From 9920bc248ed023fbfd485f1851b653f1e47f80dd Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Sun, 16 Mar 2025 17:07:45 -1000 Subject: [PATCH 01/36] Increment version to 3.11.15.dev0 (#10584) --- aiohttp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index 0628433d35b..4ff7bbbc759 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.11.14" +__version__ = "3.11.15.dev0" from typing import TYPE_CHECKING, Tuple From e5e280b44aba7029a40b887d225fc928098c70de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 11:51:28 +0000 Subject: [PATCH 02/36] Bump coverage from 7.6.12 to 7.7.0 (#10589) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.6.12 to 7.7.0.
Changelog

Sourced from coverage's changelog.

Version 7.7.0 — 2025-03-16

  • The Coverage object has a new method, :meth:.Coverage.branch_stats for getting simple branch information for a module. Closes issue 1888_.

  • The :class:Coverage constructor<.Coverage> now has a plugins parameter for passing in plugin objects directly, thanks to Alex Gaynor <pull 1919_>_.

  • Many constant tests in if statements are now recognized as being optimized away. For example, previously if 13: would have been considered a branch with one path not taken. Now it is understood as always true and no coverage is missing.

  • The experimental sys.monitoring support now works for branch coverage if you are using Python 3.14.0 alpha 6 or newer. This should reduce the overhead coverage.py imposes on your test suite. Set the environment variable COVERAGE_CORE=sysmon to try it out.

  • Confirmed support for PyPy 3.11. Thanks Michał Górny.

.. _issue 1888: nedbat/coveragepy#1888 .. _pull 1919: nedbat/coveragepy#1919

.. _changes_7-6-12:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.6.12&new-version=7.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 4f88e08420a..5dcd2e87602 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.6.12 +coverage==7.7.0 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 1a70923b154..fc0ffdab494 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.6.12 +coverage==7.7.0 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index fb20a21e251..6d053ed54cb 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.6.12 +coverage==7.7.0 # via # -r requirements/test.in # pytest-cov From 2dc0d9e225da3f2a7bbe7190b82c0b2d1477b1bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 09:54:22 -1000 Subject: [PATCH 03/36] Bump pypa/cibuildwheel from 2.23.0 to 2.23.1 (#10586) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 2.23.0 to 2.23.1.
Release notes

Sourced from pypa/cibuildwheel's releases.

v2.23.1

  • ⚠️ Added warnings when the shorthand values manylinux1, manylinux2010, manylinux_2_24, and musllinux_1_1 are used to specify the images in linux builds. The shorthand to these (unmaintainted) images will be removed in v3.0. If you want to keep using these images, explicitly opt-in using the full image URL, which can be found in this file. (#2312)
  • 🛠 Dependency updates, including a manylinux update which fixes an issue with rustup. (#2315)
Changelog

Sourced from pypa/cibuildwheel's changelog.

v2.23.1

15 March 2025

  • ⚠️ Added warnings when the shorthand values manylinux1, manylinux2010, manylinux_2_24, and musllinux_1_1 are used to specify the images in linux builds. The shorthand to these (unmaintainted) images will be removed in v3.0. If you want to keep using these images, explicitly opt-in using the full image URL, which can be found in this file. (#2312)
  • 🛠 Dependency updates, including a manylinux update which fixes an issue with rustup. (#2315)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=2.23.0&new-version=2.23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index cade6835b92..a61a67137c2 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -414,7 +414,7 @@ jobs: run: | make cythonize - name: Build wheels - uses: pypa/cibuildwheel@v2.23.0 + uses: pypa/cibuildwheel@v2.23.1 env: CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }} CIBW_ARCHS_MACOS: x86_64 arm64 universal2 From 87e9248f362176250bda3ebb1932cda712ccfa2c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 10:51:19 +0000 Subject: [PATCH 04/36] Bump setuptools from 76.0.0 to 76.1.0 (#10590) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 76.0.0 to 76.1.0.
Changelog

Sourced from setuptools's changelog.

v76.1.0

Features

  • In setuptools.msvc.EnvironmentInfo, now honor the correct paths when on an ARM host. (#4786)

Bugfixes

  • Restored implicit distutils.ccompiler import for g-ir-scanner. (#4871)
  • Restore distutils.ccompiler.compiler_class -- by :user:Avasam (#4876)

v75.3.2

  • Fixed version error in changelog.

v75.3.1

Bugfixes

  • Fix wheel file naming to follow binary distribution specification -- by :user:di (#4877)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=76.0.0&new-version=76.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5dcd2e87602..d4d993c66c3 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==76.0.0 +setuptools==76.1.0 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index fc0ffdab494..90f21ec5529 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==76.0.0 +setuptools==76.1.0 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index ff527ae486b..9d69778d2d0 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -76,5 +76,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==76.0.0 +setuptools==76.1.0 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index f00d523f092..ff57762abf7 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==76.0.0 +setuptools==76.1.0 # via incremental From 310a7dd7e9e1e68bcccfa764494d315bd24340d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 11:15:06 +0000 Subject: [PATCH 05/36] Bump multidict from 6.1.0 to 6.2.0 (#10593) Bumps [multidict](https://github.com/aio-libs/multidict) from 6.1.0 to 6.2.0.
Release notes

Sourced from multidict's releases.

6.2.0

Bug fixes

  • Fixed in checks throwing an exception instead of returning :data:False when testing non-strings.

    Related issues and pull requests on GitHub: #1045.

  • Fix a leak when the last accessed module in PyInit__multidict init is not released.

    Related issues and pull requests on GitHub: #1061.

Features

  • Implemented support for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

    Related issues and pull requests on GitHub: #1015.

Packaging updates and notes for downstreams

  • Started publishing wheels made for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

    Related issues and pull requests on GitHub: #1015.

Miscellaneous internal changes

  • Used stricter typing across the code base, resulting in improved typing accuracy across multidict classes. Funded by an NLnet grant.

    Related issues and pull requests on GitHub: #1046.

6.1.0 (2024-09-09)

Bug fixes

... (truncated)

Changelog

Sourced from multidict's changelog.

6.2.0

(2025-03-17)

Bug fixes

  • Fixed in checks throwing an exception instead of returning :data:False when testing non-strings.

    Related issues and pull requests on GitHub: :issue:1045.

  • Fix a leak when the last accessed module in PyInit__multidict init is not released.

    Related issues and pull requests on GitHub: :issue:1061.

Features

  • Implemented support for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

    Related issues and pull requests on GitHub: :issue:1015.

Packaging updates and notes for downstreams

  • Started publishing wheels made for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

    Related issues and pull requests on GitHub: :issue:1015.

Miscellaneous internal changes

  • Used stricter typing across the code base, resulting in improved typing accuracy across multidict classes. Funded by an NLnet grant.

    Related issues and pull requests on GitHub: :issue:1046.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=multidict&package-manager=pip&previous-version=6.1.0&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/cython.txt | 2 +- requirements/dev.txt | 2 +- requirements/multidict.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index db4712426a9..7b5bc1ea8bd 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -26,7 +26,7 @@ gunicorn==23.0.0 # via -r requirements/base.in idna==3.4 # via yarl -multidict==6.1.0 +multidict==6.2.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d4d993c66c3..5a836f3542d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -111,7 +111,7 @@ markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -multidict==6.1.0 +multidict==6.2.0 # via # -r requirements/multidict.in # -r requirements/runtime-deps.in diff --git a/requirements/cython.txt b/requirements/cython.txt index b34cde941f8..fc290ab6688 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -6,7 +6,7 @@ # cython==3.0.12 # via -r requirements/cython.in -multidict==6.1.0 +multidict==6.2.0 # via -r requirements/multidict.in typing-extensions==4.12.2 # via multidict diff --git a/requirements/dev.txt b/requirements/dev.txt index 90f21ec5529..caaae25cdbb 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -109,7 +109,7 @@ markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -multidict==6.1.0 +multidict==6.2.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/multidict.txt b/requirements/multidict.txt index e9f433aa07d..be4d86595fc 100644 --- a/requirements/multidict.txt +++ b/requirements/multidict.txt @@ -4,7 +4,7 @@ # # pip-compile --allow-unsafe --output-file=requirements/multidict.txt --resolver=backtracking --strip-extras requirements/multidict.in # -multidict==6.1.0 +multidict==6.2.0 # via -r requirements/multidict.in typing-extensions==4.12.2 # via multidict diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index c3863f8e5e3..1b515fc1178 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -24,7 +24,7 @@ frozenlist==1.5.0 # aiosignal idna==3.4 # via yarl -multidict==6.1.0 +multidict==6.2.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test.txt b/requirements/test.txt index 6d053ed54cb..e6f0277889e 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -57,7 +57,7 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -multidict==6.1.0 +multidict==6.2.0 # via # -r requirements/runtime-deps.in # yarl From 0c7a9c73f23bcbe09f709b0447254f5ca7a0631f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 11:22:54 +0000 Subject: [PATCH 06/36] Bump blockbuster from 1.5.23 to 1.5.24 (#10594) Bumps [blockbuster](https://github.com/cbornet/blockbuster) from 1.5.23 to 1.5.24.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=blockbuster&package-manager=pip&previous-version=1.5.23&new-version=1.5.24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5a836f3542d..68de2c8a86d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -26,7 +26,7 @@ attrs==25.3.0 # via -r requirements/runtime-deps.in babel==2.17.0 # via sphinx -blockbuster==1.5.23 +blockbuster==1.5.24 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index caaae25cdbb..15458d10b65 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -26,7 +26,7 @@ attrs==25.3.0 # via -r requirements/runtime-deps.in babel==2.17.0 # via sphinx -blockbuster==1.5.23 +blockbuster==1.5.24 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 964750637c3..e1562ae4221 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -10,7 +10,7 @@ annotated-types==0.7.0 # via pydantic async-timeout==5.0.1 # via valkey -blockbuster==1.5.23 +blockbuster==1.5.24 # via -r requirements/lint.in cffi==1.17.1 # via diff --git a/requirements/test.txt b/requirements/test.txt index e6f0277889e..8962714e994 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -16,7 +16,7 @@ async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in attrs==25.3.0 # via -r requirements/runtime-deps.in -blockbuster==1.5.23 +blockbuster==1.5.24 # via -r requirements/test.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in From 84bb351974f1ba8e35b4c430b418f9d4e4c1d2e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Mar 2025 11:12:13 +0000 Subject: [PATCH 07/36] Bump pre-commit from 4.1.0 to 4.2.0 (#10598) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.1.0 to 4.2.0.
Release notes

Sourced from pre-commit's releases.

pre-commit v4.2.0

Features

  • For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.2.0 - 2025-03-18

Features

  • For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.

