https://redirect.github.com/python-babel/babel/issues/1173">#1173</a>
from python-babel/lc-monetary-2</li>
<li><a
href="https://github.com/python-babel/babel/commit/56ef7c7f578a904917464c187e399abb762bd5e3"><code>56ef7c7</code></a>
Prefer LC_MONETARY when formatting currency</li>
<li><a
href="https://github.com/python-babel/babel/commit/aee6d698b541dc50439280d7e093092cc0d4b832"><code>aee6d69</code></a>
<code>default_locale</code>: support multiple
keys</li>
<li><a
href="https://github.com/python-babel/babel/commit/2d8a808864d1aae5d3d02d4f95917c79740c5d35"><code>2d8a808</code></a>
Import <code>Literal</code> &amp;
<code>TypedDict</code> from the typing module (<a
href="https://redirect.github.com/python-babel/babel/issues/1175">#1175</a>)</li>
<li><a
href="https://github.com/python-babel/babel/commit/98b9562c05e5276038c27ec12c12f3e92dc027b6"><code>98b9562</code></a>
Add basic support for
<code>Message.python_brace_format</code> (<a
href="https://redirect.github.com/python-babel/babel/issues/1169">#1169</a>)</li>
<li><a
href="https://github.com/python-babel/babel/commit/0c1091c9de9543e30bc4b845eb10b5bf84516d7b"><code>0c1091c</code></a>
Small test cleanup (<a
href="https://redirect.github.com/python-babel/babel/issues/1172">#1172</a>)</li>
<li><a
href="https://github.com/python-babel/babel/commit/db4879136a7fbcef475f26b75dbdd65d0ce488f9"><code>db48791</code></a>
Merge pull request <a
href="https://redirect.github.com/python-babel/babel/issues/1170">#1170</a>
from python-babel/small-cleanup</li>
<li>Additional commits viewable in <a
href="https://github.com/python-babel/babel/compare/v2.16.0...v2.17.0">compare
view</a></li>
</ul>
</details>

<br />




[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=babel&package-manager=pip&previous-version=2.16.0&new-version=2.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index d47696d8709..517f98e6f27 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -24,7 +24,7 @@ async-timeout==5.0.1 ; python_version < "3.11"
     #   valkey
 attrs==25.1.0
     # via -r requirements/runtime-deps.in
-babel==2.16.0
+babel==2.17.0
     # via sphinx
 brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index c496d9403bc..26c5779c783 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -24,7 +24,7 @@ async-timeout==5.0.1 ; python_version < "3.11"
     #   valkey
 attrs==25.1.0
     # via -r requirements/runtime-deps.in
-babel==2.16.0
+babel==2.17.0
     # via sphinx
 brotli==1.1.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 1a51f608fd4..4be7358fe8d 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -8,7 +8,7 @@ aiohttp-theme==0.1.7
     # via -r requirements/doc.in
 alabaster==1.0.0
     # via sphinx
-babel==2.16.0
+babel==2.17.0
     # via sphinx
 certifi==2025.1.31
     # via requests
diff --git a/requirements/doc.txt b/requirements/doc.txt
index a6fb751909d..8324f007e3a 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -8,7 +8,7 @@ aiohttp-theme==0.1.7
     # via -r requirements/doc.in
 alabaster==1.0.0
     # via sphinx
-babel==2.16.0
+babel==2.17.0
     # via sphinx
 certifi==2025.1.31
     # via requests

From 822c50457efee0e1f39631a95dd9a26ebd26313e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Feb 2025 13:22:10 +0000
Subject: [PATCH 083/111] Bump pytest-codspeed from 3.1.2 to 3.2.0 (#10375)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed)
from 3.1.2 to 3.2.0.


Release notes

Sourced from pytest-codspeed's
releases.




v3.2.0


What's Changed


This release improves the reliability of the measurement, primarily
focusing on the wall-time instrument.


🚀 Features


    

  • 

    Increase the min round time to a bigger value (+/- 1ms) by @​art049
    

    • 

  • 

    Fix the random seed while measuring with instruments by @​art049 in #48
    

    • 



🐛 Bug Fixes


    

  • Use time per iteration instead of total round time in stats by @​art049
    • 



🏗️ Refactor


    

  • Replace hardcoded outlier factor for improved readability by @​art049 in #67
    • 



⚙️ Internals



⚠️ Since the wall-time instrument is still in beta, this minor
release might create unexpected performance changes for this new
instrument.


Full Changelog: https://github.com/CodSpeedHQ/pytest-codspeed/compare/v3.1.2...v3.2.0







Changelog

Sourced from pytest-codspeed's
changelog.




[3.2.0] - 2025-01-31


🚀 Features


    

  • Increase the min round time to a bigger value (+/- 1ms) by @​art049
    • 

  • Add benchmarks-walltime job to run additional performance benchmarks
by @​art049 in #65
    • 

  • Fix the random seed while measuring with instruments by @​art049 in #48
    • 



🐛 Bug Fixes


    

  • Use time per iteration instead of total round time in stats by @​art049
    • 



🏗️ Refactor


    

  • Replace hardcoded outlier factor for improved readability by @​art049 in #67
    • 



⚙️ Internals








Commits

    

  • 253b1be
Release v3.2.0 🚀
    • 

  • 4333c1f
refactor: replace hardcoded outlier factor for improved readability
    • 

  • 6e1d63e
feat: increase the min round time to a bigger value (+/- 1ms)
    • 

  • cc10330
fix: use time per iteration instead of total round time in stats
    • 

  • 003c3b4
feat(ci): add benchmarks-walltime job to run additional performance
benchmarks
    • 

  • 768b5b8
feat: fix the random seed while measuring with instruments
    • 

  • d137431
chore: fix self-dependency
    • 

  • 9df2c77
chore: fix uv version in CI
    • 

  • See full diff in compare
view
    • 








[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-codspeed&package-manager=pip&previous-version=3.1.2&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)





Signed-off-by: dependabot[bot] 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 requirements/test.txt        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 517f98e6f27..f6f9adbf39d 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -168,7 +168,7 @@ pytest==8.3.4
     #   pytest-cov
     #   pytest-mock
     #   pytest-xdist
-pytest-codspeed==3.1.2
+pytest-codspeed==3.2.0
     # via
     #   -r requirements/lint.in
     #   -r requirements/test.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 26c5779c783..5d87c1ebaba 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -163,7 +163,7 @@ pytest==8.3.4
     #   pytest-cov
     #   pytest-mock
     #   pytest-xdist
-pytest-codspeed==3.1.2
+pytest-codspeed==3.2.0
     # via
     #   -r requirements/lint.in
     #   -r requirements/test.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 821cf156e76..dd06ec7236f 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -68,7 +68,7 @@ pytest==8.3.4
     #   -r requirements/lint.in
     #   pytest-codspeed
     #   pytest-mock
-pytest-codspeed==3.1.2
+pytest-codspeed==3.2.0
     # via -r requirements/lint.in
 pytest-mock==3.14.0
     # via -r requirements/lint.in
diff --git a/requirements/test.txt b/requirements/test.txt
index 058eb3d0c72..efd44e1ea3f 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -90,7 +90,7 @@ pytest==8.3.4
     #   pytest-cov
     #   pytest-mock
     #   pytest-xdist
-pytest-codspeed==3.1.2
+pytest-codspeed==3.2.0
     # via -r requirements/test.in
 pytest-cov==6.0.0
     # via -r requirements/test.in

From 6709f5308df9caac997488327af658feebdac8c2 Mon Sep 17 00:00:00 2001
From: Jacob Padilla 
Date: Tue, 4 Feb 2025 08:57:57 -0500
Subject: [PATCH 084/111] [PR #10371/f46ccff backport][3.12] 'partitioned'
 parameter for set_cookie method. (#10378)

---
 CHANGES/9870.misc.rst      |  1 +
 aiohttp/web_response.py    |  4 ++++
 docs/web_reference.rst     |  7 ++++++-
 tests/test_web_response.py | 14 ++++++++++++++
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/9870.misc.rst

diff --git a/CHANGES/9870.misc.rst b/CHANGES/9870.misc.rst
new file mode 100644
index 00000000000..caa8f45e522
--- /dev/null
+++ b/CHANGES/9870.misc.rst
@@ -0,0 +1 @@
+Added support for the ``partitioned`` attribute in the ``set_cookie`` method.
diff --git a/aiohttp/web_response.py b/aiohttp/web_response.py
index 99636f2de59..a1955ca0d9e 100644
--- a/aiohttp/web_response.py
+++ b/aiohttp/web_response.py
@@ -233,6 +233,7 @@ def set_cookie(
         httponly: Optional[bool] = None,
         version: Optional[str] = None,
         samesite: Optional[str] = None,
+        partitioned: Optional[bool] = None,
     ) -> None:
         """Set or update response cookie.
 
