From 0e097b5816248f4c127bb0baad6d8142884487b5 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Tue, 16 Apr 2024 20:19:34 +0100 Subject: [PATCH 001/148] Bump version --- aiohttp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index e82e790b46a..e43796e7a6a 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.9.5" +__version__ = "3.9.6.dev0" from typing import TYPE_CHECKING, Tuple From 82c3bac2582cd0c139fcf5e4b9753c9d1adea89c Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 00:06:26 +0000 Subject: [PATCH 002/148] [PR #8339/c26f3562 backport][3.9] Upgrade the deprecated GitHub Actions `set-output` workflow command syntax (#8348) **This is a backport of PR #8339 as merged into master (c26f356234c3b49e08f9cab3019b88f5d42f1aa8).** Updating the way of saving output for cache path, cause [GitHub Actions deprecating save-state and set-output commands](https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/) --- .github/workflows/ci-cd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 0b9c1dbcb96..965fcba061b 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -162,7 +162,8 @@ jobs: - name: Get pip cache dir id: pip-cache run: | - echo "::set-output name=dir::$(pip cache dir)" # - name: Cache + echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}" + shell: bash - name: Cache PyPI uses: actions/cache@v4.0.2 with: From 1a0619ca5fa77682e06c413d53fa8b24ee97f42f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 17:36:45 +0000 Subject: [PATCH 003/148] Bump softprops/action-gh-release from 1 to 2 (#8221) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
Release notes

Sourced from softprops/action-gh-release's releases.

v2.0.0

  • update actions.yml declaration to node20 to address warnings
Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.12

  • fix bug leading to empty strings subsituted for inputs users don't provide breaking api calls #144
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=softprops/action-gh-release&package-manager=github_actions&previous-version=1&new-version=2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 965fcba061b..e01e3792199 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -416,7 +416,7 @@ jobs: # Confusingly, this action also supports updating releases, not # just creating them. This is what we want here, since we've manually # created the release above. - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: # dist/ contains the built packages, which smoketest-artifacts/ # contains the signatures and certificates. From 1b2ff4845cbe20f04d19fa9474e7e431a59c1bef Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 21:36:09 +0100 Subject: [PATCH 004/148] [PR #8351/131703fb backport][3.9] Fix dependabot backport target (#8356) **This is a backport of PR #8351 as merged into master (131703fbe4b994f4402b47ff424ef8f532cbb1d5).** Co-authored-by: Sam Bull --- .github/dependabot.yml | 6 +++--- docs/contributing-admins.rst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3b392a34b3b..d1898c69e6e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -18,17 +18,17 @@ updates: interval: "daily" open-pull-requests-limit: 10 - # Maintain dependencies for GitHub Actions aiohttp 3.9 + # Maintain dependencies for GitHub Actions aiohttp backport - package-ecosystem: "github-actions" directory: "/" labels: - dependencies - target-branch: "3.9" + target-branch: "3.10" schedule: interval: "daily" open-pull-requests-limit: 10 - # Maintain dependencies for Python aiohttp 3.10 + # Maintain dependencies for Python aiohttp backport - package-ecosystem: "pip" directory: "/" labels: diff --git a/docs/contributing-admins.rst b/docs/contributing-admins.rst index 9444f8ac5c4..acfaebc0e97 100644 --- a/docs/contributing-admins.rst +++ b/docs/contributing-admins.rst @@ -52,6 +52,6 @@ Back on the original release branch, bump the version number and append ``.dev0` If doing a minor release: #. Create a new release branch for future features to go to: e.g. ``git checkout -b 3.10 3.9 && git push`` -#. Update ``target-branch`` for Dependabot to reference the new branch name in ``.github/dependabot.yml``. +#. Update both ``target-branch`` backports for Dependabot to reference the new branch name in ``.github/dependabot.yml``. #. Delete the older backport label (e.g. backport-3.8): https://github.com/aio-libs/aiohttp/labels #. Add a new backport label (e.g. backport-3.10). From 797d6a836e69e88909ef2044c221b22a985ceb4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 23:18:33 +0100 Subject: [PATCH 005/148] Bump codecov/codecov-action from 3 to 4 (#8124) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 4.
Release notes

Sourced from codecov/codecov-action's releases.

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

  • The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.
  • Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.
  • OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page
  • Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs

v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

  • #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

  • No current support for aarch64 and alpine architectures.
  • Tokenless uploading is unsuported
  • Various arguments to the Action have been removed

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits
  • f30e495 fix: update action.yml (#1240)
  • a7b945c fix: allow for other archs (#1239)
  • 98ab2c5 Update package.json (#1238)
  • 43235cc Update README.md (#1237)
  • 0cf8684 chore(ci): bump to node20 (#1236)
  • 8e1e730 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 ...
  • 61293af build(deps-dev): bump @​typescript-eslint/parser from 6.19.1 to 6.20.0 (#1235)
  • 7a070cb build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#1231)
  • 9097165 build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1232)
  • ac042ea build(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.19.0 to 6.19.1 ...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index e01e3792199..e7b6ee24a1a 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -222,7 +222,7 @@ jobs: run: | python -m coverage xml - name: Upload coverage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 with: file: ./coverage.xml flags: >- From 2c64c8a69873978b07acf1d94c620e820f4a8658 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 00:45:17 +0100 Subject: [PATCH 006/148] [PR #8369/5b5d0ce1 backport][3.9] Update Matrix link (#8370) **This is a backport of PR #8369 as merged into master (5b5d0ce13d7ef851eeac44119ea88f1a3b60252f).** Co-authored-by: Sam Bull --- README.rst | 2 +- docs/index.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 90b7f713577..45b647437e3 100644 --- a/README.rst +++ b/README.rst @@ -148,7 +148,7 @@ Communication channels *aio-libs Discussions*: https://github.com/aio-libs/aiohttp/discussions -*gitter chat* https://gitter.im/aio-libs/Lobby +*Matrix*: `#aio-libs:matrix.org `_ We support `Stack Overflow `_. diff --git a/docs/index.rst b/docs/index.rst index 4f55c5ddf09..9692152cb99 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -174,7 +174,7 @@ Communication channels Feel free to post your questions and ideas here. -*gitter chat* https://gitter.im/aio-libs/Lobby +*Matrix*: `#aio-libs:matrix.org `_ We support `Stack Overflow `_. From e4a63ffa5f58e30296a80d6400e9ffda1cae91d3 Mon Sep 17 00:00:00 2001 From: "Paul J. Dorn" Date: Tue, 23 Apr 2024 19:31:31 +0000 Subject: [PATCH 007/148] Backport 3.9: Add tests, accidentally dropped before (#8088) (#8372) Cherry picked from commit https://github.com/aio-libs/aiohttp/commit/0016004f0e5b861d35afc56a9a59040769af3122 (https://github.com/aio-libs/aiohttp/pull/8088) --- CHANGES/8088.contrib.rst | 1 + tests/test_http_parser.py | 35 +++++++++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 CHANGES/8088.contrib.rst diff --git a/CHANGES/8088.contrib.rst b/CHANGES/8088.contrib.rst new file mode 100644 index 00000000000..b3aec71bdf7 --- /dev/null +++ b/CHANGES/8088.contrib.rst @@ -0,0 +1 @@ +Enabled HTTP parser tests originally intended for 3.9.2 release -- by :user:`pajod`. diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py index ee7dc4aabc5..4b0098949b3 100644 --- a/tests/test_http_parser.py +++ b/tests/test_http_parser.py @@ -294,6 +294,19 @@ def test_parse_headers_longline(parser: Any) -> None: parser.feed_data(text) +@pytest.fixture +def xfail_c_parser_status(request) -> None: + if isinstance(request.getfixturevalue("parser"), HttpRequestParserPy): + return + request.node.add_marker( + pytest.mark.xfail( + reason="Regression test for Py parser. May match C behaviour later.", + raises=http_exceptions.BadStatusLine, + ) + ) + + +@pytest.mark.usefixtures("xfail_c_parser_status") def test_parse_unusual_request_line(parser) -> None: if not isinstance(response, HttpResponseParserPy): pytest.xfail("Regression test for Py parser. May match C behaviour later.") @@ -632,9 +645,6 @@ def test_invalid_header_spacing(parser, pad1: bytes, pad2: bytes, hdr: bytes) -> if pad1 == pad2 == b"" and hdr != b"": # one entry in param matrix is correct: non-empty name, not padded expectation = nullcontext() - if pad1 == pad2 == hdr == b"": - if not isinstance(response, HttpResponseParserPy): - pytest.xfail("Regression test for Py parser. May match C behaviour later.") with expectation: parser.feed_data(text) @@ -815,9 +825,20 @@ def test_http_request_upgrade(parser: Any) -> None: assert tail == b"some raw data" +@pytest.fixture +def xfail_c_parser_url(request) -> None: + if isinstance(request.getfixturevalue("parser"), HttpRequestParserPy): + return + request.node.add_marker( + pytest.mark.xfail( + reason="Regression test for Py parser. May match C behaviour later.", + raises=http_exceptions.InvalidURLError, + ) + ) + + +@pytest.mark.usefixtures("xfail_c_parser_url") def test_http_request_parser_utf8_request_line(parser) -> None: - if not isinstance(response, HttpResponseParserPy): - pytest.xfail("Regression test for Py parser. May match C behaviour later.") messages, upgrade, tail = parser.feed_data( # note the truncated unicode sequence b"GET /P\xc3\xbcnktchen\xa0\xef\xb7 HTTP/1.1\r\n" + @@ -837,7 +858,9 @@ def test_http_request_parser_utf8_request_line(parser) -> None: assert msg.compression is None assert not msg.upgrade assert not msg.chunked - assert msg.url.path == URL("/P%C3%BCnktchen\udca0\udcef\udcb7").path + # python HTTP parser depends on Cython and CPython URL to match + # .. but yarl.URL("/abs") is not equal to URL.build(path="/abs"), see #6409 + assert msg.url == URL.build(path="/Pünktchen\udca0\udcef\udcb7", encoded=True) def test_http_request_parser_utf8(parser) -> None: From c236d3a743a494df43c5fc7b5046b918e468afb6 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 19:40:52 +0100 Subject: [PATCH 008/148] [PR #8457/db1b9129 backport][3.9] Use async fixture in testing docs (#8460) **This is a backport of PR #8457 as merged into master (db1b9129e5f9e3c3730d81a2ae8de059c3e38732).** Co-authored-by: Sam Bull --- docs/testing.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/testing.rst b/docs/testing.rst index 027ba63a039..c2937b82282 100644 --- a/docs/testing.rst +++ b/docs/testing.rst @@ -111,11 +111,11 @@ app test client:: body='value: {}'.format(request.app[value]).encode('utf-8')) @pytest.fixture - def cli(loop, aiohttp_client): + async def cli(aiohttp_client): app = web.Application() app.router.add_get('/', previous) app.router.add_post('/', previous) - return loop.run_until_complete(aiohttp_client(app)) + return await aiohttp_client(app) async def test_set_value(cli): resp = await cli.post('/', data={'value': 'foo'}) From e057906e52ed0ee457d4199b762e917733b51fdb Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 19 Jul 2024 00:37:05 +0200 Subject: [PATCH 009/148] [PR #8515/43b10dcf backport][3.9] Update sphinxcontrib-towncrier entry point @ conf (#8516) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) --- docs/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/conf.py b/docs/conf.py index f21366fb488..cfd75f34fc3 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -59,7 +59,7 @@ "sphinx.ext.viewcode", # Third-party extensions: "sphinxcontrib.blockdiag", - "sphinxcontrib.towncrier", # provides `towncrier-draft-entries` directive + "sphinxcontrib.towncrier.ext", # provides `towncrier-draft-entries` directive ] From fe460b584b78c59d41417bce61b67d0d048b7abe Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 13 Nov 2024 10:09:01 -0600 Subject: [PATCH 010/148] Increment version to 3.10.12.dev0 (#9862) --- aiohttp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index 4fc7908843a..1c01926cdab 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.10.11" +__version__ = "3.10.12.dev0" from typing import TYPE_CHECKING, Tuple From caaf21bde92e6b1bcd50179553768d1890667600 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 22:49:08 +0000 Subject: [PATCH 011/148] [PR #9885/76b0d734 backport][3.10] Add benchmarks for web middleware (#9888) Co-authored-by: J. Nick Koston --- tests/test_benchmarks_web_middleware.py | 44 +++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 tests/test_benchmarks_web_middleware.py diff --git a/tests/test_benchmarks_web_middleware.py b/tests/test_benchmarks_web_middleware.py new file mode 100644 index 00000000000..14aa269e360 --- /dev/null +++ b/tests/test_benchmarks_web_middleware.py @@ -0,0 +1,44 @@ +"""codspeed benchmarks for web middlewares.""" + +import asyncio + +from pytest_codspeed import BenchmarkFixture + +from aiohttp import web +from aiohttp.pytest_plugin import AiohttpClient +from aiohttp.typedefs import Handler + + +def test_ten_web_middlewares( + benchmark: BenchmarkFixture, + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, +) -> None: + """Benchmark 100 requests with 10 middlewares.""" + message_count = 100 + + async def handler(request: web.Request) -> web.Response: + return web.Response() + + app = web.Application() + app.router.add_route("GET", "/", handler) + + class MiddlewareClass: + @web.middleware + async def call( + self, request: web.Request, handler: Handler + ) -> web.StreamResponse: + return await handler(request) + + for _ in range(10): + app.middlewares.append(MiddlewareClass().call) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + await client.get("/") + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) From d4acbd681e99d6c849dede1b366915255ad2037d Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 06:51:01 +0000 Subject: [PATCH 012/148] [PR #9900/7180ea8e backport][3.10] Add benchmark for a route that supports multiple methods (#9901) --- tests/test_benchmarks_client.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/test_benchmarks_client.py b/tests/test_benchmarks_client.py index 75fc7f7ed4e..61439183334 100644 --- a/tests/test_benchmarks_client.py +++ b/tests/test_benchmarks_client.py @@ -33,6 +33,34 @@ def _run() -> None: loop.run_until_complete(run_client_benchmark()) +def test_one_hundred_simple_get_requests_multiple_methods_route( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 100 simple GET requests on a route with multiple methods.""" + message_count = 100 + + async def handler(request: web.Request) -> web.Response: + return web.Response() + + app = web.Application() + # GET intentionally registered last to ensure time complexity + # of the route lookup is benchmarked + for method in ("DELETE", "HEAD", "OPTIONS", "PATCH", "POST", "PUT", "GET"): + app.router.add_route(method, "/", handler) + + async def run_client_benchmark() -> None: + client = await aiohttp_client(app) + for _ in range(message_count): + await client.get("/") + await client.