Fixes

Commits
  • aa48766 v4.2.0
  • bf6f11d Merge pull request #3430 from pre-commit/preferential-sys-impl
  • 3e8d0f5 adjust python default_language_version to prefer versioned exe
  • ff7256c Merge pull request #3425 from tusharsadhwani/ambiguous-ref
  • b7eb412 fix: crash on ambiguous ref 'HEAD'
  • 7b88c63 Merge pull request #3404 from pre-commit/pre-commit-ci-update-config
  • 94b97e2 [pre-commit.ci] pre-commit autoupdate
  • 2f93b80 Merge pull request #3401 from pre-commit/pre-commit-ci-update-config
  • 4f90a1e [pre-commit.ci] pre-commit autoupdate
  • aba1ce0 Merge pull request #3396 from pre-commit/all-repos_autofix_all-repos-sed
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pre-commit&package-manager=pip&previous-version=4.1.0&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 68de2c8a86d..7e746233c35 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -136,7 +136,7 @@ platformdirs==4.3.6 # via virtualenv pluggy==1.5.0 # via pytest -pre-commit==4.1.0 +pre-commit==4.2.0 # via -r requirements/lint.in propcache==0.3.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 15458d10b65..dbc2cfce58e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -133,7 +133,7 @@ platformdirs==4.3.6 # via virtualenv pluggy==1.5.0 # via pytest -pre-commit==4.1.0 +pre-commit==4.2.0 # via -r requirements/lint.in propcache==0.3.0 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index e1562ae4221..40f1aa23193 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -55,7 +55,7 @@ platformdirs==4.3.6 # via virtualenv pluggy==1.5.0 # via pytest -pre-commit==4.1.0 +pre-commit==4.2.0 # via -r requirements/lint.in pycares==4.5.0 # via aiodns From 71d903d5934378c001b9b3cdf3484b93785556ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 10:34:32 +0000 Subject: [PATCH 08/36] Bump actions/cache from 4.2.2 to 4.2.3 (#10604) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to 4.2.3.
Release notes

Sourced from actions/cache's releases.

v4.2.3

What's Changed

  • Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v4.2.2...v4.2.3

Changelog

Sourced from actions/cache's changelog.

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.2&new-version=4.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index a61a67137c2..67c98e21878 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -47,7 +47,7 @@ jobs: with: python-version: 3.11 - name: Cache PyPI - uses: actions/cache@v4.2.2 + uses: actions/cache@v4.2.3 with: key: pip-lint-${{ hashFiles('requirements/*.txt') }} path: ~/.cache/pip @@ -99,7 +99,7 @@ jobs: with: submodules: true - name: Cache llhttp generated files - uses: actions/cache@v4.2.2 + uses: actions/cache@v4.2.3 id: cache with: key: llhttp-${{ hashFiles('vendor/llhttp/package*.json', 'vendor/llhttp/src/**/*') }} @@ -163,7 +163,7 @@ jobs: echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}" shell: bash - name: Cache PyPI - uses: actions/cache@v4.2.2 + uses: actions/cache@v4.2.3 with: key: pip-ci-${{ runner.os }}-${{ matrix.pyver }}-${{ matrix.no-extensions }}-${{ hashFiles('requirements/*.txt') }} path: ${{ steps.pip-cache.outputs.dir }} From e7a7188b21665d70975188c93510856fe1cfa466 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 11:25:11 +0000 Subject: [PATCH 09/36] Bump setuptools from 76.1.0 to 77.0.1 (#10607) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 76.1.0 to 77.0.1.
Changelog

Sourced from setuptools's changelog.

v77.0.1

Bugfixes

  • Manually fix news fragment entries causing CI to crash when building docs. (#4891)

v77.0.0

Features

  • Added initial support for license expression (PEP :pep:639 <639#add-license-expression-field>). -- by :user:cdce8p (#4706)
  • Store License-File\s in .dist-info/licenses subfolder and added support for recursive globs for license_files (PEP :pep:639 <639#add-license-expression-field>). -- by :user:cdce8p (#4728)
  • Bump core metadata version to 2.4. -- by :user:cdce8p (#4830)
  • Updated vendored copy of wheel to v0.45.1. (#4869)

Deprecations and Removals

  • Added initial implementation of :pep:639. Users relying on pre- :pep:639 implementation details (like precise license file paths inside dist-info directory) may need to adjust their code base to avoid problems. Deprecations and stronger validation were also introduced (#4829).
  • Added exception (or warning) when deprecated license classifiers are used, according to PEP :pep:639 <639#deprecate-license-classifiers>. (#4833)
  • Deprecated tools.setuptools.license-files in favor of project.license-files and added exception if project.license-files and tools.setuptools.license-files are used together. -- by :user:cdce8p (#4837)
  • Deprecated project.license as a TOML table in pyproject.toml. Users are expected to move towards using project.license-files and/or SPDX expressions (as strings) in pyproject.license. See PEP :pep:639 <639#deprecate-license-key-table-subkeys>. (#4840)
  • Added simple validation for given glob patterns in license-files: a warning will be generated if no file is matched. Invalid glob patterns can raise an exception. -- thanks :user:cdce8p for contributions. (#4838)

Misc

Commits
  • f577461 Bump version: 77.0.0 → 77.0.1
  • 85677af Manually fix news fragment entries (#4891)
  • ce2e283 Change news fragment name to imply patch version bump
  • 7653149 Add news fragments
  • 7db26a1 Manually fix news fragment entries
  • 5d58b45 Bump version: 76.1.0 → 77.0.0
  • f49d589 Update URL in warning
  • dee0a5e Add news fragment for PEP 639 marking as 'breaking'
  • 74725de Update vendored copy of wheel (#4869)
  • 5585c1c Add news fragment
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=76.1.0&new-version=77.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 7e746233c35..1499be4d611 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==76.1.0 +setuptools==77.0.1 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index dbc2cfce58e..cdf10d2f365 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==76.1.0 +setuptools==77.0.1 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 9d69778d2d0..9f4b1f71c47 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -76,5 +76,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==76.1.0 +setuptools==77.0.1 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index ff57762abf7..22882176b08 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==76.1.0 +setuptools==77.0.1 # via incremental From 4c5a82ca97b12fe962a836d77f2f248722663de8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 11:39:49 +0000 Subject: [PATCH 10/36] Bump iniconfig from 2.0.0 to 2.1.0 (#10609) Bumps [iniconfig](https://github.com/pytest-dev/iniconfig) from 2.0.0 to 2.1.0.
Changelog

Sourced from iniconfig's changelog.

2.1.0

  • fix artifact building - pin minimal version of hatch
  • drop eol python 3.8
  • add python 3.12 and 3.13
Commits
  • 34793a6 pre-commit
  • 136435d update changelog
  • 0bb99ad fix #62: require a minimal hatch version with correct metadata
  • 16793ea Merge pull request #56 from hugovk/add-3.12
  • 3dc2b2d Add support for Python 3.13
  • 2eb8abf Bump GitHub Actions
  • 8c4bb5b Set python-version for pre-commit to remove CI warning
  • 58b22b2 Drop support for EOL Python 3.7
  • 4a53042 Add support for Python 3.12
  • 9cae431 Merge pull request #54 from webknjaz/patch-1
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=iniconfig&package-manager=pip&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 1499be4d611..b0832a39ff4 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -99,7 +99,7 @@ imagesize==1.4.1 # via sphinx incremental==24.7.2 # via towncrier -iniconfig==2.0.0 +iniconfig==2.1.0 # via pytest jinja2==3.1.6 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index cdf10d2f365..ebb0dbbca54 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -97,7 +97,7 @@ imagesize==1.4.1 # via sphinx incremental==24.7.2 # via towncrier -iniconfig==2.0.0 +iniconfig==2.1.0 # via pytest jinja2==3.1.6 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 40f1aa23193..c1bbc71c01f 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -37,7 +37,7 @@ identify==2.6.9 # via pre-commit idna==3.7 # via trustme -iniconfig==2.0.0 +iniconfig==2.1.0 # via pytest markdown-it-py==3.0.0 # via rich diff --git a/requirements/test.txt b/requirements/test.txt index 8962714e994..6b3a91d4e72 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -51,7 +51,7 @@ idna==3.4 # via # trustme # yarl -iniconfig==2.0.0 +iniconfig==2.1.0 # via pytest markdown-it-py==3.0.0 # via rich From 57250118ddf8fe402c0f5279597ad516bf6fb3f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 11:45:08 +0000 Subject: [PATCH 11/36] Bump platformdirs from 4.3.6 to 4.3.7 (#10610) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [platformdirs](https://github.com/tox-dev/platformdirs) from 4.3.6 to 4.3.7.
Release notes

Sourced from platformdirs's releases.

4.3.7

What's Changed

Full Changelog: https://github.com/tox-dev/platformdirs/compare/4.3.6...4.3.7

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=platformdirs&package-manager=pip&previous-version=4.3.6&new-version=4.3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b0832a39ff4..66ed58c695b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -132,7 +132,7 @@ packaging==24.2 # sphinx pip-tools==7.4.1 # via -r requirements/dev.in -platformdirs==4.3.6 +platformdirs==4.3.7 # via virtualenv pluggy==1.5.0 # via pytest diff --git a/requirements/dev.txt b/requirements/dev.txt index ebb0dbbca54..10332f99ed7 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -129,7 +129,7 @@ packaging==24.2 # sphinx pip-tools==7.4.1 # via -r requirements/dev.in -platformdirs==4.3.6 +platformdirs==4.3.7 # via virtualenv pluggy==1.5.0 # via pytest diff --git a/requirements/lint.txt b/requirements/lint.txt index c1bbc71c01f..c568abeb027 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -51,7 +51,7 @@ nodeenv==1.9.1 # via pre-commit packaging==24.2 # via pytest -platformdirs==4.3.6 +platformdirs==4.3.7 # via virtualenv pluggy==1.5.0 # via pytest From 7ae00b080644c4a6363994ee8e2dd37c064dfd63 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 14:00:37 +0000 Subject: [PATCH 12/36] [PR #10602/b6f34d4b backport][3.12] Replace "requests" to "aiohttp" in docs (#10613) **This is a backport of PR #10602 as merged into master (b6f34d4b27ffc45c138bdba428f6e1a5cf9367e4).** Co-authored-by: Hypercube --- docs/client_quickstart.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/client_quickstart.rst b/docs/client_quickstart.rst index f99339cf4a6..0e03f104e90 100644 --- a/docs/client_quickstart.rst +++ b/docs/client_quickstart.rst @@ -93,7 +93,7 @@ Passing Parameters In URLs You often want to send some sort of data in the URL's query string. If you were constructing the URL by hand, this data would be given as key/value pairs in the URL after a question mark, e.g. ``httpbin.org/get?key=val``. -Requests allows you to provide these arguments as a :class:`dict`, using the +aiohttp allows you to provide these arguments as a :class:`dict`, using the ``params`` keyword argument. As an example, if you wanted to pass ``key1=value1`` and ``key2=value2`` to ``httpbin.org/get``, you would use the following code:: From 7b79f0c02e91fd172aa0d75a3d8315f0717b5c2d Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 14:00:51 +0000 Subject: [PATCH 13/36] [PR #10602/b6f34d4b backport][3.11] Replace "requests" to "aiohttp" in docs (#10612) **This is a backport of PR #10602 as merged into master (b6f34d4b27ffc45c138bdba428f6e1a5cf9367e4).** Co-authored-by: Hypercube --- docs/client_quickstart.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/client_quickstart.rst b/docs/client_quickstart.rst index f99339cf4a6..0e03f104e90 100644 --- a/docs/client_quickstart.rst +++ b/docs/client_quickstart.rst @@ -93,7 +93,7 @@ Passing Parameters In URLs You often want to send some sort of data in the URL's query string. If you were constructing the URL by hand, this data would be given as key/value pairs in the URL after a question mark, e.g. ``httpbin.org/get?key=val``. -Requests allows you to provide these arguments as a :class:`dict`, using the +aiohttp allows you to provide these arguments as a :class:`dict`, using the ``params`` keyword argument. As an example, if you wanted to pass ``key1=value1`` and ``key2=value2`` to ``httpbin.org/get``, you would use the following code:: From 5e20fe12c8d9990c253fa43231b2e70481c1ecc2 Mon Sep 17 00:00:00 2001 From: Dmitry Marakasov <474217+AMDmi3@users.noreply.github.com> Date: Fri, 21 Mar 2025 00:34:16 +0300 Subject: [PATCH 14/36] [PR #10597/01b2a86a backport][3.12] Skip test_autobahn if python_on_whales is missing (#10614) (cherry picked from commit 01b2a86a6f9e768b24ca3c6f880defe8b895af65) --- tests/autobahn/test_autobahn.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/autobahn/test_autobahn.py b/tests/autobahn/test_autobahn.py index 651183d5f92..0b70aacd471 100644 --- a/tests/autobahn/test_autobahn.py +++ b/tests/autobahn/test_autobahn.py @@ -2,12 +2,16 @@ import subprocess import sys from pathlib import Path -from typing import Any, Dict, Generator, List +from typing import TYPE_CHECKING, Any, Dict, Generator, List import pytest -import python_on_whales from pytest import TempPathFactory +if TYPE_CHECKING: + import python_on_whales +else: + python_on_whales = pytest.importorskip("python_on_whales") + @pytest.fixture(scope="session") def report_dir(tmp_path_factory: TempPathFactory) -> Path: From 8a5efd4cd873172ba375d5a25523983b310cf487 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 10:50:51 +0000 Subject: [PATCH 15/36] Bump setuptools from 77.0.1 to 77.0.3 (#10615) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 77.0.1 to 77.0.3.
Changelog