@@ -269,6 +270,9 @@ def set_cookie(
         if samesite is not None:
             c["samesite"] = samesite
 
+        if partitioned is not None:
+            c["partitioned"] = partitioned
+
     def del_cookie(
         self,
         name: str,
diff --git a/docs/web_reference.rst b/docs/web_reference.rst
index 51f5c43d7e7..62edd4c24aa 100644
--- a/docs/web_reference.rst
+++ b/docs/web_reference.rst
@@ -726,7 +726,7 @@ and :ref:`aiohttp-web-signals` handlers::
    .. method:: set_cookie(name, value, *, path='/', expires=None, \
                           domain=None, max_age=None, \
                           secure=None, httponly=None, version=None, \
-                          samesite=None)
+                          samesite=None, partitioned=None)
 
       Convenient way for setting :attr:`cookies`, allows to specify
       some additional properties like *max_age* in a single call.
@@ -779,6 +779,11 @@ and :ref:`aiohttp-web-signals` handlers::
 
             .. versionadded:: 3.7
 
+      :param bool partitioned: ``True`` to set a partitioned cookie.
+         Available in Python 3.14+. (optional)
+
+            .. versionadded:: 3.12
+
       .. warning::
 
          In HTTP version 1.1, ``expires`` was deprecated and replaced with
diff --git a/tests/test_web_response.py b/tests/test_web_response.py
index 6eb52d480ff..0a2c5273080 100644
--- a/tests/test_web_response.py
+++ b/tests/test_web_response.py
@@ -3,6 +3,7 @@
 import gzip
 import io
 import json
+import sys
 import zlib
 from concurrent.futures import ThreadPoolExecutor
 from typing import AsyncIterator, Optional
@@ -900,6 +901,19 @@ def test_response_cookies() -> None:
     assert str(resp.cookies) == expected
 
 
+@pytest.mark.skipif(sys.version_info < (3, 14), reason="No partitioned support")
+def test_response_cookie_partitioned() -> None:
+    resp = StreamResponse()
+
+    assert resp.cookies == {}
+
+    resp.set_cookie("name", "value", partitioned=False)
+    assert str(resp.cookies) == "Set-Cookie: name=value; Path=/"
+
+    resp.set_cookie("name", "value", partitioned=True)
+    assert str(resp.cookies) == "Set-Cookie: name=value; Partitioned; Path=/"
+
+
 def test_response_cookie_path() -> None:
     resp = StreamResponse()
 

From e38ea3242fa2bb1987c4e4da4c9bbbd1b3321149 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Tue, 4 Feb 2025 20:04:08 -0600
Subject: [PATCH 085/111] [3.11] Bump packaging to 24.2 (#10383)

---
 requirements/base.txt         | 2 +-
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 requirements/lint.txt         | 2 +-
 requirements/test.txt         | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 1e7c0bbe6c1..d79bdab3893 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -30,7 +30,7 @@ multidict==6.1.0
     # via
     #   -r requirements/runtime-deps.in
     #   yarl
-packaging==24.1
+packaging==24.2
     # via gunicorn
 propcache==0.2.0
     # via
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 740e3e2d559..041a3737ab0 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -129,7 +129,7 @@ mypy-extensions==1.0.0
     # via mypy
 nodeenv==1.9.1
     # via pre-commit
-packaging==24.1
+packaging==24.2
     # via
     #   build
     #   gunicorn
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 72e49ed9edf..a99644dff81 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -122,7 +122,7 @@ mypy-extensions==1.0.0
     # via mypy
 nodeenv==1.9.1
     # via pre-commit
-packaging==24.1
+packaging==24.2
     # via
     #   build
     #   gunicorn
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 892ae6b164c..43b3822706e 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -34,7 +34,7 @@ jinja2==3.1.4
     #   towncrier
 markupsafe==2.1.5
     # via jinja2
-packaging==24.1
+packaging==24.2
     # via sphinx
 pyenchant==3.2.2
     # via sphinxcontrib-spelling
diff --git a/requirements/doc.txt b/requirements/doc.txt
index f7f98330e1f..6ddfc47455b 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -34,7 +34,7 @@ jinja2==3.1.4
     #   towncrier
 markupsafe==2.1.5
     # via jinja2
-packaging==24.1
+packaging==24.2
     # via sphinx
 pygments==2.18.0
     # via sphinx
diff --git a/requirements/lint.txt b/requirements/lint.txt
index d7d97277bce..e2547d13da5 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -55,7 +55,7 @@ mypy-extensions==1.0.0
     # via mypy
 nodeenv==1.9.1
     # via pre-commit
-packaging==24.1
+packaging==24.2
     # via pytest
 platformdirs==4.3.6
     # via virtualenv
diff --git a/requirements/test.txt b/requirements/test.txt
index 33510f18682..cf81a7bf257 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -70,7 +70,7 @@ mypy==1.11.2 ; implementation_name == "cpython"
     # via -r requirements/test.in
 mypy-extensions==1.0.0
     # via mypy
-packaging==24.1
+packaging==24.2
     # via
     #   gunicorn
     #   pytest

From 65248a877f11c2035982150a118fc6ab8fdea6cb Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 02:22:39 +0000
Subject: [PATCH 086/111] [PR #10366/3fb2c8df backport][3.11] Fix sdist make
 (#10367)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Michał Górny 
Co-authored-by: J. Nick Koston 
fixes related to use of source distribution to build `aiohttp`:
---
 CHANGES/10366.packaging | 2 ++
 MANIFEST.in             | 1 +
 Makefile                | 3 +++
 tools/gen.py            | 2 +-
 4 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/10366.packaging

diff --git a/CHANGES/10366.packaging b/CHANGES/10366.packaging
new file mode 100644
index 00000000000..f0e9f62095a
--- /dev/null
+++ b/CHANGES/10366.packaging
@@ -0,0 +1,2 @@
+Added missing files to the source distribution to fix ``Makefile`` targets.
+Added a ``cythonize-nodeps`` target to run Cython without invoking pip to install dependencies.
diff --git a/MANIFEST.in b/MANIFEST.in
index d7c5cef6aad..64cee139a1f 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -7,6 +7,7 @@ graft aiohttp
 graft docs
 graft examples
 graft tests
+graft tools
 graft requirements
 recursive-include vendor *
 global-include aiohttp *.pyi
diff --git a/Makefile b/Makefile
index b0a3ef3226b..c6193fea9e4 100644
--- a/Makefile
+++ b/Makefile
@@ -81,6 +81,9 @@ generate-llhttp: .llhttp-gen
 .PHONY: cythonize
 cythonize: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c
 
+.PHONY: cythonize-nodeps
+cythonize-nodeps: $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c
+
 .install-deps: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c $(call to-hash,$(CYS) $(REQS))
 	@python -m pip install -r requirements/dev.in -c requirements/dev.txt
 	@touch .install-deps
diff --git a/tools/gen.py b/tools/gen.py
index ab2b39a2df0..24fb71bdd9d 100755
--- a/tools/gen.py
+++ b/tools/gen.py
@@ -7,7 +7,7 @@
 import multidict
 
 ROOT = pathlib.Path.cwd()
-while ROOT.parent != ROOT and not (ROOT / ".git").exists():
+while ROOT.parent != ROOT and not (ROOT / "pyproject.toml").exists():
     ROOT = ROOT.parent
 
 

From b752e7910770014a619c6b8cc5629241d560550e Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 02:27:45 +0000
Subject: [PATCH 087/111] [PR #10330/d3dc087b backport][3.11] Start building
 riscv64 platform wheels in CI/CD (#10353)

Co-authored-by: E Shattow 
---
 .github/workflows/ci-cd.yml | 2 ++
 CHANGES/10330.packaging.rst | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 CHANGES/10330.packaging.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 93d1ddded65..d471f5658f6 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -355,6 +355,8 @@ jobs:
           qemu: aarch64
         - os: ubuntu
           qemu: ppc64le
+        - os: ubuntu
+          qemu: riscv64
         - os: ubuntu
           qemu: s390x
     steps:
diff --git a/CHANGES/10330.packaging.rst b/CHANGES/10330.packaging.rst
new file mode 100644
index 00000000000..c159cf3a57d
--- /dev/null
+++ b/CHANGES/10330.packaging.rst
@@ -0,0 +1 @@
+Started publishing ``riscv64`` wheels -- by :user:`eshattow`.