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + def test_one_hundred_get_requests_with_1024_chunked_payload( loop: asyncio.AbstractEventLoop, aiohttp_client: AiohttpClient, From 08d0a3f4d5d9ed2e33c87c208eb49fa270a63885 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 11:05:58 -0600 Subject: [PATCH 013/148] [PR #9910/4a9bbf92 backport][3.10] Add benchmarks for the URL dispatcher (#9915) --- tests/test_benchmarks_web_urldispatcher.py | 187 +++++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 tests/test_benchmarks_web_urldispatcher.py diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py new file mode 100644 index 00000000000..2ffb53ee0f7 --- /dev/null +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -0,0 +1,187 @@ +"""codspeed benchmarks for the URL dispatcher.""" + +import asyncio +import pathlib +from typing import NoReturn +from unittest import mock + +from multidict import CIMultiDict, CIMultiDictProxy +from pytest_codspeed import BenchmarkFixture +from yarl import URL + +import aiohttp +from aiohttp import web +from aiohttp.http import HttpVersion, RawRequestMessage + + +def _mock_request(method: str, path: str) -> web.Request: + message = RawRequestMessage( + method, + path, + HttpVersion(1, 1), + CIMultiDictProxy(CIMultiDict()), + (), + False, + None, + False, + False, + URL(path), + ) + + return web.Request( + message, mock.Mock(), mock.Mock(), mock.Mock(), mock.Mock(), mock.Mock() + ) + + +def test_resolve_root_route( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve top level PlainResources route 100 times.""" + resolve_count = 100 + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + app.router.add_route("GET", "/", handler) + request = _mock_request(method="GET", path="/") + + async def run_url_dispatcher_benchmark() -> None: + for _ in range(resolve_count): + await app._router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_static_root_route( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve top level StaticResource route 100 times.""" + resolve_count = 100 + + app = web.Application() + app.router.add_static("/", pathlib.Path(aiohttp.__file__).parent) + request = _mock_request(method="GET", path="/") + + async def run_url_dispatcher_benchmark() -> None: + for _ in range(resolve_count): + await app._router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_single_fixed_url_with_many_routes( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve PlainResources route 100 times.""" + resolve_count = 100 + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for count in range(250): + app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) + request = _mock_request(method="GET", path="/api/server/dispatch/1/update") + + async def run_url_dispatcher_benchmark() -> None: + for _ in range(resolve_count): + await app._router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_multiple_fixed_url_with_many_routes( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve 250 different PlainResources routes.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for count in range(250): + app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) + + requests = [ + _mock_request(method="GET", path=f"/api/server/dispatch/{count}/update") + for count in range(250) + ] + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await app._router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_multiple_level_fixed_url_with_many_routes( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve 1024 different PlainResources routes.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + urls = [ + f"/api/{a}/{b}/{c}/{d}/{e}/update" + for a in ("a", "b", "c", "d") + for b in ("e", "f", "g", "h") + for c in ("i", "j", "k", "l") + for d in ("m", "n", "o", "p") + for e in ("n", "o", "p", "q") + ] + for url in urls: + app.router.add_route("GET", url, handler) + + requests = [_mock_request(method="GET", path=url) for url in urls] + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await app._router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_dynamic_resource_url_with_many_routes( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve different a DynamicResource when there are 250 PlainResources registered.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for count in range(250): + app.router.add_route("GET", f"/api/server/other/{count}/update", handler) + app.router.add_route("GET", "/api/server/dispatch/{customer}/update", handler) + + requests = [ + _mock_request(method="GET", path=f"/api/server/dispatch/{customer}/update") + for customer in range(250) + ] + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await app._router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) From b6eabb78ab9413c814721c0cf12298b3f902011a Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 13:45:10 +0100 Subject: [PATCH 014/148] [PR #9921/e9637a92 backport][3.10] Freeze app for url dispatcher benchmarks (#9922) **This is a backport of PR #9921 as merged into master (e9637a92b19e46116ab2faf1af968dbd978e2033).** It better reflects the real usage scenario, runners do app freezing before the start. Co-authored-by: Andrew Svetlov --- tests/test_benchmarks_web_urldispatcher.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index 2ffb53ee0f7..cca3be0c826 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -45,6 +45,7 @@ async def handler(request: web.Request) -> NoReturn: app = web.Application() app.router.add_route("GET", "/", handler) + app.freeze() request = _mock_request(method="GET", path="/") async def run_url_dispatcher_benchmark() -> None: @@ -65,6 +66,7 @@ def test_resolve_static_root_route( app = web.Application() app.router.add_static("/", pathlib.Path(aiohttp.__file__).parent) + app.freeze() request = _mock_request(method="GET", path="/") async def run_url_dispatcher_benchmark() -> None: @@ -89,6 +91,7 @@ async def handler(request: web.Request) -> NoReturn: app = web.Application() for count in range(250): app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) + app.freeze() request = _mock_request(method="GET", path="/api/server/dispatch/1/update") async def run_url_dispatcher_benchmark() -> None: @@ -112,6 +115,7 @@ async def handler(request: web.Request) -> NoReturn: app = web.Application() for count in range(250): app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) + app.freeze() requests = [ _mock_request(method="GET", path=f"/api/server/dispatch/{count}/update") @@ -147,6 +151,7 @@ async def handler(request: web.Request) -> NoReturn: ] for url in urls: app.router.add_route("GET", url, handler) + app.freeze() requests = [_mock_request(method="GET", path=url) for url in urls] @@ -172,6 +177,7 @@ async def handler(request: web.Request) -> NoReturn: for count in range(250): app.router.add_route("GET", f"/api/server/other/{count}/update", handler) app.router.add_route("GET", "/api/server/dispatch/{customer}/update", handler) + app.freeze() requests = [ _mock_request(method="GET", path=f"/api/server/dispatch/{customer}/update") From 1866a49b057688138a7d5a97afce67b6f93b0dda Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 16:24:52 +0100 Subject: [PATCH 015/148] [PR #9925/69756b49 backport][3.10] Add benchmarks for github url resolving emulation (#9926) **This is a backport of PR #9925 as merged into master (69756b495d8fe0e1bf47056582d63cb6b0cb2913).** I think github API is a representative example for possible route table. Co-authored-by: Andrew Svetlov --- tests/github-urls.json | 653 +++++++++++++++++++++ tests/test_benchmarks_web_urldispatcher.py | 136 ++++- 2 files changed, 783 insertions(+), 6 deletions(-) create mode 100644 tests/github-urls.json diff --git a/tests/github-urls.json b/tests/github-urls.json new file mode 100644 index 00000000000..02e37554615 --- /dev/null +++ b/tests/github-urls.json @@ -0,0 +1,653 @@ +[ + "/", + "/advisories", + "/advisories/{ghsa_id}", + "/app", + "/app-manifests/{code}/conversions", + "/app/hook/config", + "/app/hook/deliveries", + "/app/hook/deliveries/{delivery_id}", + "/app/hook/deliveries/{delivery_id}/attempts", + "/app/installation-requests", + "/app/installations", + "/app/installations/{installation_id}", + "/app/installations/{installation_id}/access_tokens", + "/app/installations/{installation_id}/suspended", + "/applications/{client_id}/grant", + "/applications/{client_id}/token", + "/applications/{client_id}/token/scoped", + "/apps/{app_slug}", + "/assignments/{assignment_id}", + "/assignments/{assignment_id}/accepted_assignments", + "/assignments/{assignment_id}/grades", + "/classrooms", + "/classrooms/{classroom_id}", + "/classrooms/{classroom_id}/assignments", + "/codes_of_conduct", + "/codes_of_conduct/{key}", + "/emojis", + "/enterprises/{enterprise}/copilot/billing/seats", + "/enterprises/{enterprise}/copilot/metrics", + "/enterprises/{enterprise}/copilot/usage", + "/enterprises/{enterprise}/dependabot/alerts", + "/enterprises/{enterprise}/secret-scanning/alerts", + "/enterprises/{enterprise}/team/{team_slug}/copilot/metrics", + "/enterprises/{enterprise}/team/{team_slug}/copilot/usage", + "/events", + "/feeds", + "/gists", + "/gists/public", + "/gists/starred", + "/gists/{gist_id}", + "/gists/{gist_id}/comments", + "/gists/{gist_id}/comments/{comment_id}", + "/gists/{gist_id}/commits", + "/gists/{gist_id}/forks", + "/gists/{gist_id}/star", + "/gists/{gist_id}/{sha}", + "/gitignore/templates", + "/gitignore/templates/{name}", + "/installation/repositories", + "/installation/token", + "/issues", + "/licenses", + "/licenses/{license}", + "/markdown", + "/markdown/raw", + "/marketplace_listing/accounts/{account_id}", + "/marketplace_listing/plans", + "/marketplace_listing/plans/{plan_id}/accounts", + "/marketplace_listing/stubbed/accounts/{account_id}", + "/marketplace_listing/stubbed/plans", + "/marketplace_listing/stubbed/plans/{plan_id}/accounts", + "/meta", + "/networks/{owner}/{repo}/events", + "/notifications", + "/notifications/threads/{thread_id}", + "/notifications/threads/{thread_id}/subscription", + "/octocat", + "/organizations", + "/orgs/{org}", + "/orgs/{org}/actions/cache/usage", + "/orgs/{org}/actions/cache/usage-by-repository", + "/orgs/{org}/actions/oidc/customization/sub", + "/orgs/{org}/actions/permissions", + "/orgs/{org}/actions/permissions/repositories", + "/orgs/{org}/actions/permissions/repositories/{repository_id}", + "/orgs/{org}/actions/permissions/selected-actions", + "/orgs/{org}/actions/permissions/workflow", + "/orgs/{org}/actions/runner-groups", + "/orgs/{org}/actions/runner-groups/{runner_group_id}", + "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", + "/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}", + "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners", + "/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}", + "/orgs/{org}/actions/runners", + "/orgs/{org}/actions/runners/downloads", + "/orgs/{org}/actions/runners/generate-jitconfig", + "/orgs/{org}/actions/runners/registration-token", + "/orgs/{org}/actions/runners/remove-token", + "/orgs/{org}/actions/runners/{runner_id}", + "/orgs/{org}/actions/runners/{runner_id}/labels", + "/orgs/{org}/actions/runners/{runner_id}/labels/{name}", + "/orgs/{org}/actions/secrets", + "/orgs/{org}/actions/secrets/public-key", + "/orgs/{org}/actions/secrets/{secret_name}", + "/orgs/{org}/actions/secrets/{secret_name}/repositories", + "/orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}", + "/orgs/{org}/actions/variables", + "/orgs/{org}/actions/variables/{name}", + "/orgs/{org}/actions/variables/{name}/repositories", + "/orgs/{org}/actions/variables/{name}/repositories/{repository_id}", + "/orgs/{org}/attestations/{subject_digest}", + "/orgs/{org}/blocks", + "/orgs/{org}/blocks/{username}", + "/orgs/{org}/code-scanning/alerts", + "/orgs/{org}/code-security/configurations", + "/orgs/{org}/code-security/configurations/defaults", + "/orgs/{org}/code-security/configurations/detach", + "/orgs/{org}/code-security/configurations/{configuration_id}", + "/orgs/{org}/code-security/configurations/{configuration_id}/attach", + "/orgs/{org}/code-security/configurations/{configuration_id}/defaults", + "/orgs/{org}/code-security/configurations/{configuration_id}/repositories", + "/orgs/{org}/codespaces", + "/orgs/{org}/codespaces/access", + "/orgs/{org}/codespaces/access/selected_users", + "/orgs/{org}/codespaces/secrets", + "/orgs/{org}/codespaces/secrets/public-key", + "/orgs/{org}/codespaces/secrets/{secret_name}", + "/orgs/{org}/codespaces/secrets/{secret_name}/repositories", + "/orgs/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}", + "/orgs/{org}/copilot/billing", + "/orgs/{org}/copilot/billing/seats", + "/orgs/{org}/copilot/billing/selected_teams", + "/orgs/{org}/copilot/billing/selected_users", + "/orgs/{org}/copilot/metrics", + "/orgs/{org}/copilot/usage", + "/orgs/{org}/dependabot/alerts", + "/orgs/{org}/dependabot/secrets", + "/orgs/{org}/dependabot/secrets/public-key", + "/orgs/{org}/dependabot/secrets/{secret_name}", + "/orgs/{org}/dependabot/secrets/{secret_name}/repositories", + "/orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}", + "/orgs/{org}/docker/conflicts", + "/orgs/{org}/events", + "/orgs/{org}/failed_invitations", + "/orgs/{org}/hooks", + "/orgs/{org}/hooks/{hook_id}", + "/orgs/{org}/hooks/{hook_id}/config", + "/orgs/{org}/hooks/{hook_id}/deliveries", + "/orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}", + "/orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts", + "/orgs/{org}/hooks/{hook_id}/pings", + "/orgs/{org}/insights/api/route-stats/{actor_type}/{actor_id}", + "/orgs/{org}/insights/api/subject-stats", + "/orgs/{org}/insights/api/summary-stats", + "/orgs/{org}/insights/api/summary-stats/users/{user_id}", + "/orgs/{org}/insights/api/summary-stats/{actor_type}/{actor_id}", + "/orgs/{org}/insights/api/time-stats", + "/orgs/{org}/insights/api/time-stats/users/{user_id}", + "/orgs/{org}/insights/api/time-stats/{actor_type}/{actor_id}", + "/orgs/{org}/insights/api/user-stats/{user_id}", + "/orgs/{org}/installation", + "/orgs/{org}/installations", + "/orgs/{org}/interaction-limits", + "/orgs/{org}/invitations", + "/orgs/{org}/invitations/{invitation_id}", + "/orgs/{org}/invitations/{invitation_id}/teams", + "/orgs/{org}/issues", + "/orgs/{org}/members", + "/orgs/{org}/members/{username}", + "/orgs/{org}/members/{username}/codespaces", + "/orgs/{org}/members/{username}/codespaces/{codespace_name}", + "/orgs/{org}/members/{username}/codespaces/{codespace_name}/stop", + "/orgs/{org}/members/{username}/copilot", + "/orgs/{org}/memberships/{username}", + "/orgs/{org}/migrations", + "/orgs/{org}/migrations/{migration_id}", + "/orgs/{org}/migrations/{migration_id}/archive", + "/orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock", + "/orgs/{org}/migrations/{migration_id}/repositories", + "/orgs/{org}/organization-roles", + "/orgs/{org}/organization-roles/teams/{team_slug}", + "/orgs/{org}/organization-roles/teams/{team_slug}/{role_id}", + "/orgs/{org}/organization-roles/users/{username}", + "/orgs/{org}/organization-roles/users/{username}/{role_id}", + "/orgs/{org}/organization-roles/{role_id}", + "/orgs/{org}/organization-roles/{role_id}/teams", + "/orgs/{org}/organization-roles/{role_id}/users", + "/orgs/{org}/outside_collaborators", + "/orgs/{org}/outside_collaborators/{username}", + "/orgs/{org}/packages", + "/orgs/{org}/packages/{package_type}/{package_name}", + "/orgs/{org}/packages/{package_type}/{package_name}/restore", + "/orgs/{org}/packages/{package_type}/{package_name}/versions", + "/orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}", + "/orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore", + "/orgs/{org}/personal-access-token-requests", + "/orgs/{org}/personal-access-token-requests/{pat_request_id}", + "/orgs/{org}/personal-access-token-requests/{pat_request_id}/repositories", + "/orgs/{org}/personal-access-tokens", + "/orgs/{org}/personal-access-tokens/{pat_id}", + "/orgs/{org}/personal-access-tokens/{pat_id}/repositories", + "/orgs/{org}/projects", + "/orgs/{org}/properties/schema", + "/orgs/{org}/properties/schema/{custom_property_name}", + "/orgs/{org}/properties/values", + "/orgs/{org}/public_members", + "/orgs/{org}/public_members/{username}", + "/orgs/{org}/repos", + "/orgs/{org}/rulesets", + "/orgs/{org}/rulesets/rule-suites", + "/orgs/{org}/rulesets/rule-suites/{rule_suite_id}", + "/orgs/{org}/rulesets/{ruleset_id}", + "/orgs/{org}/secret-scanning/alerts", + "/orgs/{org}/security-advisories", + "/orgs/{org}/security-managers", + "/orgs/{org}/security-managers/teams/{team_slug}", + "/orgs/{org}/settings/billing/actions", + "/orgs/{org}/settings/billing/packages", + "/orgs/{org}/settings/billing/shared-storage", + "/orgs/{org}/team/{team_slug}/copilot/metrics", + "/orgs/{org}/team/{team_slug}/copilot/usage", + "/orgs/{org}/teams", + "/orgs/{org}/teams/{team_slug}", + "/orgs/{org}/teams/{team_slug}/discussions", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", + "/orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