From 633dabc839bcabfbf0ad4d06ac2e6b75a5cc5db0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 12:24:51 +0000 Subject: [PATCH 1/3] Bump actions/setup-python from 5 to 6 (#11467) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: https://github.com/actions/setup-python/compare/v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 10 +++++----- .github/workflows/update-pre-commit.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 0714f1176e9..7efa2196cb5 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -47,7 +47,7 @@ jobs: make sync-direct-runtime-deps git diff --exit-code -- requirements/runtime-deps.in - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.11 - name: Cache PyPI @@ -166,7 +166,7 @@ jobs: submodules: true - name: Setup Python ${{ matrix.pyver }} id: python-install - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: allow-prereleases: true python-version: ${{ matrix.pyver }} @@ -265,7 +265,7 @@ jobs: submodules: true - name: Setup Python 3.13.2 id: python-install - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.13.2 cache: pip @@ -332,7 +332,7 @@ jobs: with: submodules: true - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 - name: Update pip, wheel, setuptools, build, twine run: | python -m pip install -U pip wheel setuptools build twine @@ -423,7 +423,7 @@ jobs: fi shell: bash - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.x - name: Update pip, wheel, setuptools, build, twine diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index e2426524529..4616f7abc7d 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/checkout@v5 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.9 - name: Install dependencies From 945837cc2d04341cd54df57f17444b8f9a349eb4 Mon Sep 17 00:00:00 2001 From: Kumar Aditya Date: Thu, 4 Sep 2025 18:16:00 +0530 Subject: [PATCH 2/3] Fix thread safety of http writer (#11464) --- CHANGES/11464.feature.rst | 1 + Makefile | 6 +++--- aiohttp/_http_parser.pyx | 2 -- aiohttp/_http_writer.pyx | 16 +++++++++------- 4 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 CHANGES/11464.feature.rst diff --git a/CHANGES/11464.feature.rst b/CHANGES/11464.feature.rst new file mode 100644 index 00000000000..12ebf117883 --- /dev/null +++ b/CHANGES/11464.feature.rst @@ -0,0 +1 @@ +Implemented support for free-threading builds of CPython -- by :user:`kumaraditya303`. diff --git a/Makefile b/Makefile index dc49c1592ff..099d1cf0af1 100644 --- a/Makefile +++ b/Makefile @@ -59,14 +59,14 @@ aiohttp/_find_header.c: $(call to-hash,aiohttp/hdrs.py ./tools/gen.py) # Special case for reader since we want to be able to disable # the extension with AIOHTTP_NO_EXTENSIONS aiohttp/_websocket/reader_c.c: aiohttp/_websocket/reader_c.py - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror # _find_headers generator creates _headers.pyi as well aiohttp/%.c: aiohttp/%.pyx $(call to-hash,$(CYS)) aiohttp/_find_header.c - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror aiohttp/_websocket/%.c: aiohttp/_websocket/%.pyx $(call to-hash,$(CYS)) - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror vendor/llhttp/node_modules: vendor/llhttp/package.json cd vendor/llhttp; npm ci diff --git a/aiohttp/_http_parser.pyx b/aiohttp/_http_parser.pyx index f5015b297b0..d35b07d0a49 100644 --- a/aiohttp/_http_parser.pyx +++ b/aiohttp/_http_parser.pyx @@ -1,5 +1,3 @@ -#cython: language_level=3 -# # Based on https://github.com/MagicStack/httptools # diff --git a/aiohttp/_http_writer.pyx b/aiohttp/_http_writer.pyx index 4a3ae1f9e68..7989c186c89 100644 --- a/aiohttp/_http_writer.pyx +++ b/aiohttp/_http_writer.pyx @@ -8,7 +8,6 @@ from libc.string cimport memcpy from multidict import istr DEF BUF_SIZE = 16 * 1024 # 16KiB -cdef char BUFFER[BUF_SIZE] cdef object _istr = istr @@ -19,16 +18,17 @@ cdef struct Writer: char *buf Py_ssize_t size Py_ssize_t pos + bint heap_allocated - -cdef inline void _init_writer(Writer* writer): - writer.buf = &BUFFER[0] +cdef inline void _init_writer(Writer* writer, char *buf): + writer.buf = buf writer.size = BUF_SIZE writer.pos = 0 + writer.heap_allocated = 0 cdef inline void _release_writer(Writer* writer): - if writer.buf != BUFFER: + if writer.heap_allocated: PyMem_Free(writer.buf) @@ -39,7 +39,7 @@ cdef inline int _write_byte(Writer* writer, uint8_t ch): if writer.pos == writer.size: # reallocate size = writer.size + BUF_SIZE - if writer.buf == BUFFER: + if not writer.heap_allocated: buf = PyMem_Malloc(size) if buf == NULL: PyErr_NoMemory() @@ -52,6 +52,7 @@ cdef inline int _write_byte(Writer* writer, uint8_t ch): return -1 writer.buf = buf writer.size = size + writer.heap_allocated = 1 writer.buf[writer.pos] = ch writer.pos += 1 return 0 @@ -125,8 +126,9 @@ def _serialize_headers(str status_line, headers): cdef Writer writer cdef object key cdef object val + cdef char buf[BUF_SIZE] - _init_writer(&writer) + _init_writer(&writer, buf) try: if _write_str(&writer, status_line) < 0: From 4dc222f34017fe89d1996416711e8d0a4e7c2524 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 13:23:54 +0000 Subject: [PATCH 3/3] Bump actions/stale from 9 to 10 (#11470) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: https://github.com/actions/stale/compare/v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/stale/compare/v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

What Else Changed

  1. Performance optimization that removes unnecessary API calls by @​dsame in #1033; fixes #792
  2. Logs displaying current GitHub API rate limit by @​dsame in #1032; addresses #1029

For more information, please read the action documentation and its section about statefulness

[4.1.1]

In scope of this release we updated actions/core to 1.10.0 for v4 and fixed issues operation count.

[8.0.0]

:warning: This version contains breaking changes :warning:

[7.0.0]

:warning: Breaking change :warning:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/stale&package-manager=github_actions&previous-version=9&new-version=10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ef1b86cfa69..8a56a2b7b80 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -10,7 +10,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: days-before-stale: 30 any-of-labels: needs-info