From c60a8f455f08865f461668fdfbca26e7b3744064 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 17:37:46 +0000
Subject: [PATCH 088/111] [PR #10387/95b28c71 backport][3.11] Restore
 total_bytes to EmptyStreamReader (#10388)

Co-authored-by: J. Nick Koston 
fixes #10386
---
 CHANGES/10387.bugfix.rst | 1 +
 aiohttp/streams.py       | 1 +
 tests/test_streams.py    | 1 +
 3 files changed, 3 insertions(+)
 create mode 100644 CHANGES/10387.bugfix.rst

diff --git a/CHANGES/10387.bugfix.rst b/CHANGES/10387.bugfix.rst
new file mode 100644
index 00000000000..ad1ead9e363
--- /dev/null
+++ b/CHANGES/10387.bugfix.rst
@@ -0,0 +1 @@
+Restored the missing ``total_bytes`` attribute to ``EmptyStreamReader`` -- by :user:`bdraco`.
diff --git a/aiohttp/streams.py b/aiohttp/streams.py
index 6126fb5695d..7a3f64d1289 100644
--- a/aiohttp/streams.py
+++ b/aiohttp/streams.py
@@ -555,6 +555,7 @@ class EmptyStreamReader(StreamReader):  # lgtm [py/missing-call-to-init]
 
     def __init__(self) -> None:
         self._read_eof_chunk = False
+        self.total_bytes = 0
 
     def __repr__(self) -> str:
         return "<%s>" % self.__class__.__name__
diff --git a/tests/test_streams.py b/tests/test_streams.py
index fcf13a91eb3..1b65f771c77 100644
--- a/tests/test_streams.py
+++ b/tests/test_streams.py
@@ -1141,6 +1141,7 @@ async def test_empty_stream_reader() -> None:
     with pytest.raises(asyncio.IncompleteReadError):
         await s.readexactly(10)
     assert s.read_nowait() == b""
+    assert s.total_bytes == 0
 
 
 async def test_empty_stream_reader_iter_chunks() -> None:

From 4cc98a343e871536032f28ee4098b30bfef154fd Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 11:42:53 -0600
Subject: [PATCH 089/111] [PR #10137/25c7f23 backport][3.11] Restore zero copy
 writes on Python 3.12.9+/3.13.2+ (#10390)

---
 .github/workflows/ci-cd.yml |   4 +-
 CHANGES/10137.misc.rst      |   3 +
 aiohttp/http_writer.py      |  17 +++++-
 tests/test_http_writer.py   | 111 +++++++++++++++++++++++++++++++++++-
 4 files changed, 130 insertions(+), 5 deletions(-)
 create mode 100644 CHANGES/10137.misc.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index d471f5658f6..1a95adf975f 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -250,11 +250,11 @@ jobs:
       uses: actions/checkout@v4
       with:
         submodules: true
-    - name: Setup Python 3.13
+    - name: Setup Python 3.13.2
       id: python-install
       uses: actions/setup-python@v5
       with:
-        python-version: 3.13
+        python-version: 3.13.2
         cache: pip
         cache-dependency-path: requirements/*.txt
     - name: Update pip, wheel, setuptools, build, twine
diff --git a/CHANGES/10137.misc.rst b/CHANGES/10137.misc.rst
new file mode 100644
index 00000000000..43b19c33f32
--- /dev/null
+++ b/CHANGES/10137.misc.rst
@@ -0,0 +1,3 @@
+Restored support for zero copy writes when using Python 3.12 versions 3.12.9 and later or Python 3.13.2+ -- by :user:`bdraco`.
+
+Zero copy writes were previously disabled due to :cve:`2024-12254` which is resolved in these Python versions.
diff --git a/aiohttp/http_writer.py b/aiohttp/http_writer.py
index 28b14f7a791..e031a97708d 100644
--- a/aiohttp/http_writer.py
+++ b/aiohttp/http_writer.py
@@ -1,6 +1,7 @@
 """Http related parsers and protocol."""
 
 import asyncio
+import sys
 import zlib
 from typing import (  # noqa
     Any,
@@ -24,6 +25,17 @@
 __all__ = ("StreamWriter", "HttpVersion", "HttpVersion10", "HttpVersion11")
 
 
+MIN_PAYLOAD_FOR_WRITELINES = 2048
+IS_PY313_BEFORE_313_2 = (3, 13, 0) <= sys.version_info < (3, 13, 2)
+IS_PY_BEFORE_312_9 = sys.version_info < (3, 12, 9)
+SKIP_WRITELINES = IS_PY313_BEFORE_313_2 or IS_PY_BEFORE_312_9
+# writelines is not safe for use
+# on Python 3.12+ until 3.12.9
+# on Python 3.13+ until 3.13.2
+# and on older versions it not any faster than write
+# CVE-2024-12254: https://github.com/python/cpython/pull/127656
+
+
 class HttpVersion(NamedTuple):
     major: int
     minor: int
@@ -90,7 +102,10 @@ def _writelines(self, chunks: Iterable[bytes]) -> None:
         transport = self._protocol.transport
         if transport is None or transport.is_closing():
             raise ClientConnectionResetError("Cannot write to closing transport")
-        transport.write(b"".join(chunks))
+        if SKIP_WRITELINES or size < MIN_PAYLOAD_FOR_WRITELINES:
+            transport.write(b"".join(chunks))
+        else:
+            transport.writelines(chunks)
 
     async def write(
         self,
diff --git a/tests/test_http_writer.py b/tests/test_http_writer.py
index 5f316fad2f7..677b5bc9678 100644
--- a/tests/test_http_writer.py
+++ b/tests/test_http_writer.py
@@ -2,7 +2,7 @@
 import array
 import asyncio
 import zlib
-from typing import Iterable
+from typing import Generator, Iterable
 from unittest import mock
 
 import pytest
@@ -14,7 +14,19 @@
 
 
 @pytest.fixture
-def buf():
+def enable_writelines() -> Generator[None, None, None]:
+    with mock.patch("aiohttp.http_writer.SKIP_WRITELINES", False):
+        yield
+
+
+@pytest.fixture
+def force_writelines_small_payloads() -> Generator[None, None, None]:
+    with mock.patch("aiohttp.http_writer.MIN_PAYLOAD_FOR_WRITELINES", 1):
+        yield
+
+
+@pytest.fixture
+def buf() -> bytearray:
     return bytearray()
 
 
@@ -117,6 +129,33 @@ async def test_write_large_payload_deflate_compression_data_in_eof(
     assert zlib.decompress(content) == (b"data" * 4096) + payload
 
 
+@pytest.mark.usefixtures("enable_writelines")
+async def test_write_large_payload_deflate_compression_data_in_eof_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+
+    await msg.write(b"data" * 4096)
+    assert transport.write.called  # type: ignore[attr-defined]
+    chunks = [c[1][0] for c in list(transport.write.mock_calls)]  # type: ignore[attr-defined]
+    transport.write.reset_mock()  # type: ignore[attr-defined]
+    assert not transport.writelines.called  # type: ignore[attr-defined]
+
+    # This payload compresses to 20447 bytes
+    payload = b"".join(
+        [bytes((*range(0, i), *range(i, 0, -1))) for i in range(255) for _ in range(64)]
+    )
+    await msg.write_eof(payload)
+    assert not transport.write.called  # type: ignore[attr-defined]
+    assert transport.writelines.called  # type: ignore[attr-defined]
+    chunks.extend(transport.writelines.mock_calls[0][1][0])  # type: ignore[attr-defined]
+    content = b"".join(chunks)
+    assert zlib.decompress(content) == (b"data" * 4096) + payload
+
+
 async def test_write_payload_chunked_filter(
     protocol: BaseProtocol,
     transport: asyncio.Transport,
@@ -185,6 +224,26 @@ async def test_write_payload_deflate_compression_chunked(
     assert content == expected
 
 
+@pytest.mark.usefixtures("enable_writelines")
+@pytest.mark.usefixtures("force_writelines_small_payloads")
+async def test_write_payload_deflate_compression_chunked_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    expected = b"2\r\nx\x9c\r\na\r\nKI,I\x04\x00\x04\x00\x01\x9b\r\n0\r\n\r\n"
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+    msg.enable_chunking()
+    await msg.write(b"data")
+    await msg.write_eof()
+
+    chunks = [b"".join(c[1][0]) for c in list(transport.writelines.mock_calls)]  # type: ignore[attr-defined]
+    assert all(chunks)
+    content = b"".join(chunks)
+    assert content == expected
+
+
 async def test_write_payload_deflate_and_chunked(
     buf: bytearray,
     protocol: BaseProtocol,
@@ -221,6 +280,26 @@ async def test_write_payload_deflate_compression_chunked_data_in_eof(
     assert content == expected
 