", + "/orgs/{org}/teams/{team_slug}/invitations", + "/orgs/{org}/teams/{team_slug}/members", + "/orgs/{org}/teams/{team_slug}/memberships/{username}", + "/orgs/{org}/teams/{team_slug}/projects", + "/orgs/{org}/teams/{team_slug}/projects/{project_id}", + "/orgs/{org}/teams/{team_slug}/repos", + "/orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}", + "/orgs/{org}/teams/{team_slug}/teams", + "/orgs/{org}/{security_product}/{enablement}", + "/projects/columns/cards/{card_id}", + "/projects/columns/cards/{card_id}/moves", + "/projects/columns/{column_id}", + "/projects/columns/{column_id}/cards", + "/projects/columns/{column_id}/moves", + "/projects/{project_id}", + "/projects/{project_id}/collaborators", + "/projects/{project_id}/collaborators/{username}", + "/projects/{project_id}/collaborators/{username}/permission", + "/projects/{project_id}/columns", + "/rate_limit", + "/repos/{owner}/{repo}", + "/repos/{owner}/{repo}/actions/artifacts", + "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}", + "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}", + "/repos/{owner}/{repo}/actions/cache/usage", + "/repos/{owner}/{repo}/actions/caches", + "/repos/{owner}/{repo}/actions/caches/{cache_id}", + "/repos/{owner}/{repo}/actions/jobs/{job_id}", + "/repos/{owner}/{repo}/actions/jobs/{job_id}/logs", + "/repos/{owner}/{repo}/actions/jobs/{job_id}/rerun", + "/repos/{owner}/{repo}/actions/oidc/customization/sub", + "/repos/{owner}/{repo}/actions/organization-secrets", + "/repos/{owner}/{repo}/actions/organization-variables", + "/repos/{owner}/{repo}/actions/permissions", + "/repos/{owner}/{repo}/actions/permissions/access", + "/repos/{owner}/{repo}/actions/permissions/selected-actions", + "/repos/{owner}/{repo}/actions/permissions/workflow", + "/repos/{owner}/{repo}/actions/runners", + "/repos/{owner}/{repo}/actions/runners/downloads", + "/repos/{owner}/{repo}/actions/runners/generate-jitconfig", + "/repos/{owner}/{repo}/actions/runners/registration-token", + "/repos/{owner}/{repo}/actions/runners/remove-token", + "/repos/{owner}/{repo}/actions/runners/{runner_id}", + "/repos/{owner}/{repo}/actions/runners/{runner_id}/labels", + "/repos/{owner}/{repo}/actions/runners/{runner_id}/labels/{name}", + "/repos/{owner}/{repo}/actions/runs", + "/repos/{owner}/{repo}/actions/runs/{run_id}", + "/repos/{owner}/{repo}/actions/runs/{run_id}/approvals", + "/repos/{owner}/{repo}/actions/runs/{run_id}/approve", + "/repos/{owner}/{repo}/actions/runs/{run_id}/artifacts", + "/repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}", + "/repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs", + "/repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs", + "/repos/{owner}/{repo}/actions/runs/{run_id}/cancel", + "/repos/{owner}/{repo}/actions/runs/{run_id}/deployment_protection_rule", + "/repos/{owner}/{repo}/actions/runs/{run_id}/force-cancel", + "/repos/{owner}/{repo}/actions/runs/{run_id}/jobs", + "/repos/{owner}/{repo}/actions/runs/{run_id}/logs", + "/repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments", + "/repos/{owner}/{repo}/actions/runs/{run_id}/rerun", + "/repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs", + "/repos/{owner}/{repo}/actions/runs/{run_id}/timing", + "/repos/{owner}/{repo}/actions/secrets", + "/repos/{owner}/{repo}/actions/secrets/public-key", + "/repos/{owner}/{repo}/actions/secrets/{secret_name}", + "/repos/{owner}/{repo}/actions/variables", + "/repos/{owner}/{repo}/actions/variables/{name}", + "/repos/{owner}/{repo}/actions/workflows", + "/repos/{owner}/{repo}/actions/workflows/{workflow_id}", + "/repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable", + "/repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches", + "/repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable", + "/repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs", + "/repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing", + "/repos/{owner}/{repo}/activity", + "/repos/{owner}/{repo}/assignees", + "/repos/{owner}/{repo}/assignees/{assignee}", + "/repos/{owner}/{repo}/attestations", + "/repos/{owner}/{repo}/attestations/{subject_digest}", + "/repos/{owner}/{repo}/autolinks", + "/repos/{owner}/{repo}/autolinks/{autolink_id}", + "/repos/{owner}/{repo}/automated-security-fixes", + "/repos/{owner}/{repo}/branches", + "/repos/{owner}/{repo}/branches/{branch}", + "/repos/{owner}/{repo}/branches/{branch}/protection", + "/repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins", + "/repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews", + "/repos/{owner}/{repo}/branches/{branch}/protection/required_signatures", + "/repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks", + "/repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts", + "/repos/{owner}/{repo}/branches/{branch}/protection/restrictions", + "/repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps", + "/repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams", + "/repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users", + "/repos/{owner}/{repo}/branches/{branch}/rename", + "/repos/{owner}/{repo}/check-runs", + "/repos/{owner}/{repo}/check-runs/{check_run_id}", + "/repos/{owner}/{repo}/check-runs/{check_run_id}/annotations", + "/repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest", + "/repos/{owner}/{repo}/check-suites", + "/repos/{owner}/{repo}/check-suites/preferences", + "/repos/{owner}/{repo}/check-suites/{check_suite_id}", + "/repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs", + "/repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest", + "/repos/{owner}/{repo}/code-scanning/alerts", + "/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}", + "/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances", + "/repos/{owner}/{repo}/code-scanning/analyses", + "/repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}", + "/repos/{owner}/{repo}/code-scanning/codeql/databases", + "/repos/{owner}/{repo}/code-scanning/codeql/databases/{language}", + "/repos/{owner}/{repo}/code-scanning/codeql/variant-analyses", + "/repos/{owner}/{repo}/code-scanning/codeql/variant-analyses/{codeql_variant_analysis_id}", + "/repos/{owner}/{repo}/code-scanning/codeql/variant-analyses/{codeql_variant_analysis_id}/repos/{repo_owner}/{repo_name}", + "/repos/{owner}/{repo}/code-scanning/default-setup", + "/repos/{owner}/{repo}/code-scanning/sarifs", + "/repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}", + "/repos/{owner}/{repo}/code-security-configuration", + "/repos/{owner}/{repo}/codeowners/errors", + "/repos/{owner}/{repo}/codespaces", + "/repos/{owner}/{repo}/codespaces/devcontainers", + "/repos/{owner}/{repo}/codespaces/machines", + "/repos/{owner}/{repo}/codespaces/new", + "/repos/{owner}/{repo}/codespaces/permissions_check", + "/repos/{owner}/{repo}/codespaces/secrets", + "/repos/{owner}/{repo}/codespaces/secrets/public-key", + "/repos/{owner}/{repo}/codespaces/secrets/{secret_name}", + "/repos/{owner}/{repo}/collaborators", + "/repos/{owner}/{repo}/collaborators/{username}", + "/repos/{owner}/{repo}/collaborators/{username}/permission", + "/repos/{owner}/{repo}/comments", + "/repos/{owner}/{repo}/comments/{comment_id}", + "/repos/{owner}/{repo}/comments/{comment_id}/reactions", + "/repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}", + "/repos/{owner}/{repo}/commits", + "/repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head", + "/repos/{owner}/{repo}/commits/{commit_sha}/comments", + "/repos/{owner}/{repo}/commits/{commit_sha}/pulls", + "/repos/{owner}/{repo}/commits/{ref}", + "/repos/{owner}/{repo}/commits/{ref}/check-runs", + "/repos/{owner}/{repo}/commits/{ref}/check-suites", + "/repos/{owner}/{repo}/commits/{ref}/status", + "/repos/{owner}/{repo}/commits/{ref}/statuses", + "/repos/{owner}/{repo}/community/profile", + "/repos/{owner}/{repo}/compare/{basehead}", + "/repos/{owner}/{repo}/contents/{path}", + "/repos/{owner}/{repo}/contributors", + "/repos/{owner}/{repo}/dependabot/alerts", + "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", + "/repos/{owner}/{repo}/dependabot/secrets", + "/repos/{owner}/{repo}/dependabot/secrets/public-key", + "/repos/{owner}/{repo}/dependabot/secrets/{secret_name}", + "/repos/{owner}/{repo}/dependency-graph/compare/{basehead}", + "/repos/{owner}/{repo}/dependency-graph/sbom", + "/repos/{owner}/{repo}/dependency-graph/snapshots", + "/repos/{owner}/{repo}/deployments", + "/repos/{owner}/{repo}/deployments/{deployment_id}", + "/repos/{owner}/{repo}/deployments/{deployment_id}/statuses", + "/repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}", + "/repos/{owner}/{repo}/dispatches", + "/repos/{owner}/{repo}/environments", + "/repos/{owner}/{repo}/environments/{environment_name}", + "/repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies", + "/repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}", + "/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules", + "/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules/apps", + "/repos/{owner}/{repo}/environments/{environment_name}/deployment_protection_rules/{protection_rule_id}", + "/repos/{owner}/{repo}/environments/{environment_name}/secrets", + "/repos/{owner}/{repo}/environments/{environment_name}/secrets/public-key", + "/repos/{owner}/{repo}/environments/{environment_name}/secrets/{secret_name}", + "/repos/{owner}/{repo}/environments/{environment_name}/variables", + "/repos/{owner}/{repo}/environments/{environment_name}/variables/{name}", + "/repos/{owner}/{repo}/events", + "/repos/{owner}/{repo}/forks", + "/repos/{owner}/{repo}/git/blobs", + "/repos/{owner}/{repo}/git/blobs/{file_sha}", + "/repos/{owner}/{repo}/git/commits", + "/repos/{owner}/{repo}/git/commits/{commit_sha}", + "/repos/{owner}/{repo}/git/matching-refs/{ref}", + "/repos/{owner}/{repo}/git/ref/{ref}", + "/repos/{owner}/{repo}/git/refs", + "/repos/{owner}/{repo}/git/refs/{ref}", + "/repos/{owner}/{repo}/git/tags", + "/repos/{owner}/{repo}/git/tags/{tag_sha}", + "/repos/{owner}/{repo}/git/trees", + "/repos/{owner}/{repo}/git/trees/{tree_sha}", + "/repos/{owner}/{repo}/hooks", + "/repos/{owner}/{repo}/hooks/{hook_id}", + "/repos/{owner}/{repo}/hooks/{hook_id}/config", + "/repos/{owner}/{repo}/hooks/{hook_id}/deliveries", + "/repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}", + "/repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts", + "/repos/{owner}/{repo}/hooks/{hook_id}/pings", + "/repos/{owner}/{repo}/hooks/{hook_id}/tests", + "/repos/{owner}/{repo}/import", + "/repos/{owner}/{repo}/import/authors", + "/repos/{owner}/{repo}/import/authors/{author_id}", + "/repos/{owner}/{repo}/import/large_files", + "/repos/{owner}/{repo}/import/lfs", + "/repos/{owner}/{repo}/installation", + "/repos/{owner}/{repo}/interaction-limits", + "/repos/{owner}/{repo}/invitations", + "/repos/{owner}/{repo}/invitations/{invitation_id}", + "/repos/{owner}/{repo}/issues", + "/repos/{owner}/{repo}/issues/comments", + "/repos/{owner}/{repo}/issues/comments/{comment_id}", + "/repos/{owner}/{repo}/issues/comments/{comment_id}/reactions", + "/repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}", + "/repos/{owner}/{repo}/issues/events", + "/repos/{owner}/{repo}/issues/events/{event_id}", + "/repos/{owner}/{repo}/issues/{issue_number}", + "/repos/{owner}/{repo}/issues/{issue_number}/assignees", + "/repos/{owner}/{repo}/issues/{issue_number}/assignees/{assignee}", + "/repos/{owner}/{repo}/issues/{issue_number}/comments", + "/repos/{owner}/{repo}/issues/{issue_number}/events", + "/repos/{owner}/{repo}/issues/{issue_number}/labels", + "/repos/{owner}/{repo}/issues/{issue_number}/labels/{name}", + "/repos/{owner}/{repo}/issues/{issue_number}/lock", + "/repos/{owner}/{repo}/issues/{issue_number}/reactions", + "/repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}", + "/repos/{owner}/{repo}/issues/{issue_number}/timeline", + "/repos/{owner}/{repo}/keys", + "/repos/{owner}/{repo}/keys/{key_id}", + "/repos/{owner}/{repo}/labels", + "/repos/{owner}/{repo}/labels/{name}", + "/repos/{owner}/{repo}/languages", + "/repos/{owner}/{repo}/license", + "/repos/{owner}/{repo}/merge-upstream", + "/repos/{owner}/{repo}/merges", + "/repos/{owner}/{repo}/milestones", + "/repos/{owner}/{repo}/milestones/{milestone_number}", + "/repos/{owner}/{repo}/milestones/{milestone_number}/labels", + "/repos/{owner}/{repo}/notifications", + "/repos/{owner}/{repo}/pages", + "/repos/{owner}/{repo}/pages/builds", + "/repos/{owner}/{repo}/pages/builds/latest", + "/repos/{owner}/{repo}/pages/builds/{build_id}", + "/repos/{owner}/{repo}/pages/deployments", + "/repos/{owner}/{repo}/pages/deployments/{pages_deployment_id}", + "/repos/{owner}/{repo}/pages/deployments/{pages_deployment_id}/cancel", + "/repos/{owner}/{repo}/pages/health", + "/repos/{owner}/{repo}/private-vulnerability-reporting", + "/repos/{owner}/{repo}/projects", + "/repos/{owner}/{repo}/properties/values", + "/repos/{owner}/{repo}/pulls", + "/repos/{owner}/{repo}/pulls/comments", + "/repos/{owner}/{repo}/pulls/comments/{comment_id}", + "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions", + "/repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}", + "/repos/{owner}/{repo}/pulls/{pull_number}", + "/repos/{owner}/{repo}/pulls/{pull_number}/codespaces", + "/repos/{owner}/{repo}/pulls/{pull_number}/comments", + "/repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies", + "/repos/{owner}/{repo}/pulls/{pull_number}/commits", + "/repos/{owner}/{repo}/pulls/{pull_number}/files", + "/repos/{owner}/{repo}/pulls/{pull_number}/merge", + "/repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers", + "/repos/{owner}/{repo}/pulls/{pull_number}/reviews", + "/repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}", + "/repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments", + "/repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals", + "/repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events", + "/repos/{owner}/{repo}/pulls/{pull_number}/update-branch", + "/repos/{owner}/{repo}/readme", + "/repos/{owner}/{repo}/readme/{dir}", + "/repos/{owner}/{repo}/releases", + "/repos/{owner}/{repo}/releases/assets/{asset_id}", + "/repos/{owner}/{repo}/releases/generate-notes", + "/repos/{owner}/{repo}/releases/latest", + "/repos/{owner}/{repo}/releases/tags/{tag}", + "/repos/{owner}/{repo}/releases/{release_id}", + "/repos/{owner}/{repo}/releases/{release_id}/assets", + "/repos/{owner}/{repo}/releases/{release_id}/reactions", + "/repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}", + "/repos/{owner}/{repo}/rules/branches/{branch}", + "/repos/{owner}/{repo}/rulesets", + "/repos/{owner}/{repo}/rulesets/rule-suites", + "/repos/{owner}/{repo}/rulesets/rule-suites/{rule_suite_id}", + "/repos/{owner}/{repo}/rulesets/{ruleset_id}", + "/repos/{owner}/{repo}/secret-scanning/alerts", + "/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}", + "/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations", + "/repos/{owner}/{repo}/secret-scanning/push-protection-bypasses", + "/repos/{owner}/{repo}/security-advisories", + "/repos/{owner}/{repo}/security-advisories/reports", + "/repos/{owner}/{repo}/security-advisories/{ghsa_id}", + "/repos/{owner}/{repo}/security-advisories/{ghsa_id}/cve", + "/repos/{owner}/{repo}/security-advisories/{ghsa_id}/forks", + "/repos/{owner}/{repo}/stargazers", + "/repos/{owner}/{repo}/stats/code_frequency", + "/repos/{owner}/{repo}/stats/commit_activity", + "/repos/{owner}/{repo}/stats/contributors", + "/repos/{owner}/{repo}/stats/participation", + "/repos/{owner}/{repo}/stats/punch_card", + "/repos/{owner}/{repo}/statuses/{sha}", + "/repos/{owner}/{repo}/subscribers", + "/repos/{owner}/{repo}/subscription", + "/repos/{owner}/{repo}/tags", + "/repos/{owner}/{repo}/tags/protection", + "/repos/{owner}/{repo}/tags/protection/{tag_protection_id}", + "/repos/{owner}/{repo}/tarball/{ref}", + "/repos/{owner}/{repo}/teams", + "/repos/{owner}/{repo}/topics", + "/repos/{owner}/{repo}/traffic/clones", + "/repos/{owner}/{repo}/traffic/popular/paths", + "/repos/{owner}/{repo}/traffic/popular/referrers", + "/repos/{owner}/{repo}/traffic/views", + "/repos/{owner}/{repo}/transfer", + "/repos/{owner}/{repo}/vulnerability-alerts", + "/repos/{owner}/{repo}/zipball/{ref}", + "/repos/{template_owner}/{template_repo}/generate", + "/repositories", + "/search/code", + "/search/commits", + "/search/issues", + "/search/labels", + "/search/repositories", + "/search/topics", + "/search/users", + "/teams/{team_id}", + "/teams/{team_id}/discussions", + "/teams/{team_id}/discussions/{discussion_number}", + "/teams/{team_id}/discussions/{discussion_number}/comments", + "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}", + "/teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", + "/teams/{team_id}/discussions/{discussion_number}/reactions", + "/teams/{team_id}/invitations", + "/teams/{team_id}/members", + "/teams/{team_id}/members/{username}", + "/teams/{team_id}/memberships/{username}", + "/teams/{team_id}/projects", + "/teams/{team_id}/projects/{project_id}", + "/teams/{team_id}/repos", + "/teams/{team_id}/repos/{owner}/{repo}", + "/teams/{team_id}/teams", + "/user", + "/user/blocks", + "/user/blocks/{username}", + "/user/codespaces", + "/user/codespaces/secrets", + "/user/codespaces/secrets/public-key", + "/user/codespaces/secrets/{secret_name}", + "/user/codespaces/secrets/{secret_name}/repositories", + "/user/codespaces/secrets/{secret_name}/repositories/{repository_id}", + "/user/codespaces/{codespace_name}", + "/user/codespaces/{codespace_name}/exports", + "/user/codespaces/{codespace_name}/exports/{export_id}", + "/user/codespaces/{codespace_name}/machines", + "/user/codespaces/{codespace_name}/publish", + "/user/codespaces/{codespace_name}/start", + "/user/codespaces/{codespace_name}/stop", + "/user/docker/conflicts", + "/user/email/visibility", + "/user/emails", + "/user/followers", + "/user/following", + "/user/following/{username}", + "/user/gpg_keys", + "/user/gpg_keys/{gpg_key_id}", + "/user/installations", + "/user/installations/{installation_id}/repositories", + "/user/installations/{installation_id}/repositories/{repository_id}", + "/user/interaction-limits", + "/user/issues", + "/user/keys", + "/user/keys/{key_id}", + "/user/marketplace_purchases", + "/user/marketplace_purchases/stubbed", + "/user/memberships/orgs", + "/user/memberships/orgs/{org}", + "/user/migrations", + "/user/migrations/{migration_id}", + "/user/migrations/{migration_id}/archive", + "/user/migrations/{migration_id}/repos/{repo_name}/lock", + "/user/migrations/{migration_id}/repositories", + "/user/orgs", + "/user/packages", + "/user/packages/{package_type}/{package_name}", + "/user/packages/{package_type}/{package_name}/restore", + "/user/packages/{package_type}/{package_name}/versions", + "/user/packages/{package_type}/{package_name}/versions/{package_version_id}", + "/user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore", + "/user/projects", + "/user/public_emails", + "/user/repos", + "/user/repository_invitations", + "/user/repository_invitations/{invitation_id}", + "/user/social_accounts", + "/user/ssh_signing_keys", + "/user/ssh_signing_keys/{ssh_signing_key_id}", + "/user/starred", + "/user/starred/{owner}/{repo}", + "/user/subscriptions", + "/user/teams", + "/user/{account_id}", + "/users", + "/users/{username}", + "/users/{username}/attestations/{subject_digest}", + "/users/{username}/docker/conflicts", + "/users/{username}/events", + "/users/{username}/events/orgs/{org}", + "/users/{username}/events/public", + "/users/{username}/followers", + "/users/{username}/following", + "/users/{username}/following/{target_user}", + "/users/{username}/gists", + "/users/{username}/gpg_keys", + "/users/{username}/hovercard", + "/users/{username}/installation", + "/users/{username}/keys", + "/users/{username}/orgs", + "/users/{username}/packages", + "/users/{username}/packages/{package_type}/{package_name}", + "/users/{username}/packages/{package_type}/{package_name}/restore", + "/users/{username}/packages/{package_type}/{package_name}/versions", + "/users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}", + "/users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore", + "/users/{username}/projects", + "/users/{username}/received_events", + "/users/{username}/received_events/public", + "/users/{username}/repos", + "/users/{username}/settings/billing/actions", + "/users/{username}/settings/billing/packages", + "/users/{username}/settings/billing/shared-storage", + "/users/{username}/social_accounts", + "/users/{username}/ssh_signing_keys", + "/users/{username}/starred", + "/users/{username}/subscriptions", + "/versions", + "/zen" +] diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index cca3be0c826..452f4afa7b3 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -1,7 +1,11 @@ """codspeed benchmarks for the URL dispatcher.""" import asyncio +import json import pathlib +import random +import string +from pathlib import Path from typing import NoReturn from unittest import mock @@ -46,11 +50,12 @@ async def handler(request: web.Request) -> NoReturn: app = web.Application() app.router.add_route("GET", "/", handler) app.freeze() + router = app.router request = _mock_request(method="GET", path="/") async def run_url_dispatcher_benchmark() -> None: for _ in range(resolve_count): - await app._router.resolve(request) + await router.resolve(request) @benchmark def _run() -> None: @@ -67,11 +72,12 @@ def test_resolve_static_root_route( app = web.Application() app.router.add_static("/", pathlib.Path(aiohttp.__file__).parent) app.freeze() + router = app.router request = _mock_request(method="GET", path="/") async def run_url_dispatcher_benchmark() -> None: for _ in range(resolve_count): - await app._router.resolve(request) + await router.resolve(request) @benchmark def _run() -> None: @@ -92,11 +98,12 @@ async def handler(request: web.Request) -> NoReturn: for count in range(250): app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) app.freeze() + router = app.router request = _mock_request(method="GET", path="/api/server/dispatch/1/update") async def run_url_dispatcher_benchmark() -> None: for _ in range(resolve_count): - await app._router.resolve(request) + await router.resolve(request) @benchmark def _run() -> None: @@ -116,6 +123,7 @@ async def handler(request: web.Request) -> NoReturn: for count in range(250): app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) app.freeze() + router = app.router requests = [ _mock_request(method="GET", path=f"/api/server/dispatch/{count}/update") @@ -124,7 +132,7 @@ async def handler(request: web.Request) -> NoReturn: async def run_url_dispatcher_benchmark() -> None: for request in requests: - await app._router.resolve(request) + await router.resolve(request) @benchmark def _run() -> None: @@ -152,12 +160,13 @@ async def handler(request: web.Request) -> NoReturn: for url in urls: app.router.add_route("GET", url, handler) app.freeze() + router = app.router requests = [_mock_request(method="GET", path=url) for url in urls] async def run_url_dispatcher_benchmark() -> None: for request in requests: - await app._router.resolve(request) + await router.resolve(request) @benchmark def _run() -> None: @@ -178,6 +187,7 @@ async def handler(request: web.Request) -> NoReturn: app.router.add_route("GET", f"/api/server/other/{count}/update", handler) app.router.add_route("GET", "/api/server/dispatch/{customer}/update", handler) app.freeze() + router = app.router requests = [ _mock_request(method="GET", path=f"/api/server/dispatch/{customer}/update") @@ -186,7 +196,121 @@ async def handler(request: web.Request) -> NoReturn: async def run_url_dispatcher_benchmark() -> None: for request in requests: - await app._router.resolve(request) + await router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_gitapi( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve DynamicResource for simulated github API. + + The benchmark uses OpenAPI generated info for github. + To update the local data file please run the following command: + $ curl https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.json | jq ".paths | keys" > github-urls.json + """ + + async def handler(request: web.Request) -> NoReturn: + assert False + + here = Path(__file__).parent + with (here / "github-urls.json").open() as f: + urls = json.load(f) + + app = web.Application() + for url in urls: + app.router.add_get(url, handler) + app.freeze() + router = app.router + + # PR reviews API was selected absolutely voluntary. + # It is not any special but sits somewhere in the middle of the urls list. + # If anybody has better idea please suggest. + + alnums = string.ascii_letters + string.digits + + requests = [] + for i in range(250): + owner = "".join(random.sample(alnums, 10)) + repo = "".join(random.sample(alnums, 10)) + pull_number = random.randint(0, 250) + requests.append( + _mock_request( + method="GET", path=f"/repos/{owner}/{repo}/pulls/{pull_number}/reviews" + ) + ) + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_gitapi_subapps( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve DynamicResource for simulated github API, grouped in subapps. + + The benchmark uses OpenAPI generated info for github. + To update the local data file please run the following command: + $ curl https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.json | jq ".paths | keys" > github-urls.json + """ + + async def handler(request: web.Request) -> NoReturn: + assert False + + here = Path(__file__).parent + with (here / "github-urls.json").open() as f: + urls = json.load(f) + + subapps = { + "gists": web.Application(), + "orgs": web.Application(), + "projects": web.Application(), + "repos": web.Application(), + "teams": web.Application(), + "user": web.Application(), + "users": web.Application(), + } + + app = web.Application() + for url in urls: + parts = url.split("/") + subapp = subapps.get(parts[1], app) + subapp.router.add_get(url, handler) + for key, subapp in subapps.items(): + app.add_subapp("/" + key, subapp) + app.freeze() + router = app.router + + # PR reviews API was selected absolutely voluntary. + # It is not any special but sits somewhere in the middle of the urls list. + # If anybody has better idea please suggest. + + alnums = string.ascii_letters + string.digits + + requests = [] + for i in range(250): + owner = "".join(random.sample(alnums, 10)) + repo = "".join(random.sample(alnums, 10)) + pull_number = random.randint(0, 250) + requests.append( + _mock_request( + method="GET", path=f"/repos/{owner}/{repo}/pulls/{pull_number}/reviews" + ) + ) + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await router.resolve(request) @benchmark def _run() -> None: From 58a78f63083c82bbe71f85fcadf1ef0447e55b62 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 19:11:32 -0600 Subject: [PATCH 016/148] [PR #9929/73691e49 backport][3.10] Add couple benchmarks for dynamic routes (#9930) Co-authored-by: Andrew Svetlov --- tests/test_benchmarks_web_urldispatcher.py | 64 +++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index 452f4afa7b3..16a59516b35 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -173,7 +173,7 @@ def _run() -> None: loop.run_until_complete(run_url_dispatcher_benchmark()) -def test_resolve_dynamic_resource_url_with_many_routes( +def test_resolve_dynamic_resource_url_with_many_static_routes( loop: asyncio.AbstractEventLoop, benchmark: BenchmarkFixture, ) -> None: @@ -203,6 +203,68 @@ def _run() -> None: loop.run_until_complete(run_url_dispatcher_benchmark()) +def test_resolve_dynamic_resource_url_with_many_dynamic_routes( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve different a DynamicResource when there are 250 DynamicResources registered.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for count in range(250): + app.router.add_route( + "GET", f"/api/server/other/{{customer}}/update{count}", handler + ) + app.router.add_route("GET", "/api/server/dispatch/{customer}/update", handler) + app.freeze() + router = app.router + + requests = [ + _mock_request(method="GET", path=f"/api/server/dispatch/{customer}/update") + for customer in range(250) + ] + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_dynamic_resource_url_with_many_dynamic_routes_with_common_prefix( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve different a DynamicResource when there are 250 DynamicResources registered with the same common prefix.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for count in range(250): + app.router.add_route("GET", f"/api/{{customer}}/show_{count}", handler) + app.router.add_route("GET", "/api/{customer}/update", handler) + app.freeze() + router = app.router + + requests = [ + _mock_request(method="GET", path=f"/api/{customer}/update") + for customer in range(250) + ] + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + def test_resolve_gitapi( loop: asyncio.AbstractEventLoop, benchmark: BenchmarkFixture, From fcd8d8c0afc669f5bb2ccd109de2bf3fd7d3ff68 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 17 Nov 2024 09:04:31 +0100 Subject: [PATCH 017/148] [PR #9935/0c312496 backport][3.10] Add benchmark for routing sub_applications (#9936) **This is a backport of PR #9935 as merged into master (0c312496c6490f934cec360f21ae802e2c8d8679).** Router should be optimized for handling 2 kind of prefix resources (sub_apps and static files are handled equally now): 1. sub_apps are placed under non-overlapped top-level single-segment prefixed. `test_resolve_gitapi_subapps` benchmark test this case already. 2. sub_apps shares the same prefix segments, e.g. `/api/manager/plugin/{name}`. This PR covers the second case. Co-authored-by: Andrew Svetlov --- tests/test_benchmarks_web_urldispatcher.py | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index 16a59516b35..662a600c3b3 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -377,3 +377,37 @@ async def run_url_dispatcher_benchmark() -> None: @benchmark def _run() -> None: loop.run_until_complete(run_url_dispatcher_benchmark()) + + +def test_resolve_prefix_resources_many_prefix_many_plain( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve prefix resource (sub_app) whene 250 PlainResources registered and there are 250 subapps that shares the same sub_app path prefix.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for count in range(250): + app.router.add_get(f"/api/server/other/{count}/update", handler) + for count in range(250): + subapp = web.Application() + # sub_apps exists for handling deep enough nested route trees + subapp.router.add_get("/deep/enough/sub/path", handler) + app.add_subapp(f"/api/path/to/plugin/{count}", subapp) + app.freeze() + router = app.router + + requests = [ + _mock_request(method="GET", path="/api/path/to/plugin/249/deep/enough/sub/path") + for customer in range(250) + ] + + async def run_url_dispatcher_benchmark() -> None: + for request in requests: + await router.resolve(request) + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) From dddb925d287d3d140e487cf7dc34e9f74e7ca523 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 17 Nov 2024 19:14:32 +0000 Subject: [PATCH 018/148] [PR #9940/9ca1a581 backport][3.10] Add benchmarks for creating web responses (#9941) Co-authored-by: J. Nick Koston --- tests/test_benchmarks_web_response.py | 62 +++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 tests/test_benchmarks_web_response.py diff --git a/tests/test_benchmarks_web_response.py b/tests/test_benchmarks_web_response.py new file mode 100644 index 00000000000..fbf1fadf1e1 --- /dev/null +++ b/tests/test_benchmarks_web_response.py @@ -0,0 +1,62 @@ +"""codspeed benchmarks for the web responses.""" + +from pytest_codspeed import BenchmarkFixture + +from aiohttp import web + + +def test_simple_web_response(benchmark: BenchmarkFixture) -> None: + """Benchmark creating 100 simple web.Response.""" + response_count = 100 + + @benchmark + def _run() -> None: + for _ in range(response_count): + web.Response() + + +def test_web_response_with_headers(benchmark: BenchmarkFixture) -> None: + """Benchmark creating 100 web.Response with headers.""" + response_count = 100 + headers = { + "Content-Type": "text/plain", + "Server": "aiohttp", + "Date": "Sun, 01 Aug 2021 12:00:00 GMT", + } + + @benchmark + def _run() -> None: + for _ in range(response_count): + web.Response(headers=headers) + + +def test_web_response_with_bytes_body( + benchmark: BenchmarkFixture, +) -> None: + """Benchmark creating 100 web.Response with bytes.""" + response_count = 100 + + @benchmark + def _run() -> None: + for _ in range(response_count): + web.Response(body=b"Hello, World!") + + +def test_web_response_with_text_body(benchmark: BenchmarkFixture) -> None: + """Benchmark creating 100 web.Response with text.""" + response_count = 100 + + @benchmark + def _run() -> None: + for _ in range(response_count): + web.Response(text="Hello, World!") + + +def test_simple_web_stream_response(benchmark: BenchmarkFixture) -> None: + """Benchmark creating 100 simple web.StreamResponse.""" + response_count = 100 + + @benchmark + def _run() -> None: + for _ in range(response_count): + web.StreamResponse() From 43ee43b52f56e08181b2997ae486a5f461677bbc Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 17 Nov 2024 20:34:21 +0000 Subject: [PATCH 019/148] [PR #9944/69ca7df6 backport][3.10] Use SPDX license expression (#9947) Co-authored-by: Marc Mueller <30130371+cdce8p@users.noreply.github.com> --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index de3fb2e9e63..ce8bfd42879 100644 --- a/setup.cfg +++ b/setup.cfg @@ -16,7 +16,7 @@ long_description = file: README.rst long_description_content_type = text/x-rst maintainer = aiohttp team maintainer_email = team@aiohttp.org -license = Apache 2 +license = Apache-2.0 license_files = LICENSE.txt classifiers = Development Status :: 5 - Production/Stable From 7d120a5c7e5ddb14328cf16922573dc2e91e6e13 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 17 Nov 2024 23:42:23 +0100 Subject: [PATCH 020/148] [PR #9939/509fddfd backport][3.10] Fix test_resolve_gitapi_subapps benchmark (#9948) **This is a backport of PR #9939 as merged into master (509fddfd3c6673bfa5ad11783e8d49e57d5a2fbe).