Sourced from setuptools's changelog.

v77.0.3

Bugfixes

  • Temporarily convert error for license glob patterns containing ../ into a deprecation warning to allow an accomodation period. (#4896)
  • Better error messages for packaging.licenses import errors in environments with packaging<24.2. The import statement was also deferred to spare users that are not using license expressions. (#4898)
  • Avoided eagerly raising an exception when license-files is defined simultaneously inside and outside of pyproject.toml. Instead we rely on the existing deprecation error. (#4899)

v77.0.2

Bugfixes

  • Restore distutils.ccompiler._default_compilers -- by :user:ManiacDC (#4876)
  • Fixed copy pasta in msvc.shared_lib_format. (#4885)
Commits
  • 7c859e0 Bump version: 77.0.2 → 77.0.3
  • f9b0e50 Convert error for ../ in license paths into deprecation warning (#4896)
  • 5fe9c32 Defer import error for packaging.licenses in environments with packaging<24.2...
  • 44303b6 Avoid raising exception when license-files is defined outside of `pyproject.t...
  • 676362d Refactor fallback for packaging.licenses
  • 53fc322 Silence typechecking in complicated statement
  • 64612bf Remove duplicated dependency
  • 627a869 Attempt to avoid typing error
  • 4622b5a Add news fragment
  • f123312 Defer import error for packaging.licenses in environments with packagin<24.2
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=77.0.1&new-version=77.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 66ed58c695b..4fb176ea480 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==77.0.1 +setuptools==77.0.3 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index 10332f99ed7..3fcf744cb32 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==77.0.1 +setuptools==77.0.3 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 9f4b1f71c47..30494820213 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -76,5 +76,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==77.0.1 +setuptools==77.0.3 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index 22882176b08..8caaa0eac3f 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==77.0.1 +setuptools==77.0.3 # via incremental From 28429bda7b3d3e478aa0441e63801aea28311947 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:26:26 +0000 Subject: [PATCH 16/36] Bump coverage from 7.7.0 to 7.7.1 (#10618) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.7.0 to 7.7.1.
Changelog

Sourced from coverage's changelog.

Version 7.7.1 — 2025-03-21

  • A few small tweaks to the sys.monitoring support for Python 3.14. Please test!

.. _changes_7-7-0:

Commits
  • 5e0fd51 docs: sample HTML for 7.7.1
  • 9b82965 docs: prep for 7.7.1
  • 1be53a8 docs: add clarification about missing line numbers in the text report
  • 87bc26b refactor: use f-strings more
  • 7ea1535 refactor: remove some needless checks
  • f503dc5 perf: collect more stats in sysmon
  • 97e68a0 build: bump version to 7.7.1
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.7.0&new-version=7.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 4fb176ea480..3b3392e7fbe 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.7.0 +coverage==7.7.1 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 3fcf744cb32..7e49b8cff57 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.7.0 +coverage==7.7.1 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 6b3a91d4e72..f08b2a1568a 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.7.0 +coverage==7.7.1 # via # -r requirements/test.in # pytest-cov From 67a265bc5dcd2e4c2b8b125bf10a1f13ee7a3580 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 11:07:21 +0000 Subject: [PATCH 17/36] Bump pypa/cibuildwheel from 2.23.1 to 2.23.2 (#10622) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 2.23.1 to 2.23.2.
Release notes

Sourced from pypa/cibuildwheel's releases.

v2.23.2

  • 🐛 Workaround an issue with pyodide builds when running cibuildwheel with a Python that was installed via UV (#2328 via #2331)
  • 🛠 Dependency updates, including a manylinux update that fixes an 'undefined symbol' error in gcc-toolset (#2334)
Changelog

Sourced from pypa/cibuildwheel's changelog.

v2.23.2

24 March 2025

  • 🐛 Workaround an issue with pyodide builds when running cibuildwheel with a Python that was installed via UV (#2328 via #2331)
  • 🛠 Dependency updates, including a manylinux update that fixes an 'undefined symbol' error in gcc-toolset (#2334)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=2.23.1&new-version=2.23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 67c98e21878..b00051b8668 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -414,7 +414,7 @@ jobs: run: | make cythonize - name: Build wheels - uses: pypa/cibuildwheel@v2.23.1 + uses: pypa/cibuildwheel@v2.23.2 env: CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }} CIBW_ARCHS_MACOS: x86_64 arm64 universal2 From 9ad688ebfe547ed4549a5bfa9fe03d8f99718b6e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 11:27:04 +0000 Subject: [PATCH 18/36] Bump setuptools from 77.0.3 to 78.0.2 (#10623) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 77.0.3 to 78.0.2.
Changelog

Sourced from setuptools's changelog.

v78.0.2

Bugfixes

  • Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

v78.0.0

Bugfixes

  • Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

  • Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg. Please ensure to write the options in setup.cfg using the :wiki:lower_snake_case <Snake_case> convention (e.g. Name => name, install-requires => install_requires). This is a follow-up on deprecations introduced in v54.1.0 <https://setuptools.pypa.io/en/latest/history.html#v54-1-0>_ (see #1608) and v54.1.1 <https://setuptools.pypa.io/en/latest/history.html#v54-1-1>_ (see #2592).

    .. note:: This change does not affect configurations in pyproject.toml (which uses the :wiki:lower-kebab-case <Letter_case#Kebab_case> convention following the precedent set in :pep:517/:pep:518). (#4870)

Misc

Commits
  • 3c88de1 Bump version: 78.0.1 → 78.0.2
  • a219451 Revert removals introduced in v78.0.0 (#4911)
  • d4326dd Allow PyPy to fail on CI.
  • 92e22dd Manually remove file to try to stop flaky tests on PyPy
  • caa48ab Add news fragment
  • 4e9b8ca Revert removals introduced in v78.0.0
  • 5450f57 Bump version: 78.0.0 → 78.0.1
  • f3d0b10 Temporarily remove requests from integration tests (#4909)
  • 54b4c79 Add news fragment
  • e771c64 Temporarily remove 'requests' from integration tests
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=77.0.3&new-version=78.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 3b3392e7fbe..72c0cf6b280 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==77.0.3 +setuptools==78.0.2 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index 7e49b8cff57..d11e8ac175f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==77.0.3 +setuptools==78.0.2 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 30494820213..448e36e6fb9 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -76,5 +76,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==77.0.3 +setuptools==78.0.2 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index 8caaa0eac3f..4554d2a1b68 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==77.0.3 +setuptools==78.0.2 # via incremental From b672096f2812821d50ae1fb6db457b3e6363c4ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Mar 2025 10:46:40 +0000 Subject: [PATCH 19/36] Bump propcache from 0.3.0 to 0.3.1 (#10627) Bumps [propcache](https://github.com/aio-libs/propcache) from 0.3.0 to 0.3.1.
Release notes

Sourced from propcache's releases.

0.3.1

Bug fixes

  • Improved typing annotations, fixing some type errors under correct usage and improving typing robustness generally -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: #103.

Changelog

Sourced from propcache's changelog.

0.3.1

(2025-03-25)

Bug fixes

  • Improved typing annotations, fixing some type errors under correct usage and improving typing robustness generally -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:103.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=propcache&package-manager=pip&previous-version=0.3.0&new-version=0.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 7b5bc1ea8bd..6c8b21f5aa8 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -32,7 +32,7 @@ multidict==6.2.0 # yarl packaging==24.2 # via gunicorn -propcache==0.3.0 +propcache==0.3.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 72c0cf6b280..70903ae315c 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -138,7 +138,7 @@ pluggy==1.5.0 # via pytest pre-commit==4.2.0 # via -r requirements/lint.in -propcache==0.3.0 +propcache==0.3.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/dev.txt b/requirements/dev.txt index d11e8ac175f..d38446b4604 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -135,7 +135,7 @@ pluggy==1.5.0 # via pytest pre-commit==4.2.0 # via -r requirements/lint.in -propcache==0.3.0 +propcache==0.3.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 1b515fc1178..0575278acab 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -28,7 +28,7 @@ multidict==6.2.0 # via # -r requirements/runtime-deps.in # yarl -propcache==0.3.0 +propcache==0.3.1 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test.txt b/requirements/test.txt index f08b2a1568a..0eafec9cdad 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -71,7 +71,7 @@ packaging==24.2 # pytest pluggy==1.5.0 # via pytest -propcache==0.3.0 +propcache==0.3.1 # via # -r requirements/runtime-deps.in # yarl From 3dba55ea21c527204d25bd8ec4f69523b4c09bde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Mar 2025 10:56:57 +0000 Subject: [PATCH 20/36] Bump setuptools from 78.0.2 to 78.1.0 (#10628) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [setuptools](https://github.com/pypa/setuptools) from 78.0.2 to 78.1.0.
Changelog

Sourced from setuptools's changelog.

v78.1.0

Features

  • Restore access to _get_vc_env with a warning. (#4874)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=78.0.2&new-version=78.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 70903ae315c..4c18d0e8071 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==78.0.2 +setuptools==78.1.0 # via # incremental # pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index d38446b4604..66a2b01a266 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ yarl==1.18.3 # The following packages are considered to be unsafe in a requirements file: pip==25.0.1 # via pip-tools -setuptools==78.0.2 +setuptools==78.1.0 # via # incremental # pip-tools diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 448e36e6fb9..dfd7f09765d 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -76,5 +76,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==78.0.2 +setuptools==78.1.0 # via incremental diff --git a/requirements/doc.txt b/requirements/doc.txt index 4554d2a1b68..15356c89a9e 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -69,5 +69,5 @@ urllib3==2.3.0 # via requests # The following packages are considered to be unsafe in a requirements file: -setuptools==78.0.2 +setuptools==78.1.0 # via incremental From b2965de1ad18fc114591d30c482f1d59891b1f64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 11:10:39 +0000 Subject: [PATCH 21/36] Bump python-on-whales from 0.75.1 to 0.76.1 (#10632) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [python-on-whales](https://github.com/gabrieldemarmiesse/python-on-whales) from 0.75.1 to 0.76.1.
Release notes