 
+@pytest.mark.usefixtures("enable_writelines")
+@pytest.mark.usefixtures("force_writelines_small_payloads")
+async def test_write_payload_deflate_compression_chunked_data_in_eof_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    expected = b"2\r\nx\x9c\r\nd\r\nKI,IL\xcdK\x01\x00\x0b@\x02\xd2\r\n0\r\n\r\n"
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+    msg.enable_chunking()
+    await msg.write(b"data")
+    await msg.write_eof(b"end")
+
+    chunks = [b"".join(c[1][0]) for c in list(transport.writelines.mock_calls)]  # type: ignore[attr-defined]
+    assert all(chunks)
+    content = b"".join(chunks)
+    assert content == expected
+
+
 async def test_write_large_payload_deflate_compression_chunked_data_in_eof(
     protocol: BaseProtocol,
     transport: asyncio.Transport,
@@ -247,6 +326,34 @@ async def test_write_large_payload_deflate_compression_chunked_data_in_eof(
     assert zlib.decompress(content) == (b"data" * 4096) + payload
 
 
+@pytest.mark.usefixtures("enable_writelines")
+@pytest.mark.usefixtures("force_writelines_small_payloads")
+async def test_write_large_payload_deflate_compression_chunked_data_in_eof_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+    msg.enable_chunking()
+
+    await msg.write(b"data" * 4096)
+    # This payload compresses to 1111 bytes
+    payload = b"".join([bytes((*range(0, i), *range(i, 0, -1))) for i in range(255)])
+    await msg.write_eof(payload)
+    assert not transport.write.called  # type: ignore[attr-defined]
+
+    chunks = []
+    for write_lines_call in transport.writelines.mock_calls:  # type: ignore[attr-defined]
+        chunked_payload = list(write_lines_call[1][0])[1:]
+        chunked_payload.pop()
+        chunks.extend(chunked_payload)
+
+    assert all(chunks)
+    content = b"".join(chunks)
+    assert zlib.decompress(content) == (b"data" * 4096) + payload
+
+
 async def test_write_payload_deflate_compression_chunked_connection_lost(
     protocol: BaseProtocol,
     transport: asyncio.Transport,

From 1aa8579f05cd756185985f42de7d47f625aee2a1 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 11:47:48 -0600
Subject: [PATCH 090/111] [PR #10137/25c7f23 backport][3.12] Restore zero copy
 writes on Python 3.12.9+/3.13.2+ (#10391)

---
 .github/workflows/ci-cd.yml |   4 +-
 CHANGES/10137.misc.rst      |   3 +
 aiohttp/http_writer.py      |  17 +++++-
 tests/test_http_writer.py   | 111 +++++++++++++++++++++++++++++++++++-
 4 files changed, 130 insertions(+), 5 deletions(-)
 create mode 100644 CHANGES/10137.misc.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index d471f5658f6..1a95adf975f 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -250,11 +250,11 @@ jobs:
       uses: actions/checkout@v4
       with:
         submodules: true
-    - name: Setup Python 3.13
+    - name: Setup Python 3.13.2
       id: python-install
       uses: actions/setup-python@v5
       with:
-        python-version: 3.13
+        python-version: 3.13.2
         cache: pip
         cache-dependency-path: requirements/*.txt
     - name: Update pip, wheel, setuptools, build, twine
diff --git a/CHANGES/10137.misc.rst b/CHANGES/10137.misc.rst
new file mode 100644
index 00000000000..43b19c33f32
--- /dev/null
+++ b/CHANGES/10137.misc.rst
@@ -0,0 +1,3 @@
+Restored support for zero copy writes when using Python 3.12 versions 3.12.9 and later or Python 3.13.2+ -- by :user:`bdraco`.
+
+Zero copy writes were previously disabled due to :cve:`2024-12254` which is resolved in these Python versions.
diff --git a/aiohttp/http_writer.py b/aiohttp/http_writer.py
index 28b14f7a791..e031a97708d 100644
--- a/aiohttp/http_writer.py
+++ b/aiohttp/http_writer.py
@@ -1,6 +1,7 @@
 """Http related parsers and protocol."""
 
 import asyncio
+import sys
 import zlib
 from typing import (  # noqa
     Any,
@@ -24,6 +25,17 @@
 __all__ = ("StreamWriter", "HttpVersion", "HttpVersion10", "HttpVersion11")
 
 
+MIN_PAYLOAD_FOR_WRITELINES = 2048
+IS_PY313_BEFORE_313_2 = (3, 13, 0) <= sys.version_info < (3, 13, 2)
+IS_PY_BEFORE_312_9 = sys.version_info < (3, 12, 9)
+SKIP_WRITELINES = IS_PY313_BEFORE_313_2 or IS_PY_BEFORE_312_9
+# writelines is not safe for use
+# on Python 3.12+ until 3.12.9
+# on Python 3.13+ until 3.13.2
+# and on older versions it not any faster than write
+# CVE-2024-12254: https://github.com/python/cpython/pull/127656
+
+
 class HttpVersion(NamedTuple):
     major: int
     minor: int
@@ -90,7 +102,10 @@ def _writelines(self, chunks: Iterable[bytes]) -> None:
         transport = self._protocol.transport
         if transport is None or transport.is_closing():
             raise ClientConnectionResetError("Cannot write to closing transport")
-        transport.write(b"".join(chunks))
+        if SKIP_WRITELINES or size < MIN_PAYLOAD_FOR_WRITELINES:
+            transport.write(b"".join(chunks))
+        else:
+            transport.writelines(chunks)
 
     async def write(
         self,
diff --git a/tests/test_http_writer.py b/tests/test_http_writer.py
index 5f316fad2f7..677b5bc9678 100644
--- a/tests/test_http_writer.py
+++ b/tests/test_http_writer.py
@@ -2,7 +2,7 @@
 import array
 import asyncio
 import zlib
-from typing import Iterable
+from typing import Generator, Iterable
 from unittest import mock
 
 import pytest
@@ -14,7 +14,19 @@
 
 
 @pytest.fixture
-def buf():
+def enable_writelines() -> Generator[None, None, None]:
+    with mock.patch("aiohttp.http_writer.SKIP_WRITELINES", False):
+        yield
+
+
+@pytest.fixture
+def force_writelines_small_payloads() -> Generator[None, None, None]:
+    with mock.patch("aiohttp.http_writer.MIN_PAYLOAD_FOR_WRITELINES", 1):
+        yield
+
+
+@pytest.fixture
+def buf() -> bytearray:
     return bytearray()
 
 
@@ -117,6 +129,33 @@ async def test_write_large_payload_deflate_compression_data_in_eof(
     assert zlib.decompress(content) == (b"data" * 4096) + payload
 
 
+@pytest.mark.usefixtures("enable_writelines")
+async def test_write_large_payload_deflate_compression_data_in_eof_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+
+    await msg.write(b"data" * 4096)
+    assert transport.write.called  # type: ignore[attr-defined]
+    chunks = [c[1][0] for c in list(transport.write.mock_calls)]  # type: ignore[attr-defined]
+    transport.write.reset_mock()  # type: ignore[attr-defined]
+    assert not transport.writelines.called  # type: ignore[attr-defined]
+
+    # This payload compresses to 20447 bytes
+    payload = b"".join(
+        [bytes((*range(0, i), *range(i, 0, -1))) for i in range(255) for _ in range(64)]
+    )
+    await msg.write_eof(payload)
+    assert not transport.write.called  # type: ignore[attr-defined]
+    assert transport.writelines.called  # type: ignore[attr-defined]
+    chunks.extend(transport.writelines.mock_calls[0][1][0])  # type: ignore[attr-defined]
+    content = b"".join(chunks)
+    assert zlib.decompress(content) == (b"data" * 4096) + payload
+
+
 async def test_write_payload_chunked_filter(
     protocol: BaseProtocol,
     transport: asyncio.Transport,
@@ -185,6 +224,26 @@ async def test_write_payload_deflate_compression_chunked(
     assert content == expected
 
 
+@pytest.mark.usefixtures("enable_writelines")
+@pytest.mark.usefixtures("force_writelines_small_payloads")
+async def test_write_payload_deflate_compression_chunked_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    expected = b"2\r\nx\x9c\r\na\r\nKI,I\x04\x00\x04\x00\x01\x9b\r\n0\r\n\r\n"
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+    msg.enable_chunking()
+    await msg.write(b"data")
+    await msg.write_eof()
+
+    chunks = [b"".join(c[1][0]) for c in list(transport.writelines.mock_calls)]  # type: ignore[attr-defined]
+    assert all(chunks)
+    content = b"".join(chunks)
+    assert content == expected
+
+
 async def test_write_payload_deflate_and_chunked(
     buf: bytearray,
     protocol: BaseProtocol,
@@ -221,6 +280,26 @@ async def test_write_payload_deflate_compression_chunked_data_in_eof(
     assert content == expected
 