** Also add checks that url dispatcher benchmarks find expected routes Co-authored-by: Andrew Svetlov --- tests/test_benchmarks_web_urldispatcher.py | 148 +++++++++++++++++---- 1 file changed, 120 insertions(+), 28 deletions(-) diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index 662a600c3b3..033e2543a73 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -6,7 +6,7 @@ import random import string from pathlib import Path -from typing import NoReturn +from typing import NoReturn, Optional from unittest import mock from multidict import CIMultiDict, CIMultiDictProxy @@ -53,9 +53,16 @@ async def handler(request: web.Request) -> NoReturn: router = app.router request = _mock_request(method="GET", path="/") - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for _ in range(resolve_count): - await router.resolve(request) + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["path"] == "/", ret.get_info() @benchmark def _run() -> None: @@ -70,14 +77,22 @@ def test_resolve_static_root_route( resolve_count = 100 app = web.Application() - app.router.add_static("/", pathlib.Path(aiohttp.__file__).parent) + here = pathlib.Path(aiohttp.__file__).parent + app.router.add_static("/", here) app.freeze() router = app.router request = _mock_request(method="GET", path="/") - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for _ in range(resolve_count): - await router.resolve(request) + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["directory"] == here, ret.get_info() @benchmark def _run() -> None: @@ -101,9 +116,16 @@ async def handler(request: web.Request) -> NoReturn: router = app.router request = _mock_request(method="GET", path="/api/server/dispatch/1/update") - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for _ in range(resolve_count): - await router.resolve(request) + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["path"] == "/api/server/dispatch/1/update", ret.get_info() @benchmark def _run() -> None: @@ -130,9 +152,15 @@ async def handler(request: web.Request) -> NoReturn: for count in range(250) ] - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["path"] == "/api/server/dispatch/249/update", ret.get_info() @benchmark def _run() -> None: @@ -162,11 +190,18 @@ async def handler(request: web.Request) -> NoReturn: app.freeze() router = app.router - requests = [_mock_request(method="GET", path=url) for url in urls] + requests = [(_mock_request(method="GET", path=url), url) for url in urls] - async def run_url_dispatcher_benchmark() -> None: - for request in requests: - await router.resolve(request) + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None + for request, path in requests: + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["path"] == url, ret.get_info() @benchmark def _run() -> None: @@ -194,9 +229,18 @@ async def handler(request: web.Request) -> NoReturn: for customer in range(250) ] - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ( + ret.get_info()["formatter"] == "/api/server/dispatch/{customer}/update" + ), ret.get_info() @benchmark def _run() -> None: @@ -226,9 +270,18 @@ async def handler(request: web.Request) -> NoReturn: for customer in range(250) ] - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ( + ret.get_info()["formatter"] == "/api/server/dispatch/{customer}/update" + ), ret.get_info() @benchmark def _run() -> None: @@ -256,9 +309,16 @@ async def handler(request: web.Request) -> NoReturn: for customer in range(250) ] - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["formatter"] == "/api/{customer}/update", ret.get_info() @benchmark def _run() -> None: @@ -306,9 +366,18 @@ async def handler(request: web.Request) -> NoReturn: ) ) - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ( + ret.get_info()["formatter"] + == "/repos/{owner}/{repo}/pulls/{pull_number}/reviews" + ), ret.get_info() @benchmark def _run() -> None: @@ -346,8 +415,14 @@ async def handler(request: web.Request) -> NoReturn: app = web.Application() for url in urls: parts = url.split("/") - subapp = subapps.get(parts[1], app) - subapp.router.add_get(url, handler) + subapp = subapps.get(parts[1]) + if subapp is not None: + sub_url = "/".join([""] + parts[2:]) + if not sub_url: + sub_url = "/" + subapp.router.add_get(sub_url, handler) + else: + app.router.add_get(url, handler) for key, subapp in subapps.items(): app.add_subapp("/" + key, subapp) app.freeze() @@ -370,9 +445,18 @@ async def handler(request: web.Request) -> NoReturn: ) ) - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ( + ret.get_info()["formatter"] + == "/repos/{owner}/{repo}/pulls/{pull_number}/reviews" + ), ret.get_info() @benchmark def _run() -> None: @@ -404,9 +488,17 @@ async def handler(request: web.Request) -> NoReturn: for customer in range(250) ] - async def run_url_dispatcher_benchmark() -> None: + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None for request in requests: - await router.resolve(request) + ret = await router.resolve(request) + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ( + ret.get_info()["path"] == "/api/path/to/plugin/249/deep/enough/sub/path" + ), ret.get_info() @benchmark def _run() -> None: From f54715d714d8d28364cf04584b20d6232bb37add Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 21:59:05 +0100 Subject: [PATCH 021/148] [PR #9954/be31bed2 backport][3.10] Add url dispatcher benchmark for resolving root route when exists many plain routes in the subtree (#9958) **This is a backport of PR #9954 as merged into master (be31bed20210b6d7380aed8702a17994ea6a2d59).** Yet another benchmark. There is a tree: ``` / /api /api/server /api/server/dispatch /api/server/dispatch/123 /api/server/dispatch/123/update ``` The benchmark resolves the root route `/`. If the search starts from checking deep-most resource it cold be suboptimal. Co-authored-by: Andrew Svetlov --- tests/test_benchmarks_web_urldispatcher.py | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index 033e2543a73..5d151d984af 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -69,6 +69,44 @@ def _run() -> None: loop.run_until_complete(run_url_dispatcher_benchmark()) +def test_resolve_root_route_with_many_fixed_routes( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, +) -> None: + """Resolve top level PlainResources route 100 times.""" + resolve_count = 100 + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + app.router.add_route("GET", "/", handler) + for count in range(250): + app.router.add_route("GET", f"/api/server/dispatch/{count}/update", handler) + app.router.add_route("GET", f"/api/server/dispatch/{count}", handler) + app.router.add_route("GET", "/api/server/dispatch", handler) + app.router.add_route("GET", "/api/server", handler) + app.router.add_route("GET", "/api", handler) + app.freeze() + router = app.router + request = _mock_request(method="GET", path="/") + + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None + for _ in range(resolve_count): + ret = await router.resolve(request) + + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["path"] == "/", ret.get_info() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + def test_resolve_static_root_route( loop: asyncio.AbstractEventLoop, benchmark: BenchmarkFixture, From f5d5da43b05af7f62a40dff8a87e9c1a9bd479a2 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 21:59:59 +0100 Subject: [PATCH 022/148] [PR #9953/27e23fb0 backport][3.10] Add .codspeed folder to .gitignore (#9955) **This is a backport of PR #9953 as merged into master (27e23fb0cff3b603563c70b3e3cb3a87d53d97d5).** The folder contains https://codspeed.io local run results Co-authored-by: Andrew Svetlov --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 7d38dd91998..96dbb1ae709 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ .DS_Store .Python .cache +.codspeed .coverage .coverage.* .develop From a4269dca715aa58f9099d6ea91dfcbf0efa75e43 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:33:41 +0000 Subject: [PATCH 023/148] [PR #9991/7bbbd126 backport][3.10] Increase allowed benchmark run time to 7 minutes (#9994) Co-authored-by: J. Nick Koston --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index d3d9a0ddfdb..2e0dda1e0e4 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -246,7 +246,7 @@ jobs: needs: gen_llhttp runs-on: ubuntu-latest - timeout-minutes: 5 + timeout-minutes: 7 steps: - name: Checkout project uses: actions/checkout@v4 From e6eacd74f540f6939fbee1888be9fca0b71b1926 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 22:01:47 +0000 Subject: [PATCH 024/148] [PR #10004/a334eef7 backport][3.10] Avoid building `skip_headers` in `ClientSession._request` if it will be thrown away (#10005) Co-authored-by: J. Nick Koston --- aiohttp/client.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/aiohttp/client.py b/aiohttp/client.py index 28228dd8030..cc0acb21982 100644 --- a/aiohttp/client.py +++ b/aiohttp/client.py @@ -521,10 +521,15 @@ async def _request( if url.scheme not in self._connector.allowed_protocol_schema_set: raise NonHttpUrlClientError(url) - skip_headers = set(self._skip_auto_headers) + skip_headers: Optional[Iterable[istr]] if skip_auto_headers is not None: - for i in skip_auto_headers: - skip_headers.add(istr(i)) + skip_headers = { + istr(i) for i in skip_auto_headers + } | self._skip_auto_headers + elif self._skip_auto_headers: + skip_headers = self._skip_auto_headers + else: + skip_headers = None if proxy is None: proxy_headers = None @@ -637,7 +642,7 @@ async def _request( url, params=params, headers=headers, - skip_auto_headers=skip_headers if skip_headers else None, + skip_auto_headers=skip_headers, data=data, cookies=all_cookies, auth=auth, From b069515d7804d977e16e38f55addcf4411f2de06 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 20 Nov 2024 17:17:26 -0600 Subject: [PATCH 025/148] [PR #10003/78d1be5 backport][3.10] Fix client connection header not reflecting connector `force_close` value (#10008) --- CHANGES/10003.bugfix.rst | 1 + aiohttp/client_reqrep.py | 32 +++----------- tests/test_benchmarks_client_request.py | 6 +++ tests/test_client_request.py | 58 +++++++++---------------- tests/test_web_functional.py | 5 +-- 5 files changed, 37 insertions(+), 65 deletions(-) create mode 100644 CHANGES/10003.bugfix.rst diff --git a/CHANGES/10003.bugfix.rst b/CHANGES/10003.bugfix.rst new file mode 100644 index 00000000000..69aa554591d --- /dev/null +++ b/CHANGES/10003.bugfix.rst @@ -0,0 +1 @@ +Fixed the HTTP client not considering the connector's ``force_close`` value when setting the ``Connection`` header -- by :user:`bdraco`. diff --git a/aiohttp/client_reqrep.py b/aiohttp/client_reqrep.py index 91605f0e83d..b847ec8a261 100644 --- a/aiohttp/client_reqrep.py +++ b/aiohttp/client_reqrep.py @@ -639,18 +639,6 @@ def update_proxy( proxy_headers = CIMultiDict(proxy_headers) self.proxy_headers = proxy_headers - def keep_alive(self) -> bool: - if self.version < HttpVersion10: - # keep alive not supported at all - return False - if self.version == HttpVersion10: - # no headers means we close for Http 1.0 - return self.headers.get(hdrs.CONNECTION) == "keep-alive" - elif self.headers.get(hdrs.CONNECTION) == "close": - return False - - return True - async def write_bytes( self, writer: AbstractStreamWriter, conn: "Connection" ) -> None: @@ -751,21 +739,15 @@ async def send(self, conn: "Connection") -> "ClientResponse": ): self.headers[hdrs.CONTENT_TYPE] = "application/octet-stream" - # set the connection header - connection = self.headers.get(hdrs.CONNECTION) - if not connection: - if self.keep_alive(): - if self.version == HttpVersion10: - connection = "keep-alive" - else: - if self.version == HttpVersion11: - connection = "close" - - if connection is not None: - self.headers[hdrs.CONNECTION] = connection + v = self.version + if hdrs.CONNECTION not in self.headers: + if conn._connector.force_close: + if v == HttpVersion11: + self.headers[hdrs.CONNECTION] = "close" + elif v == HttpVersion10: + self.headers[hdrs.CONNECTION] = "keep-alive" # status + headers - v = self.version status_line = f"{self.method} {path} HTTP/{v.major}.{v.minor}" await writer.write_headers(status_line, self.headers) coro = self.write_bytes(writer, conn) diff --git a/tests/test_benchmarks_client_request.py b/tests/test_benchmarks_client_request.py index 3f132d04d14..2913aa0eb91 100644 --- a/tests/test_benchmarks_client_request.py +++ b/tests/test_benchmarks_client_request.py @@ -95,10 +95,16 @@ async def _drain_helper(self) -> None: def start_timeout(self) -> None: """Swallow start_timeout.""" + class MockConnector: + + def __init__(self) -> None: + self.force_close = False + class MockConnection: def __init__(self) -> None: self.transport = None self.protocol = MockProtocol() + self._connector = MockConnector() conn = MockConnection() diff --git a/tests/test_client_request.py b/tests/test_client_request.py index bf2fd4b7bc0..abb59641d0c 100644 --- a/tests/test_client_request.py +++ b/tests/test_client_request.py @@ -23,7 +23,7 @@ _gen_default_accept_encoding, _merge_ssl_params, ) -from aiohttp.http import HttpVersion +from aiohttp.http import HttpVersion10, HttpVersion11 from aiohttp.test_utils import make_mocked_coro @@ -140,30 +140,6 @@ def test_version_err(make_request) -> None: make_request("get", "http://python.org/", version="1.c") -def test_keep_alive(make_request) -> None: - req = make_request("get", "http://python.org/", version=(0, 9)) - assert not req.keep_alive() - - req = make_request("get", "http://python.org/", version=(1, 0)) - assert not req.keep_alive() - - req = make_request( - "get", - "http://python.org/", - version=(1, 0), - headers={"connection": "keep-alive"}, - ) - assert req.keep_alive() - - req = make_request("get", "http://python.org/", version=(1, 1)) - assert req.keep_alive() - - req = make_request( - "get", "http://python.org/", version=(1, 1), headers={"connection": "close"} - ) - assert not req.keep_alive() - - def test_host_port_default_http(make_request) -> None: req = make_request("get", "http://python.org/") assert req.host == "python.org" @@ -634,32 +610,40 @@ def test_gen_netloc_no_port(make_request) -> None: ) -async def test_connection_header(loop, conn) -> None: +async def test_connection_header( + loop: asyncio.AbstractEventLoop, conn: mock.Mock +) -> None: req = ClientRequest("get", URL("http://python.org"), loop=loop) - req.keep_alive = mock.Mock() req.headers.clear() - req.keep_alive.return_value = True - req.version = HttpVersion(1, 1) + req.version = HttpVersion11 req.headers.clear() - await req.send(conn) + with mock.patch.object(conn._connector, "force_close", False): + await req.send(conn) assert req.headers.get("CONNECTION") is None - req.version = HttpVersion(1, 0) + req.version = HttpVersion10 req.headers.clear() - await req.send(conn) + with mock.patch.object(conn._connector, "force_close", False): + await req.send(conn) assert req.headers.get("CONNECTION") == "keep-alive" - req.keep_alive.return_value = False - req.version = HttpVersion(1, 1) + req.version = HttpVersion11 req.headers.clear() - await req.send(conn) + with mock.patch.object(conn._connector, "force_close", True): + await req.send(conn) assert req.headers.get("CONNECTION") == "close" - await req.close() + req.version = HttpVersion10 + req.headers.clear() + with mock.patch.object(conn._connector, "force_close", True): + await req.send(conn) + assert not req.headers.get("CONNECTION") -async def test_no_content_length(loop, conn) -> None: +async def test_no_content_length( + loop: asyncio.AbstractEventLoop, conn: mock.Mock +) -> None: req = ClientRequest("get", URL("http://python.org"), loop=loop) resp = await req.send(conn) assert req.headers.get("CONTENT-LENGTH") is None diff --git a/tests/test_web_functional.py b/tests/test_web_functional.py index eadb43b1ecb..c61740dc61e 100644 --- a/tests/test_web_functional.py +++ b/tests/test_web_functional.py @@ -696,9 +696,8 @@ async def handler(request): await resp.release() -@pytest.mark.xfail -async def test_http10_keep_alive_default(aiohttp_client) -> None: - async def handler(request): +async def test_http10_keep_alive_default(aiohttp_client: AiohttpClient) -> None: + async def handler(request: web.Request) -> web.Response: return web.Response() app = web.Application() From b716fe6b89ac369eca925062c080fc829a48a733 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 23:41:24 +0000 Subject: [PATCH 026/148] [PR #9961/c984a44b backport][3.10] Disable Python 3.14 builds (#10011) Co-authored-by: Andrew Svetlov --- .github/workflows/ci-cd.