Sourced from python-on-whales's releases.

v0.76.1

What's Changed

Breaking changes:

Some breaking changes were introduced in this version. Those are rarely used features but it might impact you.

python_on_whales.Builder:

  • my_builder.status -> my_builder.nodes[0].status
  • my_builder.platforms -> my_builder.nodes[0].platforms

python_on_whales.Secret:

  • my_secret.spec["name"] -> my_secret.spec.name
  • my_secret.spec["labels"] -> my_secret.spec.labels

Full Changelog: https://github.com/gabrieldemarmiesse/python-on-whales/compare/v0.75.1...v0.76.1

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-on-whales&package-manager=pip&previous-version=0.75.1&new-version=0.76.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 4c18d0e8071..33d561d5063 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -188,7 +188,7 @@ pytest-xdist==3.6.1 # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.75.1 +python-on-whales==0.76.1 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 66a2b01a266..87ed47811ed 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -183,7 +183,7 @@ pytest-xdist==3.6.1 # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.75.1 +python-on-whales==0.76.1 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index c568abeb027..40fde1ab340 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -78,7 +78,7 @@ pytest-mock==3.14.0 # via -r requirements/lint.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.75.1 +python-on-whales==0.76.1 # via -r requirements/lint.in pyyaml==6.0.2 # via pre-commit diff --git a/requirements/test.txt b/requirements/test.txt index 0eafec9cdad..cef97799aee 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -104,7 +104,7 @@ pytest-xdist==3.6.1 # via -r requirements/test.in python-dateutil==2.9.0.post0 # via freezegun -python-on-whales==0.75.1 +python-on-whales==0.76.1 # via -r requirements/test.in re-assert==1.1.0 # via -r requirements/test.in From fca089740872c3ac6894491553dfdc0b60c7b533 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 21:39:53 +0000 Subject: [PATCH 22/36] [PR #10625/4599b87f backport][3.11] Improve performance of serializing headers (#10635) **This is a backport of PR #10625 as merged into master (4599b87f44569079942542c99c46779ca6e8bef7).** Improve performance of serializing headers by moving the check for `\r` and `\n` into the write loop instead of making a separate call to check each disallowed character in the Python string. Co-authored-by: J. Nick Koston --- CHANGES/10625.misc.rst | 1 + aiohttp/_http_writer.pyx | 38 ++++++++++++++++++-------------------- tests/test_http_writer.py | 29 ++++++++++++++++++++++++++++- 3 files changed, 47 insertions(+), 21 deletions(-) create mode 100644 CHANGES/10625.misc.rst diff --git a/CHANGES/10625.misc.rst b/CHANGES/10625.misc.rst new file mode 100644 index 00000000000..30cd7f0f3a6 --- /dev/null +++ b/CHANGES/10625.misc.rst @@ -0,0 +1 @@ +Improved performance of serializing headers -- by :user:`bdraco`. diff --git a/aiohttp/_http_writer.pyx b/aiohttp/_http_writer.pyx index 287371334f8..4a3ae1f9e68 100644 --- a/aiohttp/_http_writer.pyx +++ b/aiohttp/_http_writer.pyx @@ -97,27 +97,34 @@ cdef inline int _write_str(Writer* writer, str s): return -1 -# --------------- _serialize_headers ---------------------- - -cdef str to_str(object s): +cdef inline int _write_str_raise_on_nlcr(Writer* writer, object s): + cdef Py_UCS4 ch + cdef str out_str if type(s) is str: - return s + out_str = s elif type(s) is _istr: - return PyObject_Str(s) + out_str = PyObject_Str(s) elif not isinstance(s, str): raise TypeError("Cannot serialize non-str key {!r}".format(s)) else: - return str(s) + out_str = str(s) + + for ch in out_str: + if ch == 0x0D or ch == 0x0A: + raise ValueError( + "Newline or carriage return detected in headers. " + "Potential header injection attack." + ) + if _write_utf8(writer, ch) < 0: + return -1 +# --------------- _serialize_headers ---------------------- def _serialize_headers(str status_line, headers): cdef Writer writer cdef object key cdef object val - cdef bytes ret - cdef str key_str - cdef str val_str _init_writer(&writer) @@ -130,22 +137,13 @@ def _serialize_headers(str status_line, headers): raise for key, val in headers.items(): - key_str = to_str(key) - val_str = to_str(val) - - if "\r" in key_str or "\n" in key_str or "\r" in val_str or "\n" in val_str: - raise ValueError( - "Newline or carriage return character detected in HTTP status message or " - "header. This is a potential security issue." - ) - - if _write_str(&writer, key_str) < 0: + if _write_str_raise_on_nlcr(&writer, key) < 0: raise if _write_byte(&writer, b':') < 0: raise if _write_byte(&writer, b' ') < 0: raise - if _write_str(&writer, val_str) < 0: + if _write_str_raise_on_nlcr(&writer, val) < 0: raise if _write_byte(&writer, b'\r') < 0: raise diff --git a/tests/test_http_writer.py b/tests/test_http_writer.py index c39fe3c7251..420816b3137 100644 --- a/tests/test_http_writer.py +++ b/tests/test_http_writer.py @@ -8,8 +8,9 @@ import pytest from multidict import CIMultiDict -from aiohttp import ClientConnectionResetError, http +from aiohttp import ClientConnectionResetError, hdrs, http from aiohttp.base_protocol import BaseProtocol +from aiohttp.http_writer import _serialize_headers from aiohttp.test_utils import make_mocked_coro @@ -534,3 +535,29 @@ async def test_set_eof_after_write_headers( msg.set_eof() await msg.write_eof() assert not transport.write.called + + +@pytest.mark.parametrize( + "char", + [ + "\n", + "\r", + ], +) +def test_serialize_headers_raises_on_new_line_or_carriage_return(char: str) -> None: + """Verify serialize_headers raises on cr or nl in the headers.""" + status_line = "HTTP/1.1 200 OK" + headers = CIMultiDict( + { + hdrs.CONTENT_TYPE: f"text/plain{char}", + } + ) + + with pytest.raises( + ValueError, + match=( + "Newline or carriage return detected in headers. " + "Potential header injection attack." + ), + ): + _serialize_headers(status_line, headers) From 64efce269d6c7b04d9a23a4ed775cb168f56f8e5 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 21:58:18 +0000 Subject: [PATCH 23/36] [PR #10568/8ac48306 backport][3.12] Docs fixups following implement socket factory (#10534) (#10637) **This is a backport of PR #10568 as merged into master (8ac483068ea24f6a709b3ead51ec87e3660a3b24).** Co-authored-by: Tim Menninger --- CHANGES/10474.feature.rst | 1 + docs/client_advanced.rst | 4 ++-- docs/client_reference.rst | 18 +++++++----------- docs/conf.py | 3 ++- 4 files changed, 12 insertions(+), 14 deletions(-) create mode 120000 CHANGES/10474.feature.rst diff --git a/CHANGES/10474.feature.rst b/CHANGES/10474.feature.rst new file mode 120000 index 00000000000..7c4f9a7b83b --- /dev/null +++ b/CHANGES/10474.feature.rst @@ -0,0 +1 @@ +10520.feature.rst \ No newline at end of file diff --git a/docs/client_advanced.rst b/docs/client_advanced.rst index 1116e0bdc45..39cd259dc9e 100644 --- a/docs/client_advanced.rst +++ b/docs/client_advanced.rst @@ -465,8 +465,8 @@ Custom socket creation ^^^^^^^^^^^^^^^^^^^^^^ If the default socket is insufficient for your use case, pass an optional -`socket_factory` to the :class:`~aiohttp.TCPConnector`, which implements -`SocketFactoryType`. This will be used to create all sockets for the +``socket_factory`` to the :class:`~aiohttp.TCPConnector`, which implements +:class:`SocketFactoryType`. This will be used to create all sockets for the lifetime of the class object. For example, we may want to change the conditions under which we consider a connection dead. The following would make all sockets respect 9*7200 = 18 hours:: diff --git a/docs/client_reference.rst b/docs/client_reference.rst index 42b45e589ff..a99db06764b 100644 --- a/docs/client_reference.rst +++ b/docs/client_reference.rst @@ -1138,9 +1138,7 @@ is controlled by *force_close* constructor's parameter). overridden in subclasses. -.. autodata:: AddrInfoType - -.. note:: +.. py:class:: AddrInfoType Refer to :py:data:`aiohappyeyeballs.AddrInfoType` for more info. @@ -1148,13 +1146,11 @@ is controlled by *force_close* constructor's parameter). Be sure to use ``aiohttp.AddrInfoType`` rather than ``aiohappyeyeballs.AddrInfoType`` to avoid import breakage, as - it is likely to be removed from ``aiohappyeyeballs`` in the + it is likely to be removed from :mod:`aiohappyeyeballs` in the future. -.. autodata:: SocketFactoryType - -.. note:: +.. py:class:: SocketFactoryType Refer to :py:data:`aiohappyeyeballs.SocketFactoryType` for more info. @@ -1162,7 +1158,7 @@ is controlled by *force_close* constructor's parameter). Be sure to use ``aiohttp.SocketFactoryType`` rather than ``aiohappyeyeballs.SocketFactoryType`` to avoid import breakage, - as it is likely to be removed from ``aiohappyeyeballs`` in the + as it is likely to be removed from :mod:`aiohappyeyeballs` in the future. @@ -1294,9 +1290,9 @@ is controlled by *force_close* constructor's parameter). .. versionadded:: 3.10 - :param :py:data:``SocketFactoryType`` socket_factory: This function takes an - :py:data:``AddrInfoType`` and is used in lieu of ``socket.socket()`` when - creating TCP connections. + :param SocketFactoryType socket_factory: This function takes an + :py:data:`AddrInfoType` and is used in lieu of + :py:func:`socket.socket` when creating TCP connections. .. versionadded:: 3.12 diff --git a/docs/conf.py b/docs/conf.py index dcab6acf247..595f02efb89 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -84,7 +84,7 @@ "aiohttpsession": ("https://aiohttp-session.readthedocs.io/en/stable/", None), "aiohttpdemos": ("https://aiohttp-demos.readthedocs.io/en/latest/", None), "aiojobs": ("https://aiojobs.readthedocs.io/en/stable/", None), - "aiohappyeyeballs": ("https://aiohappyeyeballs.readthedocs.io/en/stable/", None), + "aiohappyeyeballs": ("https://aiohappyeyeballs.readthedocs.io/en/latest/", None), } # Add any paths that contain templates here, relative to this directory. @@ -420,6 +420,7 @@ ("py:class", "aiohttp.web.MatchedSubAppResource"), # undocumented ("py:attr", "body"), # undocumented ("py:class", "socket.socket"), # undocumented + ("py:func", "socket.socket"), # undocumented ("py:class", "socket.AddressFamily"), # undocumented ("py:obj", "logging.DEBUG"), # undocumented ("py:class", "aiohttp.abc.AbstractAsyncAccessLogger"), # undocumented From 8d54f1f1fe513a72a6c11300416ee4f14ddd0b22 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 22:11:33 +0000 Subject: [PATCH 24/36] [PR #10625/4599b87f backport][3.12] Improve performance of serializing headers (#10636) **This is a backport of PR #10625 as merged into master (4599b87f44569079942542c99c46779ca6e8bef7).