 
+@pytest.mark.usefixtures("enable_writelines")
+@pytest.mark.usefixtures("force_writelines_small_payloads")
+async def test_write_payload_deflate_compression_chunked_data_in_eof_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    expected = b"2\r\nx\x9c\r\nd\r\nKI,IL\xcdK\x01\x00\x0b@\x02\xd2\r\n0\r\n\r\n"
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+    msg.enable_chunking()
+    await msg.write(b"data")
+    await msg.write_eof(b"end")
+
+    chunks = [b"".join(c[1][0]) for c in list(transport.writelines.mock_calls)]  # type: ignore[attr-defined]
+    assert all(chunks)
+    content = b"".join(chunks)
+    assert content == expected
+
+
 async def test_write_large_payload_deflate_compression_chunked_data_in_eof(
     protocol: BaseProtocol,
     transport: asyncio.Transport,
@@ -247,6 +326,34 @@ async def test_write_large_payload_deflate_compression_chunked_data_in_eof(
     assert zlib.decompress(content) == (b"data" * 4096) + payload
 
 
+@pytest.mark.usefixtures("enable_writelines")
+@pytest.mark.usefixtures("force_writelines_small_payloads")
+async def test_write_large_payload_deflate_compression_chunked_data_in_eof_writelines(
+    protocol: BaseProtocol,
+    transport: asyncio.Transport,
+    loop: asyncio.AbstractEventLoop,
+) -> None:
+    msg = http.StreamWriter(protocol, loop)
+    msg.enable_compression("deflate")
+    msg.enable_chunking()
+
+    await msg.write(b"data" * 4096)
+    # This payload compresses to 1111 bytes
+    payload = b"".join([bytes((*range(0, i), *range(i, 0, -1))) for i in range(255)])
+    await msg.write_eof(payload)
+    assert not transport.write.called  # type: ignore[attr-defined]
+
+    chunks = []
+    for write_lines_call in transport.writelines.mock_calls:  # type: ignore[attr-defined]
+        chunked_payload = list(write_lines_call[1][0])[1:]
+        chunked_payload.pop()
+        chunks.extend(chunked_payload)
+
+    assert all(chunks)
+    content = b"".join(chunks)
+    assert zlib.decompress(content) == (b"data" * 4096) + payload
+
+
 async def test_write_payload_deflate_compression_chunked_connection_lost(
     protocol: BaseProtocol,
     transport: asyncio.Transport,

From 7f7afba1cdb9ce708cd8f22e31d384ffd471720d Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 18:04:22 +0000
Subject: [PATCH 091/111] [PR #10387/95b28c71 backport][3.12] Restore
 total_bytes to EmptyStreamReader (#10389)

Co-authored-by: J. Nick Koston 
fixes #10386
---
 CHANGES/10387.bugfix.rst | 1 +
 aiohttp/streams.py       | 1 +
 tests/test_streams.py    | 1 +
 3 files changed, 3 insertions(+)
 create mode 100644 CHANGES/10387.bugfix.rst

diff --git a/CHANGES/10387.bugfix.rst b/CHANGES/10387.bugfix.rst
new file mode 100644
index 00000000000..ad1ead9e363
--- /dev/null
+++ b/CHANGES/10387.bugfix.rst
@@ -0,0 +1 @@
+Restored the missing ``total_bytes`` attribute to ``EmptyStreamReader`` -- by :user:`bdraco`.
diff --git a/aiohttp/streams.py b/aiohttp/streams.py
index 6126fb5695d..7a3f64d1289 100644
--- a/aiohttp/streams.py
+++ b/aiohttp/streams.py
@@ -555,6 +555,7 @@ class EmptyStreamReader(StreamReader):  # lgtm [py/missing-call-to-init]
 
     def __init__(self) -> None:
         self._read_eof_chunk = False
+        self.total_bytes = 0
 
     def __repr__(self) -> str:
         return "<%s>" % self.__class__.__name__
diff --git a/tests/test_streams.py b/tests/test_streams.py
index fcf13a91eb3..1b65f771c77 100644
--- a/tests/test_streams.py
+++ b/tests/test_streams.py
@@ -1141,6 +1141,7 @@ async def test_empty_stream_reader() -> None:
     with pytest.raises(asyncio.IncompleteReadError):
         await s.readexactly(10)
     assert s.read_nowait() == b""
+    assert s.total_bytes == 0
 
 
 async def test_empty_stream_reader_iter_chunks() -> None:

From aed8222e6dfdfed17eb04ff053ce3859f4ee8e15 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 12:30:12 -0600
Subject: [PATCH 092/111] Release 3.11.12 (#10392)

---
 CHANGES.rst                 | 107 ++++++++++++++++++++++++++++++++++++
 CHANGES/10137.misc.rst      |   3 -
 CHANGES/10270.bugfix.rst    |   2 -
 CHANGES/10281.contrib.rst   |   1 -
 CHANGES/10300.feature.rst   |   2 -
 CHANGES/10304.doc.rst       |   1 -
 CHANGES/10330.packaging.rst |   1 -
 CHANGES/10332.feature.rst   |   1 -
 CHANGES/10366.packaging     |   2 -
 CHANGES/10387.bugfix.rst    |   1 -
 aiohttp/__init__.py         |   2 +-
 11 files changed, 108 insertions(+), 15 deletions(-)
 delete mode 100644 CHANGES/10137.misc.rst
 delete mode 100644 CHANGES/10270.bugfix.rst
 delete mode 100644 CHANGES/10281.contrib.rst
 delete mode 100644 CHANGES/10300.feature.rst
 delete mode 100644 CHANGES/10304.doc.rst
 delete mode 100644 CHANGES/10330.packaging.rst
 delete mode 100644 CHANGES/10332.feature.rst
 delete mode 100644 CHANGES/10366.packaging
 delete mode 100644 CHANGES/10387.bugfix.rst

diff --git a/CHANGES.rst b/CHANGES.rst
index b07cec6a093..7a464aed9eb 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -10,6 +10,113 @@
 
 .. towncrier release notes start
 
+3.11.12 (2025-02-05)
+====================
+
+Bug fixes
+---------
+
+- ``MultipartForm.decode()`` now follows RFC1341 7.2.1 with a ``CRLF`` after the boundary
+  -- by :user:`imnotjames`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10270`.
+
+
+
+- Restored the missing ``total_bytes`` attribute to ``EmptyStreamReader`` -- by :user:`bdraco`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10387`.
+
+
+
+
+Features
+--------
+
+- Updated :py:func:`~aiohttp.request` to make it accept ``_RequestOptions`` kwargs.
+  -- by :user:`Cycloctane`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10300`.
+
+
+
+- Improved logging of HTTP protocol errors to include the remote address -- by :user:`bdraco`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10332`.
+
+
+
+
+Improved documentation
+----------------------
+
+- Added ``aiohttp-openmetrics`` to list of third-party libraries -- by :user:`jelmer`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10304`.
+
+
+
+
+Packaging updates and notes for downstreams
+-------------------------------------------
+
+- Started publishing ``riscv64`` wheels -- by :user:`eshattow`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10330`.
+
+
+
+- Added missing files to the source distribution to fix ``Makefile`` targets.
+  Added a ``cythonize-nodeps`` target to run Cython without invoking pip to install dependencies.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10366`.
+
+
+
+
+Contributor-facing changes
+--------------------------
+
+- The CI/CD workflow has been updated to use `upload-artifact` v4 and `download-artifact` v4 GitHub Actions -- by :user:`silamon`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10281`.
+
+
+
+
+Miscellaneous internal changes
+------------------------------
+
+- Restored support for zero copy writes when using Python 3.12 versions 3.12.9 and later or Python 3.13.2+ -- by :user:`bdraco`.
+
+  Zero copy writes were previously disabled due to :cve:`2024-12254` which is resolved in these Python versions.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10137`.
+
+
+
+
+----
+
+
 3.11.11 (2024-12-18)
 ====================
 