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 2e0dda1e0e4..50e9db16f26 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -141,10 +141,10 @@ jobs: no-extensions: 'Y' os: ubuntu experimental: false - - os: ubuntu - pyver: "3.14" - experimental: true - no-extensions: 'Y' + # - os: ubuntu + # pyver: "3.14" + # experimental: true + # no-extensions: 'Y' fail-fast: true runs-on: ${{ matrix.os }}-latest continue-on-error: ${{ matrix.experimental }} From c8fc73187f8e397fcab390dbef0a07cf72d7ddab Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 03:47:24 +0000 Subject: [PATCH 027/148] [PR #10014/50d23aee backport][3.10] Improve performance of serializing headers (#10015) Co-authored-by: J. Nick Koston --- CHANGES/10014.misc.rst | 1 + aiohttp/_http_writer.pyx | 28 ++++++++++++++-------------- 2 files changed, 15 insertions(+), 14 deletions(-) create mode 100644 CHANGES/10014.misc.rst diff --git a/CHANGES/10014.misc.rst b/CHANGES/10014.misc.rst new file mode 100644 index 00000000000..8a27657cdb9 --- /dev/null +++ b/CHANGES/10014.misc.rst @@ -0,0 +1 @@ +Improved performance of serializing HTTP headers -- by :user:`bdraco`. diff --git a/aiohttp/_http_writer.pyx b/aiohttp/_http_writer.pyx index d19c20d76cc..287371334f8 100644 --- a/aiohttp/_http_writer.pyx +++ b/aiohttp/_http_writer.pyx @@ -100,10 +100,9 @@ cdef inline int _write_str(Writer* writer, str s): # --------------- _serialize_headers ---------------------- cdef str to_str(object s): - typ = type(s) - if typ is str: + if type(s) is str: return s - elif typ is _istr: + elif type(s) is _istr: return PyObject_Str(s) elif not isinstance(s, str): raise TypeError("Cannot serialize non-str key {!r}".format(s)) @@ -111,19 +110,14 @@ cdef str to_str(object s): return str(s) -cdef void _safe_header(str string) except *: - if "\r" in string or "\n" in string: - raise ValueError( - "Newline or carriage return character detected in HTTP status message or " - "header. This is a potential security issue." - ) - def _serialize_headers(str status_line, headers): cdef Writer writer cdef object key cdef object val cdef bytes ret + cdef str key_str + cdef str val_str _init_writer(&writer) @@ -136,16 +130,22 @@ def _serialize_headers(str status_line, headers): raise for key, val in headers.items(): - _safe_header(to_str(key)) - _safe_header(to_str(val)) + key_str = to_str(key) + val_str = to_str(val) + + if "\r" in key_str or "\n" in key_str or "\r" in val_str or "\n" in val_str: + raise ValueError( + "Newline or carriage return character detected in HTTP status message or " + "header. This is a potential security issue." + ) - if _write_str(&writer, to_str(key)) < 0: + if _write_str(&writer, key_str) < 0: raise if _write_byte(&writer, b':') < 0: raise if _write_byte(&writer, b' ') < 0: raise - if _write_str(&writer, to_str(val)) < 0: + if _write_str(&writer, val_str) < 0: raise if _write_byte(&writer, b'\r') < 0: raise From d9b434c46df3fcdcabfe861e0d84941624376d8f Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:30:57 +0000 Subject: [PATCH 028/148] [PR #10018/e79b2d5d backport][3.10] Add url dispatcher benchmark for resolving root route for github simulated routes tree (#10022) Co-authored-by: Andrew Svetlov --- tests/test_benchmarks_web_urldispatcher.py | 78 +++++++++++++++------- 1 file changed, 55 insertions(+), 23 deletions(-) diff --git a/tests/test_benchmarks_web_urldispatcher.py b/tests/test_benchmarks_web_urldispatcher.py index 5d151d984af..3a38d926461 100644 --- a/tests/test_benchmarks_web_urldispatcher.py +++ b/tests/test_benchmarks_web_urldispatcher.py @@ -6,9 +6,10 @@ import random import string from pathlib import Path -from typing import NoReturn, Optional +from typing import List, NoReturn, Optional, cast from unittest import mock +import pytest from multidict import CIMultiDict, CIMultiDictProxy from pytest_codspeed import BenchmarkFixture from yarl import URL @@ -18,6 +19,20 @@ from aiohttp.http import HttpVersion, RawRequestMessage +@pytest.fixture +def github_urls() -> List[str]: + """GitHub api urls.""" + # The fixture provides OpenAPI generated info for github. + # To update the local data file please run the following command: + # $ curl https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.json | jq ".paths | keys" > github-urls.json + + here = Path(__file__).parent + with (here / "github-urls.json").open() as f: + urls = json.load(f) + + return cast(List[str], urls) + + def _mock_request(method: str, path: str) -> web.Request: message = RawRequestMessage( method, @@ -366,23 +381,15 @@ def _run() -> None: def test_resolve_gitapi( loop: asyncio.AbstractEventLoop, benchmark: BenchmarkFixture, + github_urls: List[str], ) -> None: - """Resolve DynamicResource for simulated github API. - - The benchmark uses OpenAPI generated info for github. - To update the local data file please run the following command: - $ curl https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.json | jq ".paths | keys" > github-urls.json - """ + """Resolve DynamicResource for simulated github API.""" async def handler(request: web.Request) -> NoReturn: assert False - here = Path(__file__).parent - with (here / "github-urls.json").open() as f: - urls = json.load(f) - app = web.Application() - for url in urls: + for url in github_urls: app.router.add_get(url, handler) app.freeze() router = app.router @@ -425,21 +432,13 @@ def _run() -> None: def test_resolve_gitapi_subapps( loop: asyncio.AbstractEventLoop, benchmark: BenchmarkFixture, + github_urls: List[str], ) -> None: - """Resolve DynamicResource for simulated github API, grouped in subapps. - - The benchmark uses OpenAPI generated info for github. - To update the local data file please run the following command: - $ curl https://raw.githubusercontent.com/github/rest-api-description/refs/heads/main/descriptions/api.github.com/api.github.com.json | jq ".paths | keys" > github-urls.json - """ + """Resolve DynamicResource for simulated github API, grouped in subapps.""" async def handler(request: web.Request) -> NoReturn: assert False - here = Path(__file__).parent - with (here / "github-urls.json").open() as f: - urls = json.load(f) - subapps = { "gists": web.Application(), "orgs": web.Application(), @@ -451,7 +450,7 @@ async def handler(request: web.Request) -> NoReturn: } app = web.Application() - for url in urls: + for url in github_urls: parts = url.split("/") subapp = subapps.get(parts[1]) if subapp is not None: @@ -501,6 +500,39 @@ def _run() -> None: loop.run_until_complete(run_url_dispatcher_benchmark()) +def test_resolve_gitapi_root( + loop: asyncio.AbstractEventLoop, + benchmark: BenchmarkFixture, + github_urls: List[str], +) -> None: + """Resolve the plain root for simulated github API.""" + + async def handler(request: web.Request) -> NoReturn: + assert False + + app = web.Application() + for url in github_urls: + app.router.add_get(url, handler) + app.freeze() + router = app.router + + request = _mock_request(method="GET", path="/") + + async def run_url_dispatcher_benchmark() -> Optional[web.UrlMappingMatchInfo]: + ret = None + for i in range(250): + ret = await router.resolve(request) + return ret + + ret = loop.run_until_complete(run_url_dispatcher_benchmark()) + assert ret is not None + assert ret.get_info()["path"] == "/", ret.get_info() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_url_dispatcher_benchmark()) + + def test_resolve_prefix_resources_many_prefix_many_plain( loop: asyncio.AbstractEventLoop, benchmark: BenchmarkFixture, From 084f0ee9563aa86eca132ffe4adb23e092b5393f Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Sun, 20 Apr 2025 23:51:32 -1000 Subject: [PATCH 029/148] Increment version to 3.11.19.dev0 (#10775) --- aiohttp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index e3e0f3cc51e..164ace2deeb 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.11.18" +__version__ = "3.11.19.dev0" from typing import TYPE_CHECKING, Tuple From a449eb3cf8cba4c32f2e40ada12c15da8efb98b2 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sat, 3 May 2025 23:47:26 +0000 Subject: [PATCH 030/148] [PR #10797/ceed5028 backport][3.11] Build armv7l manylinux wheels (#10826) Co-authored-by: J. Nick Koston --- .github/workflows/ci-cd.yml | 3 +++ CHANGES/10797.feature.rst | 1 + 2 files changed, 4 insertions(+) create mode 100644 CHANGES/10797.feature.rst diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 23266b2b2d5..13c50dc8026 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -364,6 +364,9 @@ jobs: - os: ubuntu-latest qemu: s390x musl: musllinux + - os: ubuntu-latest + qemu: armv7l + musl: "" - os: ubuntu-latest qemu: armv7l musl: musllinux diff --git a/CHANGES/10797.feature.rst b/CHANGES/10797.feature.rst new file mode 100644 index 00000000000..fc68d09f34e --- /dev/null +++ b/CHANGES/10797.feature.rst @@ -0,0 +1 @@ +Started building armv7l manylinux wheels -- by :user:`bdraco`. From 12c6a7818bd4cd75ceaba4f0a60e165d3e4b7055 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 16 May 2025 19:46:58 +0000 Subject: [PATCH 031/148] [PR #10848/97eae194 backport][3.11] Add benchmark requests without session and alternating clients (#10866) Co-authored-by: J. Nick Koston resolver object churn in #10847 --- tests/test_benchmarks_client.py | 61 +++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/tests/test_benchmarks_client.py b/tests/test_benchmarks_client.py index aa3536be820..470fd68ce88 100644 --- a/tests/test_benchmarks_client.py +++ b/tests/test_benchmarks_client.py @@ -3,9 +3,10 @@ import asyncio from pytest_codspeed import BenchmarkFixture +from yarl import URL -from aiohttp import hdrs, web -from aiohttp.pytest_plugin import AiohttpClient +from aiohttp import hdrs, request, web +from aiohttp.pytest_plugin import AiohttpClient, AiohttpServer def test_one_hundred_simple_get_requests( @@ -33,6 +34,62 @@ def _run() -> None: loop.run_until_complete(run_client_benchmark()) +def test_one_hundred_simple_get_requests_alternating_clients( + loop: asyncio.AbstractEventLoop, + aiohttp_client: AiohttpClient, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 100 simple GET requests with alternating clients.""" + message_count = 100 + + async def handler(request: web.Request) -> web.Response: + return web.Response() + + app = web.Application() + app.router.add_route("GET", "/", handler) + + async def run_client_benchmark() -> None: + client1 = await aiohttp_client(app) + client2 = await aiohttp_client(app) + for i in range(message_count): + if i % 2 == 0: + await client1.get("/") + else: + await client2.get("/") + await client1.close() + await client2.close() + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + +def test_one_hundred_simple_get_requests_no_session( + loop: asyncio.AbstractEventLoop, + aiohttp_server: AiohttpServer, + benchmark: BenchmarkFixture, +) -> None: + """Benchmark 100 simple GET requests without a session.""" + message_count = 100 + + async def handler(request: web.Request) -> web.Response: + return web.Response() + + app = web.Application() + app.router.add_route("GET", "/", handler) + server = loop.run_until_complete(aiohttp_server(app)) + url = URL(f"http://{server.host}:{server.port}/") + + async def run_client_benchmark() -> None: + for _ in range(message_count): + async with request("GET", url): + pass + + @benchmark + def _run() -> None: + loop.run_until_complete(run_client_benchmark()) + + def test_one_hundred_simple_get_requests_multiple_methods_route( loop: asyncio.AbstractEventLoop, aiohttp_client: AiohttpClient, From b84417d8839fad260675af9b2e11793c4e5d5421 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Sat, 17 May 2025 23:16:11 -0400 Subject: [PATCH 032/148] [PR #10868/323bdcf backport][3.11] Fix unclosed resources in proxy xfail tests (#10869) --- tests/test_proxy_functional.py | 110 +++++++++++++++++++-------------- 1 file changed, 62 insertions(+), 48 deletions(-) diff --git a/tests/test_proxy_functional.py b/tests/test_proxy_functional.py index 02d77700d96..d0e20eec6b4 100644 --- a/tests/test_proxy_functional.py +++ b/tests/test_proxy_functional.py @@ -5,6 +5,7 @@ import ssl import sys from re import match as match_regex +from typing import Awaitable, Callable from unittest import mock from uuid import uuid4 @@ -13,7 +14,7 @@ from yarl import URL import aiohttp -from aiohttp import web +from aiohttp import ClientResponse, web from aiohttp.client_exceptions import ClientConnectionError from aiohttp.helpers import IS_MACOS, IS_WINDOWS @@ -498,17 +499,22 @@ async def xtest_proxy_https_connect_with_port(proxy_test_server, get_request): @pytest.mark.xfail -async def xtest_proxy_https_send_body(proxy_test_server, loop): - sess = aiohttp.ClientSession(loop=loop) - proxy = await proxy_test_server() - proxy.return_value = {"status": 200, "body": b"1" * (2**20)} - url = "https://www.google.com.ua/search?q=aiohttp proxy" +async def xtest_proxy_https_send_body( + proxy_test_server: Callable[[], Awaitable[mock.Mock]], + loop: asyncio.AbstractEventLoop, +) -> None: + sess = aiohttp.ClientSession() + try: + proxy = await proxy_test_server() + proxy.return_value = {"status": 200, "body": b"1" * (2**20)} + url = "https://www.google.com.ua/search?q=aiohttp proxy" - async with sess.get(url, proxy=proxy.url) as resp: - body = await resp.read() - await sess.close() + async with sess.get(url, proxy=proxy.url) as resp: + body = await resp.read() - assert body == b"1" * (2**20) + assert body == b"1" * (2**20) + finally: + await sess.close() @pytest.mark.xfail @@ -592,42 +598,46 @@ async def xtest_proxy_https_auth(proxy_test_server, get_request): async def xtest_proxy_https_acquired_cleanup(proxy_test_server, loop): url = "https://secure.aiohttp.io/path" - conn = aiohttp.TCPConnector(loop=loop) - sess = aiohttp.ClientSession(connector=conn, loop=loop) - proxy = await proxy_test_server() - - assert 0 == len(conn._acquired) + conn = aiohttp.TCPConnector() + sess = aiohttp.ClientSession(connector=conn) + try: + proxy = await proxy_test_server() - async def request(): - async with sess.get(url, proxy=proxy.url): - assert 1 == len(conn._acquired) + assert 0 == len(conn._acquired) - await request() + async def request() -> None: + async with sess.get(url, proxy=proxy.url): + assert 1 == len(conn._acquired) - assert 0 == len(conn._acquired) + await request() - await sess.close() + assert 0 == len(conn._acquired) + finally: + await sess.close() + await conn.close() @pytest.mark.xfail async def xtest_proxy_https_acquired_cleanup_force(proxy_test_server, loop): url = "https://secure.aiohttp.io/path" - conn = aiohttp.TCPConnector(force_close=True, loop=loop) - sess = aiohttp.ClientSession(connector=conn, loop=loop) - proxy = await proxy_test_server() - - assert 0 == len(conn._acquired) + conn = aiohttp.TCPConnector(force_close=True) + sess = aiohttp.ClientSession(connector=conn) + try: + proxy = await proxy_test_server() - async def request(): - async with sess.get(url, proxy=proxy.url): - assert 1 == len(conn._acquired) + assert 0 == len(conn._acquired) - await request() + async def request() -> None: + async with sess.get(url, proxy=proxy.url): + assert 1 == len(conn._acquired) - assert 0 == len(conn._acquired) + await request() - await sess.close() + assert 0 == len(conn._acquired) + finally: + await sess.close() + await conn.close() @pytest.mark.xfail @@ -639,26 +649,30 @@ async def xtest_proxy_https_multi_conn_limit(proxy_test_server, loop): sess = aiohttp.ClientSession(connector=conn, loop=loop) proxy = await proxy_test_server() - current_pid = None + try: + current_pid = None - async def request(pid): - # process requests only one by one - nonlocal current_pid + async def request(pid: int) -> ClientResponse: + # process requests only one by one + nonlocal current_pid - async with sess.get(url, proxy=proxy.url) as resp: - current_pid = pid - await asyncio.sleep(0.2, loop=loop) - assert current_pid == pid + async with sess.get(url, proxy=proxy.url) as resp: + current_pid = pid + await asyncio.sleep(0.2) + assert current_pid == pid - return resp + return resp - requests = [request(pid) for pid in range(multi_conn_num)] - responses = await asyncio.gather(*requests, loop=loop) + requests = [request(pid) for pid in range(multi_conn_num)] + responses = await asyncio.gather(*requests, return_exceptions=True) - assert len(responses) == multi_conn_num - assert {resp.status for resp in responses} == {200} - - await sess.close() + # Filter out exceptions to count actual responses + actual_responses = [r for r in responses if isinstance(r, ClientResponse)] + assert len(actual_responses) == multi_conn_num + assert {resp.status for resp in actual_responses} == {200} + finally: + await sess.close() + await conn.close() def _patch_ssl_transport(monkeypatch): @@ -809,7 +823,7 @@ async def xtest_proxy_from_env_https(proxy_test_server, get_request, mocker): url = "https://aiohttp.io/path" proxy = await proxy_test_server() mocker.patch.dict(os.environ, {"https_proxy": str(proxy.url)}) - mock.patch("pathlib.Path.is_file", mock_is_file) + mocker.patch("pathlib.Path.is_file", mock_is_file) await get_request(url=url, trust_env=True) From b63a0ac87268b6f4b9e2602a5f1902680557db46 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Mon, 19 May 2025 09:19:54 -0400 Subject: [PATCH 033/148] [PR #10877/6ea542e backport][3.11] Update to Cython 3.1.1 (#10878) closes #10849 --- CHANGES/10877.packaging.rst | 1 + aiohttp/_websocket/reader_py.py | 2 +- requirements/constraints.txt | 2 +- requirements/cython.in | 2 +- requirements/cython.txt | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 CHANGES/10877.packaging.rst diff --git a/CHANGES/10877.packaging.rst b/CHANGES/10877.packaging.rst new file mode 100644 index 00000000000..0bc2ee03984 --- /dev/null +++ b/CHANGES/10877.packaging.rst @@ -0,0 +1 @@ +Fixed compatibility issue with Cython 3.1.1 -- by :user:`bdraco` diff --git a/aiohttp/_websocket/reader_py.py b/aiohttp/_websocket/reader_py.py index f0060fd723c..333a94df9d9 100644 --- a/aiohttp/_websocket/reader_py.py +++ b/aiohttp/_websocket/reader_py.py @@ -79,7 +79,7 @@ def exception(self) -> Optional[BaseException]: def set_exception( self, - exc: "BaseException", + exc: BaseException, exc_cause: builtins.BaseException = _EXC_SENTINEL, ) -> None: self._eof = True diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 16816dcd426..1191c56c5b3 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -61,7 +61,7 @@ cryptography==43.0.3 # via # pyjwt # trustme -cython==3.0.11 +cython==3.1.1 # via -r requirements/cython.in distlib==0.3.9 # via virtualenv diff --git a/requirements/cython.in b/requirements/cython.in index 6f0238f170d..6b848f6df9e 100644 --- a/requirements/cython.in +++ b/requirements/cython.in @@ -1,3 +1,3 @@ -r multidict.in -Cython +Cython >= 3.1.1 diff --git a/requirements/cython.txt b/requirements/cython.txt index b2ff3e71d39..aad88b6774c 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -4,7 +4,7 @@ # # pip-compile --allow-unsafe --output-file=requirements/cython.txt --resolver=backtracking --strip-extras requirements/cython.in # -cython==3.0.11 +cython==3.1.1 # via -r requirements/cython.in multidict==6.4.3 # via -r requirements/multidict.in From 3ebbb027a975588deca898823761708195735180 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 16:36:48 +0000 Subject: [PATCH 034/148] [PR #10881/4facc402 backport][3.11] Remove License from setup.cfg (#10882) Co-authored-by: Devanshu Koyalkar Co-authored-by: J. Nick Koston --- CHANGES/10662.packaging.rst | 1 + CONTRIBUTORS.txt | 1 + setup.cfg | 2 -- 3 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 CHANGES/10662.packaging.rst diff --git a/CHANGES/10662.packaging.rst b/CHANGES/10662.packaging.rst new file mode 100644 index 00000000000..2ed3a69cb56 --- /dev/null +++ b/CHANGES/10662.packaging.rst @@ -0,0 +1 @@ +Removed non SPDX-license description from ``setup.cfg`` -- by :user:`devanshu-ziphq`. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 9fec4933dc0..bb530026213 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -98,6 +98,7 @@ Denilson Amorim Denis Matiychuk Denis Moshensky Dennis Kliban +Devanshu Koyalkar Dima Veselov Dimitar Dimitrov Diogo Dutra da Mata diff --git a/setup.cfg b/setup.cfg index a2b9e3b29e1..00e2f167b11 100644 --- a/setup.cfg +++ b/setup.cfg @@ -25,8 +25,6 @@ classifiers = Intended Audience :: Developers - License :: OSI Approved :: Apache Software License - Operating System :: POSIX Operating System :: MacOS :: MacOS X Operating System :: Microsoft :: Windows From 46b9d151964060ba1e2fe948c6b0a6fe7fc8a7f9 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 14:16:47 -0400 Subject: [PATCH 035/148] [PR #10880/3c9d7abf backport][3.11] Add invalid content type test docs (#10885) --- docs/client_reference.rst | 7 ++++++- tests/test_web_response.py | 7 +++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/client_reference.rst b/docs/client_reference.rst index 130ba6cc336..e6e79f251c7 100644 --- a/docs/client_reference.rst +++ b/docs/client_reference.rst @@ -1455,7 +1455,12 @@ Response object Returns value is ``'application/octet-stream'`` if no Content-Type header present in HTTP headers according to - :rfc:`2616`. To make sure Content-Type header is not present in + :rfc:`9110`. If the *Content-Type* header is invalid (e.g., ``jpg`` + instead of ``image/jpeg``), the value is ``text/plain`` by default + according to :rfc:`2045`. To see the original header check + ``resp.headers['CONTENT-TYPE']``. + + To make sure Content-Type header is not present in the server reply, use :attr:`headers` or :attr:`raw_headers`, e.g. ``'CONTENT-TYPE' not in resp.headers``. diff --git a/tests/test_web_response.py b/tests/test_web_response.py index 95769161804..06bc0b4bb75 100644 --- a/tests/test_web_response.py +++ b/tests/test_web_response.py @@ -1122,6 +1122,13 @@ def test_ctor_content_type_with_extra() -> None: assert resp.headers["content-type"] == "text/plain; version=0.0.4; charset=utf-8" +def test_invalid_content_type_parses_to_text_plain() -> None: + resp = Response(text="test test", content_type="jpeg") + + assert resp.content_type == "text/plain" + assert resp.headers["content-type"] == "jpeg; charset=utf-8" + + def test_ctor_both_content_type_param_and_header_with_text() -> None: with pytest.raises(ValueError): Response( From 0beb483e9512a906f7789aefd829ea3bcdafbb4b Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Tue, 20 May 2025 11:08:48 -0400 Subject: [PATCH 036/148] [PR #10891/802152a backport][3.11] Fix flakey signal handling tests (#10895) --- tests/test_web_runner.py | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/tests/test_web_runner.py b/tests/test_web_runner.py index b71c34fe912..22ce3d00650 100644 --- a/tests/test_web_runner.py +++ b/tests/test_web_runner.py @@ -41,22 +41,40 @@ async def test_site_for_nonfrozen_app(make_runner: Any) -> None: platform.system() == "Windows", reason="the test is not valid for Windows" ) async def test_runner_setup_handle_signals(make_runner: Any) -> None: - runner = make_runner(handle_signals=True) - await runner.setup() - assert signal.getsignal(signal.SIGTERM) is not signal.SIG_DFL - await runner.cleanup() - assert signal.getsignal(signal.SIGTERM) is signal.SIG_DFL + # Save the original signal handler + original_handler = signal.getsignal(signal.SIGTERM) + try: + # Set a known state for the signal handler to avoid flaky tests + signal.signal(signal.SIGTERM, signal.SIG_DFL) + + runner = make_runner(handle_signals=True) + await runner.setup() + assert signal.getsignal(signal.SIGTERM) is not signal.SIG_DFL + await runner.cleanup() + assert signal.getsignal(signal.SIGTERM) is signal.SIG_DFL + finally: + # Restore original signal handler + signal.signal(signal.SIGTERM, original_handler) @pytest.mark.skipif( platform.system() == "Windows", reason="the test is not valid for Windows" ) async def test_runner_setup_without_signal_handling(make_runner: Any) -> None: - runner = make_runner(handle_signals=False) - await runner.setup() - assert signal.getsignal(signal.SIGTERM) is signal.SIG_DFL - await runner.cleanup() - assert signal.getsignal(signal.SIGTERM) is signal.SIG_DFL + # Save the original signal handler + original_handler = signal.getsignal(signal.SIGTERM) + try: + # Set a known state for the signal handler to avoid flaky tests + signal.signal(signal.SIGTERM, signal.SIG_DFL) + + runner = make_runner(handle_signals=False) + await runner.setup() + assert signal.getsignal(signal.SIGTERM) is signal.SIG_DFL + await runner.cleanup() + assert signal.getsignal(signal.SIGTERM) is signal.SIG_DFL + finally: + # Restore original signal handler + signal.signal(signal.SIGTERM, original_handler) async def test_site_double_added(make_runner: Any) -> None: From 511499ae4e24314a4db13f6156e7905771e8e541 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Tue, 20 May 2025 13:56:27 -0400 Subject: [PATCH 037/148] [PR #10898/a4be2cb backport][3.11] Cleanup tests to ensure connector cleanup and resource management (#10899) --- tests/test_connector.py | 106 ++++++++++++++++++--------------- tests/test_proxy_functional.py | 18 +++--- 2 files changed, 69 insertions(+), 55 deletions(-) diff --git a/tests/test_connector.py b/tests/test_connector.py index a3fffc447ae..2ce3e9be586 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -297,80 +297,90 @@ async def test_close(loop) -> None: async def test_get(loop: asyncio.AbstractEventLoop, key: ConnectionKey) -> None: conn = aiohttp.BaseConnector() - assert await conn._get(key, []) is None + try: + assert await conn._get(key, []) is None - proto = create_mocked_conn(loop) - conn._conns[key] = deque([(proto, loop.time())]) - connection = await conn._get(key, []) - assert connection is not None - assert connection.protocol == proto - connection.close() - await conn.close() + proto = create_mocked_conn(loop) + conn._conns[key] = deque([(proto, loop.time())]) + connection = await conn._get(key, []) + assert connection is not None + assert connection.protocol == proto + connection.close() + finally: + await conn.close() async def test_get_unconnected_proto(loop) -> None: conn = aiohttp.BaseConnector() key = ConnectionKey("localhost", 80, False, False, None, None, None) - assert await conn._get(key, []) is None - - proto = create_mocked_conn(loop) - conn._conns[key] = deque([(proto, loop.time())]) - connection = await conn._get(key, []) - assert connection is not None - assert connection.protocol == proto - connection.close() + try: + assert await conn._get(key, []) is None - assert await conn._get(key, []) is None - conn._conns[key] = deque([(proto, loop.time())]) - proto.is_connected = lambda *args: False - assert await conn._get(key, []) is None - await conn.close() + proto = create_mocked_conn(loop) + conn._conns[key] = deque([(proto, loop.time())]) + connection = await conn._get(key, []) + assert connection is not None + assert connection.protocol == proto + connection.close() + + assert await conn._get(key, []) is None + conn._conns[key] = deque([(proto, loop.time())]) + proto.is_connected = lambda *args: False + assert await conn._get(key, []) is None + finally: + await conn.close() async def test_get_unconnected_proto_ssl(loop) -> None: conn = aiohttp.BaseConnector() key = ConnectionKey("localhost", 80, True, False, None, None, None) - assert await conn._get(key, []) is None - - proto = create_mocked_conn(loop) - conn._conns[key] = deque([(proto, loop.time())]) - connection = await conn._get(key, []) - assert connection is not None - assert connection.protocol == proto - connection.close() + try: + assert await conn._get(key, []) is None - assert await conn._get(key, []) is None - conn._conns[key] = deque([(proto, loop.time())]) - proto.is_connected = lambda *args: False - assert await conn._get(key, []) is None - await conn.close() + proto = create_mocked_conn(loop) + conn._conns[key] = deque([(proto, loop.time())]) + connection = await conn._get(key, []) + assert connection is not None + assert connection.protocol == proto + connection.close() + + assert await conn._get(key, []) is None + conn._conns[key] = deque([(proto, loop.time())]) + proto.is_connected = lambda *args: False + assert await conn._get(key, []) is None + finally: + await conn.close() async def test_get_expired(loop: asyncio.AbstractEventLoop) -> None: conn = aiohttp.BaseConnector() key = ConnectionKey("localhost", 80, False, False, None, None, None) - assert await conn._get(key, []) is None + try: + assert await conn._get(key, []) is None - proto = mock.Mock() - conn._conns[key] = deque([(proto, loop.time() - 1000)]) - assert await conn._get(key, []) is None - assert not conn._conns - await conn.close() + proto = create_mocked_conn(loop) + conn._conns[key] = deque([(proto, loop.time() - 1000)]) + assert await conn._get(key, []) is None + assert not conn._conns + finally: + await conn.close() @pytest.mark.usefixtures("enable_cleanup_closed") async def test_get_expired_ssl(loop: asyncio.AbstractEventLoop) -> None: conn = aiohttp.BaseConnector(enable_cleanup_closed=True) key = ConnectionKey("localhost", 80, True, False, None, None, None) - assert await conn._get(key, []) is None + try: + assert await conn._get(key, []) is None - proto = mock.Mock() - transport = proto.transport - conn._conns[key] = deque([(proto, loop.time() - 1000)]) - assert await conn._get(key, []) is None - assert not conn._conns - assert conn._cleanup_closed_transports == [transport] - await conn.close() + proto = create_mocked_conn(loop) + transport = proto.transport + conn._conns[key] = deque([(proto, loop.time() - 1000)]) + assert await conn._get(key, []) is None + assert not conn._conns + assert conn._cleanup_closed_transports == [transport] + finally: + await conn.close() async def test_release_acquired(loop, key) -> None: diff --git a/tests/test_proxy_functional.py b/tests/test_proxy_functional.py index d0e20eec6b4..98f5ec2c4d5 100644 --- a/tests/test_proxy_functional.py +++ b/tests/test_proxy_functional.py @@ -220,14 +220,18 @@ async def test_uvloop_secure_https_proxy( """Ensure HTTPS sites are accessible through a secure proxy without warning when using uvloop.""" conn = aiohttp.TCPConnector() sess = aiohttp.ClientSession(connector=conn) - url = URL("https://example.com") - - async with sess.get(url, proxy=secure_proxy_url, ssl=client_ssl_ctx) as response: - assert response.status == 200 + try: + url = URL("https://example.com") - await sess.close() - await conn.close() - await asyncio.sleep(0.1) + async with sess.get( + url, proxy=secure_proxy_url, ssl=client_ssl_ctx + ) as response: + assert response.status == 200 + finally: + await sess.close() + await conn.close() + await asyncio.sleep(0) + await asyncio.sleep(0.1) @pytest.fixture From bd77b3e23cd1efd32e375ca15b8377631a55da2b Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 20 May 2025 21:01:34 +0000 Subject: [PATCH 038/148] [PR #10907/b25eca01 backport][3.11] Fix flakey test_uvloop_secure_https_proxy test (#10908) Co-authored-by: J. Nick Koston --- tests/test_proxy_functional.