** Improve performance of serializing headers by moving the check for `\r` and `\n` into the write loop instead of making a separate call to check each disallowed character in the Python string. Co-authored-by: J. Nick Koston --- CHANGES/10625.misc.rst | 1 + aiohttp/_http_writer.pyx | 38 ++++++++++++++++++-------------------- tests/test_http_writer.py | 29 ++++++++++++++++++++++++++++- 3 files changed, 47 insertions(+), 21 deletions(-) create mode 100644 CHANGES/10625.misc.rst diff --git a/CHANGES/10625.misc.rst b/CHANGES/10625.misc.rst new file mode 100644 index 00000000000..30cd7f0f3a6 --- /dev/null +++ b/CHANGES/10625.misc.rst @@ -0,0 +1 @@ +Improved performance of serializing headers -- by :user:`bdraco`. diff --git a/aiohttp/_http_writer.pyx b/aiohttp/_http_writer.pyx index 287371334f8..4a3ae1f9e68 100644 --- a/aiohttp/_http_writer.pyx +++ b/aiohttp/_http_writer.pyx @@ -97,27 +97,34 @@ cdef inline int _write_str(Writer* writer, str s): return -1 -# --------------- _serialize_headers ---------------------- - -cdef str to_str(object s): +cdef inline int _write_str_raise_on_nlcr(Writer* writer, object s): + cdef Py_UCS4 ch + cdef str out_str if type(s) is str: - return s + out_str = s elif type(s) is _istr: - return PyObject_Str(s) + out_str = PyObject_Str(s) elif not isinstance(s, str): raise TypeError("Cannot serialize non-str key {!r}".format(s)) else: - return str(s) + out_str = str(s) + + for ch in out_str: + if ch == 0x0D or ch == 0x0A: + raise ValueError( + "Newline or carriage return detected in headers. " + "Potential header injection attack." + ) + if _write_utf8(writer, ch) < 0: + return -1 +# --------------- _serialize_headers ---------------------- def _serialize_headers(str status_line, headers): cdef Writer writer cdef object key cdef object val - cdef bytes ret - cdef str key_str - cdef str val_str _init_writer(&writer) @@ -130,22 +137,13 @@ def _serialize_headers(str status_line, headers): raise for key, val in headers.items(): - key_str = to_str(key) - val_str = to_str(val) - - if "\r" in key_str or "\n" in key_str or "\r" in val_str or "\n" in val_str: - raise ValueError( - "Newline or carriage return character detected in HTTP status message or " - "header. This is a potential security issue." - ) - - if _write_str(&writer, key_str) < 0: + if _write_str_raise_on_nlcr(&writer, key) < 0: raise if _write_byte(&writer, b':') < 0: raise if _write_byte(&writer, b' ') < 0: raise - if _write_str(&writer, val_str) < 0: + if _write_str_raise_on_nlcr(&writer, val) < 0: raise if _write_byte(&writer, b'\r') < 0: raise diff --git a/tests/test_http_writer.py b/tests/test_http_writer.py index c39fe3c7251..420816b3137 100644 --- a/tests/test_http_writer.py +++ b/tests/test_http_writer.py @@ -8,8 +8,9 @@ import pytest from multidict import CIMultiDict -from aiohttp import ClientConnectionResetError, http +from aiohttp import ClientConnectionResetError, hdrs, http from aiohttp.base_protocol import BaseProtocol +from aiohttp.http_writer import _serialize_headers from aiohttp.test_utils import make_mocked_coro @@ -534,3 +535,29 @@ async def test_set_eof_after_write_headers( msg.set_eof() await msg.write_eof() assert not transport.write.called + + +@pytest.mark.parametrize( + "char", + [ + "\n", + "\r", + ], +) +def test_serialize_headers_raises_on_new_line_or_carriage_return(char: str) -> None: + """Verify serialize_headers raises on cr or nl in the headers.""" + status_line = "HTTP/1.1 200 OK" + headers = CIMultiDict( + { + hdrs.CONTENT_TYPE: f"text/plain{char}", + } + ) + + with pytest.raises( + ValueError, + match=( + "Newline or carriage return detected in headers. " + "Potential header injection attack." + ), + ): + _serialize_headers(status_line, headers) From 9d4c09a2e866839466895657c5df2c55e17298fc Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 22:16:09 +0000 Subject: [PATCH 25/36] [PR #10601/f7cac7e6 backport][3.12] Reduce WebSocket buffer slicing overhead (#10640) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **This is a backport of PR #10601 as merged into master (f7cac7e63f18691e4261af353e84f9073b16624a).** ## What do these changes do? Use a `const unsigned char *` for the buffer (Cython will automatically extract is using `__Pyx_PyBytes_AsUString`) as its a lot faster than copying around `PyBytes` objects. We do need to be careful that all slices are bounded and we bound check everything to make sure we do not do an out of bounds read since Cython does not bounds check C strings. I checked that all accesses to `buf_cstr` are proceeded by a bounds check but it would be good to get another set of eyes on that to verify in the `self._state == READ_PAYLOAD` block that we will never try to read out of bounds. Screenshot 2025-03-19 at 10 21 54 AM ## Are there changes in behavior for the user? performance improvement ## Is it a substantial burden for the maintainers to support this? no There is a small risk that someone could remove a bounds check in the future and create a memory safety issue, however in this case its likely we would already be trying to read data that wasn't there if we are missing the bounds checking so the pure python version would throw if we are testing properly. Co-authored-by: J. Nick Koston --- CHANGES/10601.misc.rst | 1 + aiohttp/_websocket/reader_c.pxd | 1 + aiohttp/_websocket/reader_py.py | 20 +++++++++++--------- 3 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 CHANGES/10601.misc.rst diff --git a/CHANGES/10601.misc.rst b/CHANGES/10601.misc.rst new file mode 100644 index 00000000000..c0d21082724 --- /dev/null +++ b/CHANGES/10601.misc.rst @@ -0,0 +1 @@ +Improved performance of WebSocket buffer handling -- by :user:`bdraco`. diff --git a/aiohttp/_websocket/reader_c.pxd b/aiohttp/_websocket/reader_c.pxd index 461e658e116..f156a7ff704 100644 --- a/aiohttp/_websocket/reader_c.pxd +++ b/aiohttp/_websocket/reader_c.pxd @@ -93,6 +93,7 @@ cdef class WebSocketReader: chunk_size="unsigned int", chunk_len="unsigned int", buf_length="unsigned int", + buf_cstr="const unsigned char *", first_byte="unsigned char", second_byte="unsigned char", end_pos="unsigned int", diff --git a/aiohttp/_websocket/reader_py.py b/aiohttp/_websocket/reader_py.py index 1645b3949b1..b2689e86614 100644 --- a/aiohttp/_websocket/reader_py.py +++ b/aiohttp/_websocket/reader_py.py @@ -328,14 +328,15 @@ def parse_frame( start_pos: int = 0 buf_length = len(buf) + buf_cstr = buf while True: # read header if self._state == READ_HEADER: if buf_length - start_pos < 2: break - first_byte = buf[start_pos] - second_byte = buf[start_pos + 1] + first_byte = buf_cstr[start_pos] + second_byte = buf_cstr[start_pos + 1] start_pos += 2 fin = (first_byte >> 7) & 1 @@ -400,14 +401,14 @@ def parse_frame( if length_flag == 126: if buf_length - start_pos < 2: break - first_byte = buf[start_pos] - second_byte = buf[start_pos + 1] + first_byte = buf_cstr[start_pos] + second_byte = buf_cstr[start_pos + 1] start_pos += 2 self._payload_length = first_byte << 8 | second_byte elif length_flag > 126: if buf_length - start_pos < 8: break - data = buf[start_pos : start_pos + 8] + data = buf_cstr[start_pos : start_pos + 8] start_pos += 8 self._payload_length = UNPACK_LEN3(data)[0] else: @@ -419,7 +420,7 @@ def parse_frame( if self._state == READ_PAYLOAD_MASK: if buf_length - start_pos < 4: break - self._frame_mask = buf[start_pos : start_pos + 4] + self._frame_mask = buf_cstr[start_pos : start_pos + 4] start_pos += 4 self._state = READ_PAYLOAD @@ -435,10 +436,10 @@ def parse_frame( if self._frame_payload_len: if type(self._frame_payload) is not bytearray: self._frame_payload = bytearray(self._frame_payload) - self._frame_payload += buf[start_pos:end_pos] + self._frame_payload += buf_cstr[start_pos:end_pos] else: # Fast path for the first frame - self._frame_payload = buf[start_pos:end_pos] + self._frame_payload = buf_cstr[start_pos:end_pos] self._frame_payload_len += end_pos - start_pos start_pos = end_pos @@ -464,6 +465,7 @@ def parse_frame( self._frame_payload_len = 0 self._state = READ_HEADER - self._tail = buf[start_pos:] if start_pos < buf_length else b"" + # XXX: Cython needs slices to be bounded, so we can't omit the slice end here. + self._tail = buf_cstr[start_pos:buf_length] if start_pos < buf_length else b"" return frames From 34cb977400c826845fc27b14eb3ff54165c026d7 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 22:49:06 +0000 Subject: [PATCH 26/36] [PR #10638/caa5792a backport][3.11] Convert format calls to f-strings in WebSocket reader (#10642) **This is a backport of PR #10638 as merged into master (caa5792a55e6a380cbb27d907d7d09e8785b7312).** Small code cleanup Co-authored-by: J. Nick Koston --- aiohttp/_websocket/reader_py.py | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/aiohttp/_websocket/reader_py.py b/aiohttp/_websocket/reader_py.py index 1645b3949b1..d0708696708 100644 --- a/aiohttp/_websocket/reader_py.py +++ b/aiohttp/_websocket/reader_py.py @@ -194,9 +194,8 @@ def _feed_data(self, data: bytes) -> None: if self._max_msg_size and len(self._partial) >= self._max_msg_size: raise WebSocketError( WSCloseCode.MESSAGE_TOO_BIG, - "Message size {} exceeds limit {}".format( - len(self._partial), self._max_msg_size - ), + f"Message size {len(self._partial)} " + f"exceeds limit {self._max_msg_size}", ) continue @@ -215,7 +214,7 @@ def _feed_data(self, data: bytes) -> None: raise WebSocketError( WSCloseCode.PROTOCOL_ERROR, "The opcode in non-fin frame is expected " - "to be zero, got {!r}".format(opcode), + f"to be zero, got {opcode!r}", ) assembled_payload: Union[bytes, bytearray] @@ -228,9 +227,8 @@ def _feed_data(self, data: bytes) -> None: if self._max_msg_size and len(assembled_payload) >= self._max_msg_size: raise WebSocketError( WSCloseCode.MESSAGE_TOO_BIG, - "Message size {} exceeds limit {}".format( - len(assembled_payload), self._max_msg_size - ), + f"Message size {len(assembled_payload)} " + f"exceeds limit {self._max_msg_size}", ) # Decompress process must to be done after all packets @@ -247,9 +245,8 @@ def _feed_data(self, data: bytes) -> None: left = len(self._decompressobj.unconsumed_tail) raise WebSocketError( WSCloseCode.MESSAGE_TOO_BIG, - "Decompressed message size {} exceeds limit {}".format( - self._max_msg_size + left, self._max_msg_size - ), + f"Decompressed message size {self._max_msg_size + left}" + f" exceeds limit {self._max_msg_size}", ) elif type(assembled_payload) is bytes: payload_merged = assembled_payload From 12925c6b0c1063721cd425d7bad42cec480e3a3c Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 22:52:32 +0000 Subject: [PATCH 27/36] [PR #10638/caa5792a backport][3.12] Convert format calls to f-strings in WebSocket reader (#10643) **This is a backport of PR #10638 as merged into master (caa5792a55e6a380cbb27d907d7d09e8785b7312).