diff --git a/CHANGES/10137.misc.rst b/CHANGES/10137.misc.rst
deleted file mode 100644
index 43b19c33f32..00000000000
--- a/CHANGES/10137.misc.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Restored support for zero copy writes when using Python 3.12 versions 3.12.9 and later or Python 3.13.2+ -- by :user:`bdraco`.
-
-Zero copy writes were previously disabled due to :cve:`2024-12254` which is resolved in these Python versions.
diff --git a/CHANGES/10270.bugfix.rst b/CHANGES/10270.bugfix.rst
deleted file mode 100644
index e3252464dc8..00000000000
--- a/CHANGES/10270.bugfix.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-``MultipartForm.decode()`` must follow RFC1341 7.2.1 with a ``CRLF`` after the boundary
--- by :user:`imnotjames`.
diff --git a/CHANGES/10281.contrib.rst b/CHANGES/10281.contrib.rst
deleted file mode 100644
index b50b4d2f955..00000000000
--- a/CHANGES/10281.contrib.rst
+++ /dev/null
@@ -1 +0,0 @@
-The CI/CD workflow has been updated to use `upload-artifact` v4 and `download-artifact` v4 GitHub Actions -- by :user:`silamon`.
diff --git a/CHANGES/10300.feature.rst b/CHANGES/10300.feature.rst
deleted file mode 100644
index 3632c3d41a7..00000000000
--- a/CHANGES/10300.feature.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Update :py:func:`~aiohttp.request` to make it accept ``_RequestOptions`` kwargs.
--- by :user:`Cycloctane`.
diff --git a/CHANGES/10304.doc.rst b/CHANGES/10304.doc.rst
deleted file mode 100644
index cedac3ef881..00000000000
--- a/CHANGES/10304.doc.rst
+++ /dev/null
@@ -1 +0,0 @@
-Added ``aiohttp-openmetrics`` to list of third-party libraries -- by :user:`jelmer`.
diff --git a/CHANGES/10330.packaging.rst b/CHANGES/10330.packaging.rst
deleted file mode 100644
index c159cf3a57d..00000000000
--- a/CHANGES/10330.packaging.rst
+++ /dev/null
@@ -1 +0,0 @@
-Started publishing ``riscv64`` wheels -- by :user:`eshattow`.
diff --git a/CHANGES/10332.feature.rst b/CHANGES/10332.feature.rst
deleted file mode 100644
index e5c84adf50d..00000000000
--- a/CHANGES/10332.feature.rst
+++ /dev/null
@@ -1 +0,0 @@
-Improved logging of HTTP protocol errors to include the remote address -- by :user:`bdraco`.
diff --git a/CHANGES/10366.packaging b/CHANGES/10366.packaging
deleted file mode 100644
index f0e9f62095a..00000000000
--- a/CHANGES/10366.packaging
+++ /dev/null
@@ -1,2 +0,0 @@
-Added missing files to the source distribution to fix ``Makefile`` targets.
-Added a ``cythonize-nodeps`` target to run Cython without invoking pip to install dependencies.
diff --git a/CHANGES/10387.bugfix.rst b/CHANGES/10387.bugfix.rst
deleted file mode 100644
index ad1ead9e363..00000000000
--- a/CHANGES/10387.bugfix.rst
+++ /dev/null
@@ -1 +0,0 @@
-Restored the missing ``total_bytes`` attribute to ``EmptyStreamReader`` -- by :user:`bdraco`.
diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py
index 0c3c65fdbe1..4bafa848287 100644
--- a/aiohttp/__init__.py
+++ b/aiohttp/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "3.11.12.dev0"
+__version__ = "3.11.12"
 
 from typing import TYPE_CHECKING, Tuple
 

From 2a3111d2b08e86ccaebf86c8228ec4ed5f4943c9 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 19:26:31 +0000
Subject: [PATCH 093/111] [PR #10393/9057364b backport][3.11] Revert "Start
 building riscv64 platform wheels in CI/CD" (#10394)

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 1a95adf975f..0bd2a07f65e 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -355,8 +355,6 @@ jobs:
           qemu: aarch64
         - os: ubuntu
           qemu: ppc64le
-        - os: ubuntu
-          qemu: riscv64
         - os: ubuntu
           qemu: s390x
     steps:

From 22237766eb917860a0f981fc43ce024f4b94584c Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 13:26:46 -0600
Subject: [PATCH 094/111] [3.11] Amend changes to remove reverted riscv64
 wheels (#10397)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See https://github.com/aio-libs/aiohttp/pull/10393

Note that the release failed so this was never published

Screenshot 2025-02-05 at 1 26 20 PM
---
 CHANGES.rst | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 7a464aed9eb..5775d1041cc 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -70,14 +70,6 @@ Improved documentation
 Packaging updates and notes for downstreams
 -------------------------------------------
 
-- Started publishing ``riscv64`` wheels -- by :user:`eshattow`.
-
-
-  *Related issues and pull requests on GitHub:*
-  :issue:`10330`.
-
-
-
 - Added missing files to the source distribution to fix ``Makefile`` targets.
   Added a ``cythonize-nodeps`` target to run Cython without invoking pip to install dependencies.
 

From bc4f5cf0b05356b4634da850f7496d8cb1f56b23 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 19:29:05 +0000
Subject: [PATCH 095/111] [PR #10393/9057364b backport][3.12] Revert "Start
 building riscv64 platform wheels in CI/CD" (#10395)

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 2 --
 CHANGES/10330.packaging.rst | 1 -
 2 files changed, 3 deletions(-)
 delete mode 100644 CHANGES/10330.packaging.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 1a95adf975f..0bd2a07f65e 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -355,8 +355,6 @@ jobs:
           qemu: aarch64
         - os: ubuntu
           qemu: ppc64le
-        - os: ubuntu
-          qemu: riscv64
         - os: ubuntu
           qemu: s390x
     steps:
diff --git a/CHANGES/10330.packaging.rst b/CHANGES/10330.packaging.rst
deleted file mode 100644
index c159cf3a57d..00000000000
--- a/CHANGES/10330.packaging.rst
+++ /dev/null
@@ -1 +0,0 @@
-Started publishing ``riscv64`` wheels -- by :user:`eshattow`.

From b53c5f958bbe8e14eebe65031e32ae5f3c23ea72 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 13:34:44 -0600
Subject: [PATCH 096/111] [PR #10396/481a8374 backport][3.11] Switch to native
 arm runners for wheel builds (#10398)

**This is a backport of PR #10396 as merged into master
(481a8374a6fa7b75269f6e523348b2ce7cb498b6).**

Not a user facing change as we should get the same wheels in the end,
however it should build a bit faster since its using native runners and
musl is now split up

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 0bd2a07f65e..b4c65de98c2 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -347,16 +347,27 @@ jobs:
     needs: pre-deploy
     strategy:
       matrix:
-        os: [ubuntu, windows, macos]
+        os: [ubuntu, windows, macos, "ubuntu-24.04-arm"]
         qemu: ['']
+        musl: [""]
         include:
-          # Split ubuntu job for the sake of speed-up
+          # Split ubuntu/musl jobs for the sake of speed-up
         - os: ubuntu
-          qemu: aarch64
+          qemu: ppc64le
+          musl: ""
+        - os: ubuntu
+          qemu: s390x
+          musl: ""
         - os: ubuntu
           qemu: ppc64le
+          musl: musllinux
         - os: ubuntu
           qemu: s390x
+          musl: musllinux
+        - os: ubuntu
+          musl: musllinux
+        - os: ubuntu-24.04-arm
+          musl: musllinux
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -398,12 +409,13 @@ jobs:
     - name: Build wheels
       uses: pypa/cibuildwheel@v2.22.0
       env:
+        CIBW_SKIP: ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
         CIBW_ARCHS_MACOS: x86_64 arm64 universal2
     - name: Upload wheels
       uses: actions/upload-artifact@v4
       with:
         name: >-
-          dist-${{ matrix.os }}-${{
+          dist-${{ matrix.os }}-${{ matrix.musl }}-${{
             matrix.qemu
             && matrix.qemu
             || 'native'

From 26692da3e79e21bf16c0b63972b097643e5bf8ea Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 13:34:53 -0600
Subject: [PATCH 097/111] [PR #10396/481a8374 backport][3.12] Switch to native
 arm runners for wheel builds (#10399)

**This is a backport of PR #10396 as merged into master
(481a8374a6fa7b75269f6e523348b2ce7cb498b6).**

Not a user facing change as we should get the same wheels in the end,
however it should build a bit faster since its using native runners and
musl is now split up