** Small code cleanup Co-authored-by: J. Nick Koston --- aiohttp/_websocket/reader_py.py | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/aiohttp/_websocket/reader_py.py b/aiohttp/_websocket/reader_py.py index b2689e86614..92ad47a52f0 100644 --- a/aiohttp/_websocket/reader_py.py +++ b/aiohttp/_websocket/reader_py.py @@ -194,9 +194,8 @@ def _feed_data(self, data: bytes) -> None: if self._max_msg_size and len(self._partial) >= self._max_msg_size: raise WebSocketError( WSCloseCode.MESSAGE_TOO_BIG, - "Message size {} exceeds limit {}".format( - len(self._partial), self._max_msg_size - ), + f"Message size {len(self._partial)} " + f"exceeds limit {self._max_msg_size}", ) continue @@ -215,7 +214,7 @@ def _feed_data(self, data: bytes) -> None: raise WebSocketError( WSCloseCode.PROTOCOL_ERROR, "The opcode in non-fin frame is expected " - "to be zero, got {!r}".format(opcode), + f"to be zero, got {opcode!r}", ) assembled_payload: Union[bytes, bytearray] @@ -228,9 +227,8 @@ def _feed_data(self, data: bytes) -> None: if self._max_msg_size and len(assembled_payload) >= self._max_msg_size: raise WebSocketError( WSCloseCode.MESSAGE_TOO_BIG, - "Message size {} exceeds limit {}".format( - len(assembled_payload), self._max_msg_size - ), + f"Message size {len(assembled_payload)} " + f"exceeds limit {self._max_msg_size}", ) # Decompress process must to be done after all packets @@ -247,9 +245,8 @@ def _feed_data(self, data: bytes) -> None: left = len(self._decompressobj.unconsumed_tail) raise WebSocketError( WSCloseCode.MESSAGE_TOO_BIG, - "Decompressed message size {} exceeds limit {}".format( - self._max_msg_size + left, self._max_msg_size - ), + f"Decompressed message size {self._max_msg_size + left}" + f" exceeds limit {self._max_msg_size}", ) elif type(assembled_payload) is bytes: payload_merged = assembled_payload From bc813e66238daae2302dcf98d479e8f70f01a79b Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 30 Mar 2025 23:01:42 +0000 Subject: [PATCH 28/36] [PR #10601/f7cac7e6 backport][3.11] Reduce WebSocket buffer slicing overhead (#10639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **This is a backport of PR #10601 as merged into master (f7cac7e63f18691e4261af353e84f9073b16624a).** ## What do these changes do? Use a `const unsigned char *` for the buffer (Cython will automatically extract is using `__Pyx_PyBytes_AsUString`) as its a lot faster than copying around `PyBytes` objects. We do need to be careful that all slices are bounded and we bound check everything to make sure we do not do an out of bounds read since Cython does not bounds check C strings. I checked that all accesses to `buf_cstr` are proceeded by a bounds check but it would be good to get another set of eyes on that to verify in the `self._state == READ_PAYLOAD` block that we will never try to read out of bounds. Screenshot 2025-03-19 at 10 21 54 AM ## Are there changes in behavior for the user? performance improvement ## Is it a substantial burden for the maintainers to support this? no There is a small risk that someone could remove a bounds check in the future and create a memory safety issue, however in this case its likely we would already be trying to read data that wasn't there if we are missing the bounds checking so the pure python version would throw if we are testing properly. Co-authored-by: J. Nick Koston --- CHANGES/10601.misc.rst | 1 + aiohttp/_websocket/reader_c.pxd | 1 + aiohttp/_websocket/reader_py.py | 20 +++++++++++--------- 3 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 CHANGES/10601.misc.rst diff --git a/CHANGES/10601.misc.rst b/CHANGES/10601.misc.rst new file mode 100644 index 00000000000..c0d21082724 --- /dev/null +++ b/CHANGES/10601.misc.rst @@ -0,0 +1 @@ +Improved performance of WebSocket buffer handling -- by :user:`bdraco`. diff --git a/aiohttp/_websocket/reader_c.pxd b/aiohttp/_websocket/reader_c.pxd index 461e658e116..f156a7ff704 100644 --- a/aiohttp/_websocket/reader_c.pxd +++ b/aiohttp/_websocket/reader_c.pxd @@ -93,6 +93,7 @@ cdef class WebSocketReader: chunk_size="unsigned int", chunk_len="unsigned int", buf_length="unsigned int", + buf_cstr="const unsigned char *", first_byte="unsigned char", second_byte="unsigned char", end_pos="unsigned int", diff --git a/aiohttp/_websocket/reader_py.py b/aiohttp/_websocket/reader_py.py index d0708696708..92ad47a52f0 100644 --- a/aiohttp/_websocket/reader_py.py +++ b/aiohttp/_websocket/reader_py.py @@ -325,14 +325,15 @@ def parse_frame( start_pos: int = 0 buf_length = len(buf) + buf_cstr = buf while True: # read header if self._state == READ_HEADER: if buf_length - start_pos < 2: break - first_byte = buf[start_pos] - second_byte = buf[start_pos + 1] + first_byte = buf_cstr[start_pos] + second_byte = buf_cstr[start_pos + 1] start_pos += 2 fin = (first_byte >> 7) & 1 @@ -397,14 +398,14 @@ def parse_frame( if length_flag == 126: if buf_length - start_pos < 2: break - first_byte = buf[start_pos] - second_byte = buf[start_pos + 1] + first_byte = buf_cstr[start_pos] + second_byte = buf_cstr[start_pos + 1] start_pos += 2 self._payload_length = first_byte << 8 | second_byte elif length_flag > 126: if buf_length - start_pos < 8: break - data = buf[start_pos : start_pos + 8] + data = buf_cstr[start_pos : start_pos + 8] start_pos += 8 self._payload_length = UNPACK_LEN3(data)[0] else: @@ -416,7 +417,7 @@ def parse_frame( if self._state == READ_PAYLOAD_MASK: if buf_length - start_pos < 4: break - self._frame_mask = buf[start_pos : start_pos + 4] + self._frame_mask = buf_cstr[start_pos : start_pos + 4] start_pos += 4 self._state = READ_PAYLOAD @@ -432,10 +433,10 @@ def parse_frame( if self._frame_payload_len: if type(self._frame_payload) is not bytearray: self._frame_payload = bytearray(self._frame_payload) - self._frame_payload += buf[start_pos:end_pos] + self._frame_payload += buf_cstr[start_pos:end_pos] else: # Fast path for the first frame - self._frame_payload = buf[start_pos:end_pos] + self._frame_payload = buf_cstr[start_pos:end_pos] self._frame_payload_len += end_pos - start_pos start_pos = end_pos @@ -461,6 +462,7 @@ def parse_frame( self._frame_payload_len = 0 self._state = READ_HEADER - self._tail = buf[start_pos:] if start_pos < buf_length else b"" + # XXX: Cython needs slices to be bounded, so we can't omit the slice end here. + self._tail = buf_cstr[start_pos:buf_length] if start_pos < buf_length else b"" return frames From b93993d8b7ded348ccd042300872fca6bfb02321 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 02:29:06 +0000 Subject: [PATCH 29/36] [PR #10644/8c4e60b0 backport][3.11] Add benchmarks for streaming API (#10645) **This is a backport of PR #10644 as merged into master (8c4e60b04a8edea54d6dcbfbd201aa3204ea6c13).** ## What do these changes do? Add benchmarks for streaming API. I get asked all the time if someone should use `iter_chunked`, `iter_any`, or `iter_chunks`. Its nice to be able to point people at benchmarks, especially ones they can alter with their numbers and run locally. Unsurprisingly `memcpy` is where the performance issues are so avoiding it as much as possible will give better performance. In almost all cases `iter_chunks` is going to give the best performance if you can trust the chunk sizes aren't going to be too large. ## Are there changes in behavior for the user? no ## Is it a substantial burden for the maintainers to support this? no Co-authored-by: J. Nick Koston --- tests/test_benchmarks_client.py | 128 ++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) diff --git a/tests/test_benchmarks_client.py b/tests/test_benchmarks_client.py index ae89bc1f667..aa3536be820 100644 --- a/tests/test_benchmarks_client.py +++ b/tests/test_benchmarks_client.py @@ -346,3 +346,131 @@ async def run_client_benchmark() -> None: @benchmark def _run() -> None: loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_any( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_any.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_any(): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_chunked_4096( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_chunked 4096.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size, 4096 iter_chunked + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_chunked(4096): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_chunked_65536( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_chunked 65536.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size, 64 KiB iter_chunked + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_chunked(65536): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_chunks( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_chunks.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_chunks(): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) From 91d3d76d96ba79740c09b7b09591edf7ea60b5eb Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 02:36:22 +0000 Subject: [PATCH 30/36] [PR #10644/8c4e60b0 backport][3.12] Add benchmarks for streaming API (#10646) **This is a backport of PR #10644 as merged into master (8c4e60b04a8edea54d6dcbfbd201aa3204ea6c13).** ## What do these changes do? Add benchmarks for streaming API. I get asked all the time if someone should use `iter_chunked`, `iter_any`, or `iter_chunks`. Its nice to be able to point people at benchmarks, especially ones they can alter with their numbers and run locally. Unsurprisingly `memcpy` is where the performance issues are so avoiding it as much as possible will give better performance. In almost all cases `iter_chunks` is going to give the best performance if you can trust the chunk sizes aren't going to be too large. ## Are there changes in behavior for the user? no ## Is it a substantial burden for the maintainers to support this? no Co-authored-by: J. Nick Koston --- tests/test_benchmarks_client.py | 128 ++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) diff --git a/tests/test_benchmarks_client.py b/tests/test_benchmarks_client.py index ae89bc1f667..aa3536be820 100644 --- a/tests/test_benchmarks_client.py +++ b/tests/test_benchmarks_client.py @@ -346,3 +346,131 @@ async def run_client_benchmark() -> None: @benchmark def _run() -> None: loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_any( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_any.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_any(): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_chunked_4096( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_chunked 4096.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size, 4096 iter_chunked + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_chunked(4096): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_chunked_65536( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_chunked 65536.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size, 64 KiB iter_chunked + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_chunked(65536): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_ten_streamed_responses_iter_chunks( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 10 streamed responses using iter_chunks.""" + message_count = 10 + data = b"x" * 65536 # 64 KiB chunk size + + async def handler(request: web.Request) -> web.StreamResponse: + resp = web.StreamResponse() + await resp.prepare(request) + for _ in range(10): + await resp.write(data) + return resp + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + resp = await client.get("/") + async for _ in resp.content.iter_chunks(): + pass + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) From e93214704fab8184477e72d25f5c9336629f2c67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 11:20:12 +0000 Subject: [PATCH 31/36] Bump coverage from 7.7.1 to 7.8.0 (#10651) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.7.1 to 7.8.0.
Changelog

Sourced from coverage's changelog.

Version 7.8.0 — 2025-03-30

  • Added a new source_dirs setting for symmetry with the existing source_pkgs setting. It's preferable to the existing source setting, because you'll get a clear error when directories don't exist. Fixes issue 1942. Thanks, Jeremy Fleischman <pull 1943_>.

  • Fix: the PYTHONSAFEPATH environment variable new in Python 3.11 is properly supported, closing issue 1696. Thanks, Philipp A. <pull 1700_>. This works properly except for a detail when using the coverage command on Windows. There you can use python -m coverage instead if you need exact emulation.

.. _issue 1696: nedbat/coveragepy#1696 .. _pull 1700: nedbat/coveragepy#1700 .. _issue 1942: nedbat/coveragepy#1942 .. _pull 1943: nedbat/coveragepy#1943

.. _changes_7-7-1:

Commits
  • 6d5ced9 docs: sample HTML for 7.8.0
  • 49c194f docs: prep for 7.8.0
  • 38782cb docs: finish up source_dirs. bump to 7.8.0
  • 7aea2f3 feat: add new source_dirs option (#1943)
  • f464155 test: some simple bytecode tests
  • cf1dec0 refactor: these pypy modules are available in all our versions
  • a876052 test: a general helper for iterating over our own source files
  • 82cff3e perf: sets are better than lists
  • a66bd61 refactor: move bytecode code into bytecode.py
  • d64ce5f chore: bump the action-dependencies group with 3 updates (#1940)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.7.1&new-version=7.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 33d561d5063..91b57adb86b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.7.1 +coverage==7.8.0 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 87ed47811ed..64782d4714d 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.7.1 +coverage==7.8.0 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index cef97799aee..73c30f6e728 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.7.1 +coverage==7.8.0 # via # -r requirements/test.in # pytest-cov From d042abdcda4b57fb61f3e824daa32fe257f0718f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 21:38:16 +0000 Subject: [PATCH 32/36] Bump rich from 13.9.4 to 14.0.0 (#10652) Bumps [rich](https://github.com/Textualize/rich) from 13.9.4 to 14.0.0.
Release notes

Sourced from rich's releases.

The ENVy of all other releases

Mostly updates to Traceback rendering, to add support for features introduced in Python3.11

We also have a new env var that I am proposing to become a standard. TTY_COMPATIBLE=1 tells Rich to write ansi-escape sequences even if it detects it is not writing to a terminal. This is intended for use with GitHub Actions / CI, which can interpret escape sequences, but aren't a terminal.

There is also a change to how NO_COLOR and FORCE_COLOR are interpreted, which is the reason for the major version bump.

[14.0.0] - 2025-03-30

Added

  • Added env var TTY_COMPATIBLE to override auto-detection of TTY support (See console.rst for details). Textualize/rich#3675

Changed

Changelog

Sourced from rich's changelog.

[14.0.0] - 2025-03-30

Added

  • Added env var TTY_COMPATIBLE to override auto-detection of TTY support (See console.rst for details). Textualize/rich#3675

Changed

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rich&package-manager=pip&previous-version=13.9.4&new-version=14.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 91b57adb86b..42f2ae68211 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -203,7 +203,7 @@ requests==2.32.3 # cherry-picker # sphinx # sphinxcontrib-spelling -rich==13.9.4 +rich==14.0.0 # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 64782d4714d..b4fd71ff1f1 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -197,7 +197,7 @@ requests==2.32.3 # via # cherry-picker # sphinx -rich==13.9.4 +rich==14.0.0 # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 40fde1ab340..8ac5bce2df6 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -82,7 +82,7 @@ python-on-whales==0.76.1 # via -r requirements/lint.in pyyaml==6.0.2 # via pre-commit -rich==13.9.4 +rich==14.0.0 # via pytest-codspeed six==1.17.0 # via python-dateutil diff --git a/requirements/test.txt b/requirements/test.txt index 73c30f6e728..e43b57e9bc1 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -110,7 +110,7 @@ re-assert==1.1.0 # via -r requirements/test.in regex==2024.11.6 # via re-assert -rich==13.9.4 +rich==14.0.0 # via pytest-codspeed setuptools-git==1.2 # via -r requirements/test.in From 7c3c536c8224e591c4e02b26374b09da264db1ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 21:46:16 +0000 Subject: [PATCH 33/36] Bump pydantic from 2.10.6 to 2.11.1 (#10650) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.10.6 to 2.11.1.
Release notes

Sourced from pydantic's releases.

v2.11.1 2025-03-28

What's Changed

Fixes

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.11.0...v2.11.1

v2.11.0 2025-03-27

What's Changed

Packaging

New Features

Changes

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.11.1 (2025-03-28)

GitHub release

What's Changed

Fixes

  • Do not override 'definitions-ref' schemas containing serialization schemas or metadata by @​Viicos in #11644

v2.11.0 (2025-03-27)

GitHub release

What's Changed

Pydantic v2.11 is a version strongly focused on build time performance of Pydantic models (and core schema generation in general). See the blog post for more details.

Packaging

New Features

Fixes

  • Allow generic typed dictionaries to be used for unpacked variadic keyword parameters by @​Viicos in #11571
  • Fix runtime error when computing model string representation involving cached properties and self-referenced models by @​Viicos in #11579
  • Preserve other steps when using the ellipsis in the pipeline API by @​Viicos in #11626
  • Fix deferred discriminator application logic by @​Viicos in #11591

New Contributors

v2.11.0b2 (2025-03-17)