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 0bd2a07f65e..b4c65de98c2 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -347,16 +347,27 @@ jobs:
     needs: pre-deploy
     strategy:
       matrix:
-        os: [ubuntu, windows, macos]
+        os: [ubuntu, windows, macos, "ubuntu-24.04-arm"]
         qemu: ['']
+        musl: [""]
         include:
-          # Split ubuntu job for the sake of speed-up
+          # Split ubuntu/musl jobs for the sake of speed-up
         - os: ubuntu
-          qemu: aarch64
+          qemu: ppc64le
+          musl: ""
+        - os: ubuntu
+          qemu: s390x
+          musl: ""
         - os: ubuntu
           qemu: ppc64le
+          musl: musllinux
         - os: ubuntu
           qemu: s390x
+          musl: musllinux
+        - os: ubuntu
+          musl: musllinux
+        - os: ubuntu-24.04-arm
+          musl: musllinux
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -398,12 +409,13 @@ jobs:
     - name: Build wheels
       uses: pypa/cibuildwheel@v2.22.0
       env:
+        CIBW_SKIP: ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
         CIBW_ARCHS_MACOS: x86_64 arm64 universal2
     - name: Upload wheels
       uses: actions/upload-artifact@v4
       with:
         name: >-
-          dist-${{ matrix.os }}-${{
+          dist-${{ matrix.os }}-${{ matrix.musl }}-${{
             matrix.qemu
             && matrix.qemu
             || 'native'

From 785261c834ee227241b823a2669d3a727032724d Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 14:18:46 -0600
Subject: [PATCH 098/111] [PR #10400/9b33be3 backport][3.12] Add workaround for
 segfaults during wheel builds (#10402)

(cherry picked from commit 9b33be33d169f19842ae0a0f537163625fe3af77)
---
 .github/workflows/ci-cd.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index b4c65de98c2..2299037231e 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -342,7 +342,7 @@ jobs:
         path: dist
 
   build-wheels:
-    name: Build wheels on ${{ matrix.os }} ${{ matrix.qemu }}
+    name: Build wheels on ${{ matrix.os }} ${{ matrix.qemu }} ${{ matrix.musl }}
     runs-on: ${{ matrix.os }}-latest
     needs: pre-deploy
     strategy:
@@ -378,6 +378,10 @@ jobs:
       uses: docker/setup-qemu-action@v3
       with:
         platforms: all
+        # This should be temporary
+        # xref https://github.com/docker/setup-qemu-action/issues/188
+        # xref https://github.com/tonistiigi/binfmt/issues/215
+        image: tonistiigi/binfmt:qemu-v8.1.5
       id: qemu
     - name: Prepare emulation
       run: |

From 5f1cd3b198188d7b5ef4745b8c8ca87a0a293a26 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 14:18:52 -0600
Subject: [PATCH 099/111] [PR #10400/9b33be3 backport][3.11] Add workaround for
 segfaults during wheel builds (#10401)

(cherry picked from commit 9b33be33d169f19842ae0a0f537163625fe3af77)
---
 .github/workflows/ci-cd.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index b4c65de98c2..2299037231e 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -342,7 +342,7 @@ jobs:
         path: dist
 
   build-wheels:
-    name: Build wheels on ${{ matrix.os }} ${{ matrix.qemu }}
+    name: Build wheels on ${{ matrix.os }} ${{ matrix.qemu }} ${{ matrix.musl }}
     runs-on: ${{ matrix.os }}-latest
     needs: pre-deploy
     strategy:
@@ -378,6 +378,10 @@ jobs:
       uses: docker/setup-qemu-action@v3
       with:
         platforms: all
+        # This should be temporary
+        # xref https://github.com/docker/setup-qemu-action/issues/188
+        # xref https://github.com/tonistiigi/binfmt/issues/215
+        image: tonistiigi/binfmt:qemu-v8.1.5
       id: qemu
     - name: Prepare emulation
       run: |

From 864bf5a263141d041911f26a012d16dbfdf8af51 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 14:58:29 -0600
Subject: [PATCH 100/111] [PR #10403/908145c9 backport][3.11] Disable wheel
 builds on PyPy (#10405)

**This is a backport of PR #10403 as merged into master
(908145c97546afb717807d3bcad1f63110fdaa4a).**

fixes failure seen in
https://github.com/aio-libs/aiohttp/actions/runs/13165870727

When I split these, I forgot to turn these off as we have never tried to
build extensions on PyPy

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 2299037231e..c056f67ac49 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -413,7 +413,7 @@ jobs:
     - name: Build wheels
       uses: pypa/cibuildwheel@v2.22.0
       env:
-        CIBW_SKIP: ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
+        CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
         CIBW_ARCHS_MACOS: x86_64 arm64 universal2
     - name: Upload wheels
       uses: actions/upload-artifact@v4

From a45f26791c3570ffb6acc5f265a90c8bd02ca1f0 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 14:58:36 -0600
Subject: [PATCH 101/111] [PR #10403/908145c9 backport][3.12] Disable wheel
 builds on PyPy (#10406)

**This is a backport of PR #10403 as merged into master
(908145c97546afb717807d3bcad1f63110fdaa4a).**

fixes failure seen in
https://github.com/aio-libs/aiohttp/actions/runs/13165870727

When I split these, I forgot to turn these off as we have never tried to
build extensions on PyPy

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 2299037231e..c056f67ac49 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -413,7 +413,7 @@ jobs:
     - name: Build wheels
       uses: pypa/cibuildwheel@v2.22.0
       env:
-        CIBW_SKIP: ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
+        CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
         CIBW_ARCHS_MACOS: x86_64 arm64 universal2
     - name: Upload wheels
       uses: actions/upload-artifact@v4

From 43a36ee8b90cbafd136a59d5f9a73a3f6945d31e Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 15:05:11 -0600
Subject: [PATCH 102/111] [PR #10404/6ee81df6 backport][3.11] Start build
 wheels on armv7l musllinux (#10407)

**This is a backport of PR #10404 as merged into master
(6ee81df6dd2f50e3df8dc2aafcc4cab035c71b9a).**

I realized we were missing these. While I'm fixing up the wheel builds I
figured I'd add these as well

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 5 ++++-
 CHANGES/10404.packaging.rst | 1 +
 docs/spelling_wordlist.txt  | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/10404.packaging.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index c056f67ac49..e9cc3608d42 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -359,7 +359,10 @@ jobs:
           qemu: s390x
           musl: ""
         - os: ubuntu
-          qemu: ppc64le
+          qemu: armv7l
+          musl: musllinux
+        - os: ubuntu
+          qemu: s390x
           musl: musllinux
         - os: ubuntu
           qemu: s390x
diff --git a/CHANGES/10404.packaging.rst b/CHANGES/10404.packaging.rst
new file mode 100644
index 00000000000..e27ca91989f
--- /dev/null
+++ b/CHANGES/10404.packaging.rst
@@ -0,0 +1 @@
+Started building armv7l musllinux wheels -- by :user:`bdraco`.
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index 3e41af824e4..59ea99c40bb 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -14,6 +14,7 @@ app’s
 apps
 arg
 args
+armv
 Arsenic
 async
 asyncio
@@ -201,6 +202,7 @@ multidicts
 Multidicts
 multipart
 Multipart
+musllinux
 mypy
 Nagle
 Nagle’s

From 0a51d1dab1bb5791fb34b5180045c6b93b551eea Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 15:05:23 -0600
Subject: [PATCH 103/111] [PR #10404/6ee81df6 backport][3.12] Start build
 wheels on armv7l musllinux (#10408)

**This is a backport of PR #10404 as merged into master
(6ee81df6dd2f50e3df8dc2aafcc4cab035c71b9a).**

I realized we were missing these. While I'm fixing up the wheel builds I
figured I'd add these as well

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 5 ++++-
 CHANGES/10404.packaging.rst | 1 +
 docs/spelling_wordlist.txt  | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/10404.packaging.rst

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index c056f67ac49..e9cc3608d42 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -359,7 +359,10 @@ jobs:
           qemu: s390x
           musl: ""
         - os: ubuntu
-          qemu: ppc64le
+          qemu: armv7l
+          musl: musllinux
+        - os: ubuntu
+          qemu: s390x
           musl: musllinux
         - os: ubuntu
           qemu: s390x
diff --git a/CHANGES/10404.packaging.rst b/CHANGES/10404.packaging.rst
new file mode 100644
index 00000000000..e27ca91989f
--- /dev/null
+++ b/CHANGES/10404.packaging.rst
@@ -0,0 +1 @@
+Started building armv7l musllinux wheels -- by :user:`bdraco`.
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index 3e41af824e4..59ea99c40bb 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -14,6 +14,7 @@ app’s
 apps
 arg
 args
+armv
 Arsenic
 async
 asyncio
@@ -201,6 +202,7 @@ multidicts
 Multidicts
 multipart
 Multipart
+musllinux
 mypy
 Nagle
 Nagle’s