GitHub release

What's Changed

Packaging

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.10.6&new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 7 +++++-- requirements/dev.txt | 7 +++++-- requirements/lint.txt | 7 +++++-- requirements/test.txt | 7 +++++-- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 42f2ae68211..a88d3895a16 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -148,9 +148,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.10.6 +pydantic==2.11.1 # via python-on-whales -pydantic-core==2.27.2 +pydantic-core==2.33.0 # via pydantic pyenchant==3.2.2 # via sphinxcontrib-spelling @@ -266,6 +266,9 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich + # typing-inspection +typing-inspection==0.4.0 + # via pydantic uritemplate==4.1.1 # via gidgethub urllib3==2.3.0 diff --git a/requirements/dev.txt b/requirements/dev.txt index b4fd71ff1f1..4414468a31f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -145,9 +145,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.10.6 +pydantic==2.11.1 # via python-on-whales -pydantic-core==2.27.2 +pydantic-core==2.33.0 # via pydantic pygments==2.19.1 # via @@ -257,6 +257,9 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich + # typing-inspection +typing-inspection==0.4.0 + # via pydantic uritemplate==4.1.1 # via gidgethub urllib3==2.3.0 diff --git a/requirements/lint.txt b/requirements/lint.txt index 8ac5bce2df6..ff910da444b 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -61,9 +61,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.10.6 +pydantic==2.11.1 # via python-on-whales -pydantic-core==2.27.2 +pydantic-core==2.33.0 # via pydantic pygments==2.19.1 # via rich @@ -102,6 +102,9 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich + # typing-inspection +typing-inspection==0.4.0 + # via pydantic uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.1.0 diff --git a/requirements/test.txt b/requirements/test.txt index e43b57e9bc1..b2ea7bfff70 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -81,9 +81,9 @@ pycares==4.5.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.10.6 +pydantic==2.11.1 # via python-on-whales -pydantic-core==2.27.2 +pydantic-core==2.33.0 # via pydantic pygments==2.19.1 # via rich @@ -131,6 +131,9 @@ typing-extensions==4.12.2 # pydantic-core # python-on-whales # rich + # typing-inspection +typing-inspection==0.4.0 + # via pydantic uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" # via -r requirements/base.in wait-for-it==2.3.0 From 7f7d68143a47daa4cff1f2abe94e8bf2c2c8d9b7 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 03:19:46 +0000 Subject: [PATCH 34/36] [PR #10656/06db052e backport][3.11] Revert: Close the socket if there's a failure in start_connection() #10464 (#10657) **This is a backport of PR #10656 as merged into master (06db052eae399de1c7c34c0122d736e06c045ec7).** Reverts #10464 While this change improved the situation for uvloop users, it caused a regression with `SelectorEventLoop` (issue #10617) The alternative fix is https://github.com/MagicStack/uvloop/pull/646 (not merged at the time of this PR) issue #10617 appears to be very similar to https://github.com/python/cpython/commit/d5aeccf9767c1619faa29e8ed61c93bde7bc5e3f If someone can come up with a working reproducer for #10617 we can revisit this. cc @top-oai Minimal implementation that shows on cancellation the socket is cleaned up without the explicit `close` https://github.com/aio-libs/aiohttp/issues/10617#issuecomment-2767890703 so this should be unneeded unless I've missed something (very possible with all the moving parts here) ## Related issue number fixes #10617 Co-authored-by: J. Nick Koston --- CHANGES/10464.bugfix.rst | 1 + CHANGES/10617.bugfix.rst | 1 + CHANGES/10656.bugfix.rst | 3 +++ aiohttp/connector.py | 16 +------------ tests/test_connector.py | 50 ---------------------------------------- 5 files changed, 6 insertions(+), 65 deletions(-) create mode 120000 CHANGES/10464.bugfix.rst create mode 120000 CHANGES/10617.bugfix.rst create mode 100644 CHANGES/10656.bugfix.rst diff --git a/CHANGES/10464.bugfix.rst b/CHANGES/10464.bugfix.rst new file mode 120000 index 00000000000..18996eb3cac --- /dev/null +++ b/CHANGES/10464.bugfix.rst @@ -0,0 +1 @@ +10656.bugfix.rst \ No newline at end of file diff --git a/CHANGES/10617.bugfix.rst b/CHANGES/10617.bugfix.rst new file mode 120000 index 00000000000..18996eb3cac --- /dev/null +++ b/CHANGES/10617.bugfix.rst @@ -0,0 +1 @@ +10656.bugfix.rst \ No newline at end of file diff --git a/CHANGES/10656.bugfix.rst b/CHANGES/10656.bugfix.rst new file mode 100644 index 00000000000..ec3853107ad --- /dev/null +++ b/CHANGES/10656.bugfix.rst @@ -0,0 +1,3 @@ +Reverted explicitly closing sockets if an exception is raised during ``create_connection`` -- by :user:`bdraco`. + +This change originally appeared in aiohttp 3.11.13 diff --git a/aiohttp/connector.py b/aiohttp/connector.py index e5cf3674cba..7420bd6070a 100644 --- a/aiohttp/connector.py +++ b/aiohttp/connector.py @@ -1108,7 +1108,6 @@ async def _wrap_create_connection( client_error: Type[Exception] = ClientConnectorError, **kwargs: Any, ) -> Tuple[asyncio.Transport, ResponseHandler]: - sock: Union[socket.socket, None] = None try: async with ceil_timeout( timeout.sock_connect, ceil_threshold=timeout.ceil_threshold @@ -1120,11 +1119,7 @@ async def _wrap_create_connection( interleave=self._interleave, loop=self._loop, ) - connection = await self._loop.create_connection( - *args, **kwargs, sock=sock - ) - sock = None - return connection + return await self._loop.create_connection(*args, **kwargs, sock=sock) except cert_errors as exc: raise ClientConnectorCertificateError(req.connection_key, exc) from exc except ssl_errors as exc: @@ -1133,15 +1128,6 @@ async def _wrap_create_connection( if exc.errno is None and isinstance(exc, asyncio.TimeoutError): raise raise client_error(req.connection_key, exc) from exc - finally: - if sock is not None: - # Will be hit if an exception is thrown before the event loop takes the socket. - # In that case, proactively close the socket to guard against event loop leaks. - # For example, see https://github.com/MagicStack/uvloop/issues/653. - try: - sock.close() - except OSError as exc: - raise client_error(req.connection_key, exc) from exc async def _wrap_existing_connection( self, diff --git a/tests/test_connector.py b/tests/test_connector.py index a86a2417423..a3fffc447ae 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -617,56 +617,6 @@ async def certificate_error(*args, **kwargs): await conn.close() -async def test_tcp_connector_closes_socket_on_error( - loop: asyncio.AbstractEventLoop, start_connection: mock.AsyncMock -) -> None: - req = ClientRequest("GET", URL("https://127.0.0.1:443"), loop=loop) - - conn = aiohttp.TCPConnector() - with ( - mock.patch.object( - conn._loop, - "create_connection", - autospec=True, - spec_set=True, - side_effect=ValueError, - ), - pytest.raises(ValueError), - ): - await conn.connect(req, [], ClientTimeout()) - - assert start_connection.return_value.close.called - - await conn.close() - - -async def test_tcp_connector_closes_socket_on_error_results_in_another_error( - loop: asyncio.AbstractEventLoop, start_connection: mock.AsyncMock -) -> None: - """Test that when error occurs while closing the socket.""" - req = ClientRequest("GET", URL("https://127.0.0.1:443"), loop=loop) - start_connection.return_value.close.side_effect = OSError( - 1, "error from closing socket" - ) - - conn = aiohttp.TCPConnector() - with ( - mock.patch.object( - conn._loop, - "create_connection", - autospec=True, - spec_set=True, - side_effect=ValueError, - ), - pytest.raises(aiohttp.ClientConnectionError, match="error from closing socket"), - ): - await conn.connect(req, [], ClientTimeout()) - - assert start_connection.return_value.close.called - - await conn.close() - - async def test_tcp_connector_server_hostname_default( loop: Any, start_connection: mock.AsyncMock ) -> None: From 79958318aad1aa6caa7b2ce793968e883a1465d8 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 03:30:03 +0000 Subject: [PATCH 35/36] [PR #10656/06db052e backport][3.12] Revert: Close the socket if there's a failure in start_connection() #10464 (#10658) --- CHANGES/10464.bugfix.rst | 1 + CHANGES/10617.bugfix.rst | 1 + CHANGES/10656.bugfix.rst | 3 +++ aiohttp/connector.py | 16 +------------ tests/test_connector.py | 50 ---------------------------------------- 5 files changed, 6 insertions(+), 65 deletions(-) create mode 120000 CHANGES/10464.bugfix.rst create mode 120000 CHANGES/10617.bugfix.rst create mode 100644 CHANGES/10656.bugfix.rst diff --git a/CHANGES/10464.bugfix.rst b/CHANGES/10464.bugfix.rst new file mode 120000 index 00000000000..18996eb3cac --- /dev/null +++ b/CHANGES/10464.bugfix.rst @@ -0,0 +1 @@ +10656.bugfix.rst \ No newline at end of file diff --git a/CHANGES/10617.bugfix.rst b/CHANGES/10617.bugfix.rst new file mode 120000 index 00000000000..18996eb3cac --- /dev/null +++ b/CHANGES/10617.bugfix.rst @@ -0,0 +1 @@ +10656.bugfix.rst \ No newline at end of file diff --git a/CHANGES/10656.bugfix.rst b/CHANGES/10656.bugfix.rst new file mode 100644 index 00000000000..ec3853107ad --- /dev/null +++ b/CHANGES/10656.bugfix.rst @@ -0,0 +1,3 @@ +Reverted explicitly closing sockets if an exception is raised during ``create_connection`` -- by :user:`bdraco`. + +This change originally appeared in aiohttp 3.11.13 diff --git a/aiohttp/connector.py b/aiohttp/connector.py index 1c2d8d73e07..2a41438ab6a 100644 --- a/aiohttp/connector.py +++ b/aiohttp/connector.py @@ -1126,7 +1126,6 @@ async def _wrap_create_connection( client_error: Type[Exception] = ClientConnectorError, **kwargs: Any, ) -> Tuple[asyncio.Transport, ResponseHandler]: - sock: Union[socket.socket, None] = None try: async with ceil_timeout( timeout.sock_connect, ceil_threshold=timeout.ceil_threshold @@ -1139,11 +1138,7 @@ async def _wrap_create_connection( loop=self._loop, socket_factory=self._socket_factory, ) - connection = await self._loop.create_connection( - *args, **kwargs, sock=sock - ) - sock = None - return connection + return await self._loop.create_connection(*args, **kwargs, sock=sock) except cert_errors as exc: raise ClientConnectorCertificateError(req.connection_key, exc) from exc except ssl_errors as exc: @@ -1152,15 +1147,6 @@ async def _wrap_create_connection( if exc.errno is None and isinstance(exc, asyncio.TimeoutError): raise raise client_error(req.connection_key, exc) from exc - finally: - if sock is not None: - # Will be hit if an exception is thrown before the event loop takes the socket. - # In that case, proactively close the socket to guard against event loop leaks. - # For example, see https://github.com/MagicStack/uvloop/issues/653. - try: - sock.close() - except OSError as exc: - raise client_error(req.connection_key, exc) from exc async def _wrap_existing_connection( self, diff --git a/tests/test_connector.py b/tests/test_connector.py index f148fdf0bbe..28a2ae1d1d2 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -627,56 +627,6 @@ async def certificate_error(*args, **kwargs): await conn.close() -async def test_tcp_connector_closes_socket_on_error( - loop: asyncio.AbstractEventLoop, start_connection: mock.AsyncMock -) -> None: - req = ClientRequest("GET", URL("https://127.0.0.1:443"), loop=loop) - - conn = aiohttp.TCPConnector() - with ( - mock.patch.object( - conn._loop, - "create_connection", - autospec=True, - spec_set=True, - side_effect=ValueError, - ), - pytest.raises(ValueError), - ): - await conn.connect(req, [], ClientTimeout()) - - assert start_connection.return_value.close.called - - await conn.close() - - -async def test_tcp_connector_closes_socket_on_error_results_in_another_error( - loop: asyncio.AbstractEventLoop, start_connection: mock.AsyncMock -) -> None: - """Test that when error occurs while closing the socket.""" - req = ClientRequest("GET", URL("https://127.0.0.1:443"), loop=loop) - start_connection.return_value.close.side_effect = OSError( - 1, "error from closing socket" - ) - - conn = aiohttp.TCPConnector() - with ( - mock.patch.object( - conn._loop, - "create_connection", - autospec=True, - spec_set=True, - side_effect=ValueError, - ), - pytest.raises(aiohttp.ClientConnectionError, match="error from closing socket"), - ): - await conn.connect(req, [], ClientTimeout()) - - assert start_connection.return_value.close.called - - await conn.close() - - async def test_tcp_connector_server_hostname_default( loop: Any, start_connection: mock.AsyncMock ) -> None: From d2d3621211348aecb3d568e634ba0abb016b6009 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Mon, 31 Mar 2025 17:54:45 -1000 Subject: [PATCH 36/36] Release 3.11.15 (#10659) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We yanked 3.11.13 and 3.11.14 and reverted #10464 because of #10617 so we are doing another release to make sure nobody has to go without the other fixes in .13 and .14 Screenshot 2025-03-31 at 5 42 58 PM --- CHANGES.rst | 40 ++++++++++++++++++++++++++++++++++++++++ CHANGES/10464.bugfix.rst | 1 - CHANGES/10601.misc.rst | 1 - CHANGES/10617.bugfix.rst | 1 - CHANGES/10625.misc.rst | 1 - CHANGES/10656.bugfix.rst | 3 --- aiohttp/__init__.py | 2 +- 7 files changed, 41 insertions(+), 8 deletions(-) delete mode 120000 CHANGES/10464.bugfix.rst delete mode 100644 CHANGES/10601.misc.rst delete mode 120000 CHANGES/10617.bugfix.rst delete mode 100644 CHANGES/10625.misc.rst delete mode 100644 CHANGES/10656.bugfix.rst diff --git a/CHANGES.rst b/CHANGES.rst index 3c8c12b8d95..c2654b99214 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,6 +10,46 @@ .. towncrier release notes start +3.11.15 (2025-03-31) +==================== + +Bug fixes +--------- + +- Reverted explicitly closing sockets if an exception is raised during ``create_connection`` -- by :user:`bdraco`. + + This change originally appeared in aiohttp 3.11.13 + + + *Related issues and pull requests on GitHub:* + :issue:`10464`, :issue:`10617`, :issue:`10656`. + + + + +Miscellaneous internal changes +------------------------------ + +- Improved performance of WebSocket buffer handling -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`10601`. + + + +- Improved performance of serializing headers -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`10625`. + + + + +---- + + 3.11.14 (2025-03-16) ==================== diff --git a/CHANGES/10464.bugfix.rst b/CHANGES/10464.bugfix.rst deleted file mode 120000 index 18996eb3cac..00000000000 --- a/CHANGES/10464.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -10656.bugfix.rst \ No newline at end of file diff --git a/CHANGES/10601.misc.rst b/CHANGES/10601.misc.rst deleted file mode 100644 index c0d21082724..00000000000 --- a/CHANGES/10601.misc.rst +++ /dev/null @@ -1 +0,0 @@ -Improved performance of WebSocket buffer handling -- by :user:`bdraco`. diff --git a/CHANGES/10617.bugfix.rst b/CHANGES/10617.bugfix.rst deleted file mode 120000 index 18996eb3cac..00000000000 --- a/CHANGES/10617.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -10656.bugfix.rst \ No newline at end of file diff --git a/CHANGES/10625.misc.rst b/CHANGES/10625.misc.rst deleted file mode 100644 index 30cd7f0f3a6..00000000000 --- a/CHANGES/10625.misc.rst +++ /dev/null @@ -1 +0,0 @@ -Improved performance of serializing headers -- by :user:`bdraco`. diff --git a/CHANGES/10656.bugfix.rst b/CHANGES/10656.bugfix.rst deleted file mode 100644 index ec3853107ad..00000000000 --- a/CHANGES/10656.bugfix.rst +++ /dev/null @@ -1,3 +0,0 @@ -Reverted explicitly closing sockets if an exception is raised during ``create_connection`` -- by :user:`bdraco`. - -This change originally appeared in aiohttp 3.11.13 diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index 4ff7bbbc759..aba86dc3a32 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.11.15.dev0" +__version__ = "3.11.15" from typing import TYPE_CHECKING, Tuple