From d07f577592238dc5c38558223a0148582b2dfeb1 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 15:12:01 -0600
Subject: [PATCH 104/111] [3.11] Adjust changelog messages for armv7l wheels
 (#10409)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Screenshot 2025-02-05 at 3 11 36 PM
---
 CHANGES.rst                 | 8 ++++++++
 CHANGES/10404.packaging.rst | 1 -
 2 files changed, 8 insertions(+), 1 deletion(-)
 delete mode 100644 CHANGES/10404.packaging.rst

diff --git a/CHANGES.rst b/CHANGES.rst
index 5775d1041cc..104dd7a746d 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -79,6 +79,14 @@ Packaging updates and notes for downstreams
 
 
 
+- Started building armv7l musllinux wheels -- by :user:`bdraco`.
+
+
+  *Related issues and pull requests on GitHub:*
+  :issue:`10404`.
+
+
+
 
 Contributor-facing changes
 --------------------------
diff --git a/CHANGES/10404.packaging.rst b/CHANGES/10404.packaging.rst
deleted file mode 100644
index e27ca91989f..00000000000
--- a/CHANGES/10404.packaging.rst
+++ /dev/null
@@ -1 +0,0 @@
-Started building armv7l musllinux wheels -- by :user:`bdraco`.

From 3cca9598a2d58831fac577187e9ea30ec2cda582 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 15:40:55 -0600
Subject: [PATCH 105/111] [PR #10410/1009c066 backport][3.11] Fix runs-on for
 wheel builds for native arm (#10411)

**This is a backport of PR #10410 as merged into master
(1009c066dc88de1360bfb1d011cd0cc9addeb534).**

-latest was being appended to everything but this will not work with the
native arm runners

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index e9cc3608d42..e2129cf4d34 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -343,31 +343,31 @@ jobs:
 
   build-wheels:
     name: Build wheels on ${{ matrix.os }} ${{ matrix.qemu }} ${{ matrix.musl }}
-    runs-on: ${{ matrix.os }}-latest
+    runs-on: ${{ matrix.os }}
     needs: pre-deploy
     strategy:
       matrix:
-        os: [ubuntu, windows, macos, "ubuntu-24.04-arm"]
+        os: ["ubuntu-latest", "windows-latest", "macos-latest", "ubuntu-24.04-arm"]
         qemu: ['']
         musl: [""]
         include:
           # Split ubuntu/musl jobs for the sake of speed-up
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: ppc64le
           musl: ""
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: s390x
           musl: ""
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: armv7l
           musl: musllinux
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: s390x
           musl: musllinux
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: s390x
           musl: musllinux
-        - os: ubuntu
+        - os: ubuntu-latest
           musl: musllinux
         - os: ubuntu-24.04-arm
           musl: musllinux

From f4196485dee1d7a19f4087b5bd4dfd065d3f42b5 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 15:41:06 -0600
Subject: [PATCH 106/111] [PR #10410/1009c066 backport][3.12] Fix runs-on for
 wheel builds for native arm (#10412)

**This is a backport of PR #10410 as merged into master
(1009c066dc88de1360bfb1d011cd0cc9addeb534).**

-latest was being appended to everything but this will not work with the
native arm runners

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index e9cc3608d42..e2129cf4d34 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -343,31 +343,31 @@ jobs:
 
   build-wheels:
     name: Build wheels on ${{ matrix.os }} ${{ matrix.qemu }} ${{ matrix.musl }}
-    runs-on: ${{ matrix.os }}-latest
+    runs-on: ${{ matrix.os }}
     needs: pre-deploy
     strategy:
       matrix:
-        os: [ubuntu, windows, macos, "ubuntu-24.04-arm"]
+        os: ["ubuntu-latest", "windows-latest", "macos-latest", "ubuntu-24.04-arm"]
         qemu: ['']
         musl: [""]
         include:
           # Split ubuntu/musl jobs for the sake of speed-up
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: ppc64le
           musl: ""
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: s390x
           musl: ""
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: armv7l
           musl: musllinux
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: s390x
           musl: musllinux
-        - os: ubuntu
+        - os: ubuntu-latest
           qemu: s390x
           musl: musllinux
-        - os: ubuntu
+        - os: ubuntu-latest
           musl: musllinux
         - os: ubuntu-24.04-arm
           musl: musllinux

From 70da1d45342fe4372a795cacfd394ba367bcff3c Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 16:30:50 -0600
Subject: [PATCH 107/111] [PR #10413/f6dae31d backport][3.11] Fix missing
 ppc64le musllinux wheels (#10414)

**This is a backport of PR #10413 as merged into master
(f6dae31db7538882be97e6d56f79c527636f62f3).**

I had s390x twice instead of ppc64le. Seems like I could use a little
more sleep or coffee today

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index e2129cf4d34..3df6a02c1dd 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -355,17 +355,17 @@ jobs:
         - os: ubuntu-latest
           qemu: ppc64le
           musl: ""
+        - os: ubuntu-latest
+          qemu: ppc64le
+          musl: musllinux
         - os: ubuntu-latest
           qemu: s390x
           musl: ""
-        - os: ubuntu-latest
-          qemu: armv7l
-          musl: musllinux
         - os: ubuntu-latest
           qemu: s390x
           musl: musllinux
         - os: ubuntu-latest
-          qemu: s390x
+          qemu: armv7l
           musl: musllinux
         - os: ubuntu-latest
           musl: musllinux

From a1da985fdaa1738b40286e84955c8da3e862a9ba Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 16:31:01 -0600
Subject: [PATCH 108/111] [PR #10413/f6dae31d backport][3.12] Fix missing
 ppc64le musllinux wheels (#10415)

**This is a backport of PR #10413 as merged into master
(f6dae31db7538882be97e6d56f79c527636f62f3).**

I had s390x twice instead of ppc64le. Seems like I could use a little
more sleep or coffee today

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index e2129cf4d34..3df6a02c1dd 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -355,17 +355,17 @@ jobs:
         - os: ubuntu-latest
           qemu: ppc64le
           musl: ""
+        - os: ubuntu-latest
+          qemu: ppc64le
+          musl: musllinux
         - os: ubuntu-latest
           qemu: s390x
           musl: ""
-        - os: ubuntu-latest
-          qemu: armv7l
-          musl: musllinux
         - os: ubuntu-latest
           qemu: s390x
           musl: musllinux
         - os: ubuntu-latest
-          qemu: s390x
+          qemu: armv7l
           musl: musllinux
         - os: ubuntu-latest
           musl: musllinux

From e92f18746aead3ff6c5363cf4a3ad735e6b44e1e Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" 
Date: Wed, 5 Feb 2025 17:40:41 -0600
Subject: [PATCH 109/111] Fix wheel download-artifact by setting merge-multiple
 (#10416)

---
 .github/workflows/ci-cd.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 01b27abefc2..9d2b8b9f27f 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -477,6 +477,7 @@ jobs:
       with:
         path: dist
         pattern: dist-*
+        merge-multiple: true
     - name: Collected dists
       run: |
         tree dist

From 78ea7251bc952b53be1042c7e97f95e0426e6939 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 17:41:13 -0600
Subject: [PATCH 110/111] [PR #10416/e92f1874 backport][3.11] Fix wheel
 download-artifact by setting merge-multiple (#10417)

**This is a backport of PR #10416 as merged into master
(e92f18746aead3ff6c5363cf4a3ad735e6b44e1e).**

Should fix
https://github.com/aio-libs/aiohttp/actions/runs/13167811054/job/36753606142

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 3df6a02c1dd..a794dc65d77 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -455,6 +455,7 @@ jobs:
       with:
         path: dist
         pattern: dist-*
+        merge-multiple: true
     - name: Collected dists
       run: |
         tree dist

From 30bc60c583304024c3f53f16f208fcbaa6c9c761 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 17:41:31 -0600
Subject: [PATCH 111/111] [PR #10416/e92f1874 backport][3.12] Fix wheel
 download-artifact by setting merge-multiple (#10418)

**This is a backport of PR #10416 as merged into master
(e92f18746aead3ff6c5363cf4a3ad735e6b44e1e).**

Should fix
https://github.com/aio-libs/aiohttp/actions/runs/13167811054/job/36753606142

Co-authored-by: J. Nick Koston 
---
 .github/workflows/ci-cd.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 3df6a02c1dd..a794dc65d77 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -455,6 +455,7 @@ jobs:
       with:
         path: dist
         pattern: dist-*
+        merge-multiple: true
     - name: Collected dists
       run: |
         tree dist