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/test_proxy_functional.py b/tests/test_proxy_functional.py index 98f5ec2c4d5..446f4be56ed 100644 --- a/tests/test_proxy_functional.py +++ b/tests/test_proxy_functional.py @@ -218,7 +218,7 @@ async def test_uvloop_secure_https_proxy( secure_proxy_url: URL, ) -> None: """Ensure HTTPS sites are accessible through a secure proxy without warning when using uvloop.""" - conn = aiohttp.TCPConnector() + conn = aiohttp.TCPConnector(force_close=True) sess = aiohttp.ClientSession(connector=conn) try: url = URL("https://example.com") @@ -227,6 +227,8 @@ async def test_uvloop_secure_https_proxy( url, proxy=secure_proxy_url, ssl=client_ssl_ctx ) as response: assert response.status == 200 + # Ensure response body is read to completion + await response.read() finally: await sess.close() await conn.close() From 24b0fdde3a4ddf97164602bfc6b0c41bc3840f4d Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Tue, 20 May 2025 18:11:05 -0400 Subject: [PATCH 039/148] [PR #10910/36a2567 backport][3.11] Remove mocked coro from tests (#10912) --- CONTRIBUTORS.txt | 1 + tests/test_client_request.py | 7 +- tests/test_client_response.py | 3 +- tests/test_client_session.py | 15 ++- tests/test_client_ws.py | 9 +- tests/test_connector.py | 51 +++++----- tests/test_http_writer.py | 21 +++-- tests/test_multipart.py | 9 +- tests/test_proxy.py | 149 ++++++++++++++++-------------- tests/test_run_app.py | 42 +++++---- tests/test_tracing.py | 4 +- tests/test_web_app.py | 5 +- tests/test_web_functional.py | 20 ++-- tests/test_web_request_handler.py | 5 +- tests/test_web_response.py | 12 +-- tests/test_web_sendfile.py | 12 +-- tests/test_web_websocket.py | 25 ++--- tests/test_websocket_writer.py | 3 +- 18 files changed, 202 insertions(+), 191 deletions(-) diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index bb530026213..aef918929f3 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -284,6 +284,7 @@ Pavol Vargovčík Pawel Kowalski Pawel Miech Pepe Osca +Phebe Polk Philipp A. Pierre-Louis Peeters Pieter van Beek diff --git a/tests/test_client_request.py b/tests/test_client_request.py index f86ff5d7587..5f07ad51e08 100644 --- a/tests/test_client_request.py +++ b/tests/test_client_request.py @@ -24,7 +24,6 @@ _merge_ssl_params, ) from aiohttp.http import HttpVersion10, HttpVersion11 -from aiohttp.test_utils import make_mocked_coro class WriterMock(mock.AsyncMock): @@ -805,7 +804,7 @@ async def test_content_encoding(loop, conn) -> None: "post", URL("http://python.org/"), data="foo", compress="deflate", loop=loop ) with mock.patch("aiohttp.client_reqrep.StreamWriter") as m_writer: - m_writer.return_value.write_headers = make_mocked_coro() + m_writer.return_value.write_headers = mock.AsyncMock() resp = await req.send(conn) assert req.headers["TRANSFER-ENCODING"] == "chunked" assert req.headers["CONTENT-ENCODING"] == "deflate" @@ -835,7 +834,7 @@ async def test_content_encoding_header(loop, conn) -> None: loop=loop, ) with mock.patch("aiohttp.client_reqrep.StreamWriter") as m_writer: - m_writer.return_value.write_headers = make_mocked_coro() + m_writer.return_value.write_headers = mock.AsyncMock() resp = await req.send(conn) assert not m_writer.return_value.enable_compression.called @@ -885,7 +884,7 @@ async def test_chunked2(loop, conn) -> None: async def test_chunked_explicit(loop, conn) -> None: req = ClientRequest("post", URL("http://python.org/"), chunked=True, loop=loop) with mock.patch("aiohttp.client_reqrep.StreamWriter") as m_writer: - m_writer.return_value.write_headers = make_mocked_coro() + m_writer.return_value.write_headers = mock.AsyncMock() resp = await req.send(conn) assert "chunked" == req.headers["TRANSFER-ENCODING"] diff --git a/tests/test_client_response.py b/tests/test_client_response.py index 18ba6c5149d..4a8000962d1 100644 --- a/tests/test_client_response.py +++ b/tests/test_client_response.py @@ -14,7 +14,6 @@ from aiohttp import ClientSession, http from aiohttp.client_reqrep import ClientResponse, RequestInfo from aiohttp.helpers import TimerNoop -from aiohttp.test_utils import make_mocked_coro class WriterMock(mock.AsyncMock): @@ -1104,7 +1103,7 @@ def test_redirect_history_in_exception() -> None: async def test_response_read_triggers_callback(loop, session) -> None: trace = mock.Mock() - trace.send_response_chunk_received = make_mocked_coro() + trace.send_response_chunk_received = mock.AsyncMock() response_method = "get" response_url = URL("http://def-cl-resp.org") response_body = b"This is response" diff --git a/tests/test_client_session.py b/tests/test_client_session.py index 6309c5daf2e..701c4c13c3b 100644 --- a/tests/test_client_session.py +++ b/tests/test_client_session.py @@ -23,7 +23,6 @@ from aiohttp.helpers import DEBUG from aiohttp.http import RawResponseMessage from aiohttp.pytest_plugin import AiohttpServer -from aiohttp.test_utils import make_mocked_coro from aiohttp.tracing import Trace @@ -738,10 +737,10 @@ async def handler(request: web.Request) -> web.Response: trace_config_ctx = mock.Mock() trace_request_ctx = {} body = "This is request body" - gathered_req_headers = CIMultiDict() - on_request_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_request_redirect = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_request_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + gathered_req_headers: CIMultiDict[str] = CIMultiDict() + on_request_start = mock.AsyncMock() + on_request_redirect = mock.AsyncMock() + on_request_end = mock.AsyncMock() with io.BytesIO() as gathered_req_body, io.BytesIO() as gathered_res_body: @@ -809,7 +808,7 @@ async def redirect_handler(request): app.router.add_get("/", root_handler) app.router.add_get("/redirect", redirect_handler) - mocks = [mock.Mock(side_effect=make_mocked_coro(mock.Mock())) for _ in range(7)] + mocks = [mock.AsyncMock() for _ in range(7)] ( on_request_start, on_request_redirect, @@ -900,8 +899,8 @@ def to_url(path: str) -> URL: async def test_request_tracing_exception() -> None: loop = asyncio.get_event_loop() - on_request_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_request_exception = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_request_end = mock.AsyncMock() + on_request_exception = mock.AsyncMock() trace_config = aiohttp.TraceConfig() trace_config.on_request_end.append(on_request_end) diff --git a/tests/test_client_ws.py b/tests/test_client_ws.py index 92b5d117db7..48481055a7f 100644 --- a/tests/test_client_ws.py +++ b/tests/test_client_ws.py @@ -11,7 +11,6 @@ from aiohttp import ClientConnectionResetError, ServerDisconnectedError, client, hdrs from aiohttp.http import WS_KEY from aiohttp.streams import EofStream -from aiohttp.test_utils import make_mocked_coro async def test_ws_connect(ws_key: Any, loop: Any, key_data: Any) -> None: @@ -352,7 +351,7 @@ async def test_close(loop, ws_key, key_data) -> None: m_req.return_value.set_result(resp) writer = mock.Mock() WebSocketWriter.return_value = writer - writer.close = make_mocked_coro() + writer.close = mock.AsyncMock() session = aiohttp.ClientSession(loop=loop) resp = await session.ws_connect("http://test.org") @@ -461,7 +460,7 @@ async def test_close_exc( m_req.return_value.set_result(mresp) writer = mock.Mock() WebSocketWriter.return_value = writer - writer.close = make_mocked_coro() + writer.close = mock.AsyncMock() session = aiohttp.ClientSession(loop=loop) resp = await session.ws_connect("http://test.org") @@ -595,7 +594,7 @@ async def test_reader_read_exception(ws_key, key_data, loop) -> None: writer = mock.Mock() WebSocketWriter.return_value = writer - writer.close = make_mocked_coro() + writer.close = mock.AsyncMock() session = aiohttp.ClientSession(loop=loop) resp = await session.ws_connect("http://test.org") @@ -731,7 +730,7 @@ async def test_ws_connect_deflate_per_message(loop, ws_key, key_data) -> None: m_req.return_value = loop.create_future() m_req.return_value.set_result(resp) writer = WebSocketWriter.return_value = mock.Mock() - send_frame = writer.send_frame = make_mocked_coro() + send_frame = writer.send_frame = mock.AsyncMock() session = aiohttp.ClientSession(loop=loop) resp = await session.ws_connect("http://test.org") diff --git a/tests/test_connector.py b/tests/test_connector.py index 2ce3e9be586..9d90ff406bf 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -31,7 +31,7 @@ _DNSCacheTable, ) from aiohttp.resolver import ResolveResult -from aiohttp.test_utils import make_mocked_coro, unused_port +from aiohttp.test_utils import unused_port from aiohttp.tracing import Trace @@ -1337,10 +1337,10 @@ def exception_handler(loop, context): async def test_tcp_connector_dns_tracing(loop, dns_response) -> None: session = mock.Mock() trace_config_ctx = mock.Mock() - on_dns_resolvehost_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_resolvehost_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_cache_hit = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_cache_miss = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_dns_resolvehost_start = mock.AsyncMock() + on_dns_resolvehost_end = mock.AsyncMock() + on_dns_cache_hit = mock.AsyncMock() + on_dns_cache_miss = mock.AsyncMock() trace_config = aiohttp.TraceConfig( trace_config_ctx_factory=mock.Mock(return_value=trace_config_ctx) @@ -1382,8 +1382,8 @@ async def test_tcp_connector_dns_tracing(loop, dns_response) -> None: async def test_tcp_connector_dns_tracing_cache_disabled(loop, dns_response) -> None: session = mock.Mock() trace_config_ctx = mock.Mock() - on_dns_resolvehost_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_resolvehost_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_dns_resolvehost_start = mock.AsyncMock() + on_dns_resolvehost_end = mock.AsyncMock() trace_config = aiohttp.TraceConfig( trace_config_ctx_factory=mock.Mock(return_value=trace_config_ctx) @@ -1437,8 +1437,8 @@ async def test_tcp_connector_dns_tracing_cache_disabled(loop, dns_response) -> N async def test_tcp_connector_dns_tracing_throttle_requests(loop, dns_response) -> None: session = mock.Mock() trace_config_ctx = mock.Mock() - on_dns_cache_hit = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_cache_miss = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_dns_cache_hit = mock.AsyncMock() + on_dns_cache_miss = mock.AsyncMock() trace_config = aiohttp.TraceConfig( trace_config_ctx_factory=mock.Mock(return_value=trace_config_ctx) @@ -1467,8 +1467,8 @@ async def test_tcp_connector_dns_tracing_throttle_requests(loop, dns_response) - async def test_dns_error(loop) -> None: connector = aiohttp.TCPConnector(loop=loop) - connector._resolve_host = make_mocked_coro( - raise_exception=OSError("dont take it serious") + connector._resolve_host = mock.AsyncMock( + side_effect=OSError("dont take it serious") ) req = ClientRequest("GET", URL("http://www.python.org"), loop=loop) @@ -1567,8 +1567,8 @@ async def test_connect(loop, key) -> None: async def test_connect_tracing(loop) -> None: session = mock.Mock() trace_config_ctx = mock.Mock() - on_connection_create_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_connection_create_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_connection_create_start = mock.AsyncMock() + on_connection_create_end = mock.AsyncMock() trace_config = aiohttp.TraceConfig( trace_config_ctx_factory=mock.Mock(return_value=trace_config_ctx) @@ -2563,8 +2563,8 @@ async def f(): async def test_connect_queued_operation_tracing(loop, key) -> None: session = mock.Mock() trace_config_ctx = mock.Mock() - on_connection_queued_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_connection_queued_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_connection_queued_start = mock.AsyncMock() + on_connection_queued_end = mock.AsyncMock() trace_config = aiohttp.TraceConfig( trace_config_ctx_factory=mock.Mock(return_value=trace_config_ctx) @@ -2609,7 +2609,7 @@ async def f(): async def test_connect_reuseconn_tracing(loop, key) -> None: session = mock.Mock() trace_config_ctx = mock.Mock() - on_connection_reuseconn = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) + on_connection_reuseconn = mock.AsyncMock() trace_config = aiohttp.TraceConfig( trace_config_ctx_factory=mock.Mock(return_value=trace_config_ctx) @@ -3101,9 +3101,10 @@ async def test_unix_connector_not_found(loop) -> None: @pytest.mark.skipif(not hasattr(socket, "AF_UNIX"), reason="requires UNIX sockets") -async def test_unix_connector_permission(loop) -> None: - loop.create_unix_connection = make_mocked_coro(raise_exception=PermissionError()) - connector = aiohttp.UnixConnector("/" + uuid.uuid4().hex, loop=loop) +async def test_unix_connector_permission(loop: asyncio.AbstractEventLoop) -> None: + m = mock.AsyncMock(side_effect=PermissionError()) + with mock.patch.object(loop, "create_unix_connection", m): + connector = aiohttp.UnixConnector("/" + uuid.uuid4().hex) req = ClientRequest("GET", URL("http://www.python.org"), loop=loop) with pytest.raises(aiohttp.ClientConnectorError): @@ -3132,11 +3133,13 @@ async def test_named_pipe_connector_not_found(proactor_loop, pipe_name) -> None: @pytest.mark.skipif( platform.system() != "Windows", reason="Proactor Event loop present only in Windows" ) -async def test_named_pipe_connector_permission(proactor_loop, pipe_name) -> None: - proactor_loop.create_pipe_connection = make_mocked_coro( - raise_exception=PermissionError() - ) - connector = aiohttp.NamedPipeConnector(pipe_name, loop=proactor_loop) +async def test_named_pipe_connector_permission( + proactor_loop: asyncio.AbstractEventLoop, pipe_name: str +) -> None: + m = mock.AsyncMock(side_effect=PermissionError()) + with mock.patch.object(proactor_loop, "create_pipe_connection", m): + asyncio.set_event_loop(proactor_loop) + connector = aiohttp.NamedPipeConnector(pipe_name) req = ClientRequest("GET", URL("http://www.python.org"), loop=proactor_loop) with pytest.raises(aiohttp.ClientConnectorError): diff --git a/tests/test_http_writer.py b/tests/test_http_writer.py index 420816b3137..936ace901bc 100644 --- a/tests/test_http_writer.py +++ b/tests/test_http_writer.py @@ -11,7 +11,6 @@ from aiohttp import ClientConnectionResetError, hdrs, http from aiohttp.base_protocol import BaseProtocol from aiohttp.http_writer import _serialize_headers -from aiohttp.test_utils import make_mocked_coro @pytest.fixture @@ -57,7 +56,7 @@ def writelines(chunks: Iterable[bytes]) -> None: @pytest.fixture def protocol(loop, transport): protocol = mock.Mock(transport=transport) - protocol._drain_helper = make_mocked_coro() + protocol._drain_helper = mock.AsyncMock() return protocol @@ -443,7 +442,7 @@ async def test_write_payload_slicing_long_memoryview(buf, protocol, transport, l async def test_write_drain(protocol, transport, loop) -> None: msg = http.StreamWriter(protocol, loop) - msg.drain = make_mocked_coro() + msg.drain = mock.AsyncMock() await msg.write(b"1" * (64 * 1024 * 2), drain=False) assert not msg.drain.called @@ -452,8 +451,12 @@ async def test_write_drain(protocol, transport, loop) -> None: assert msg.buffer_size == 0 -async def test_write_calls_callback(protocol, transport, loop) -> None: - on_chunk_sent = make_mocked_coro() +async def test_write_calls_callback( + protocol: BaseProtocol, + transport: asyncio.Transport, + loop: asyncio.AbstractEventLoop, +) -> None: + on_chunk_sent = mock.AsyncMock() msg = http.StreamWriter(protocol, loop, on_chunk_sent=on_chunk_sent) chunk = b"1" await msg.write(chunk) @@ -461,8 +464,12 @@ async def test_write_calls_callback(protocol, transport, loop) -> None: assert on_chunk_sent.call_args == mock.call(chunk) -async def test_write_eof_calls_callback(protocol, transport, loop) -> None: - on_chunk_sent = make_mocked_coro() +async def test_write_eof_calls_callback( + protocol: BaseProtocol, + transport: asyncio.Transport, + loop: asyncio.AbstractEventLoop, +) -> None: + on_chunk_sent = mock.AsyncMock() msg = http.StreamWriter(protocol, loop, on_chunk_sent=on_chunk_sent) chunk = b"1" await msg.write_eof(chunk=chunk) diff --git a/tests/test_multipart.py b/tests/test_multipart.py index 8576998962e..f96d98eeba5 100644 --- a/tests/test_multipart.py +++ b/tests/test_multipart.py @@ -19,7 +19,6 @@ from aiohttp.helpers import parse_mimetype from aiohttp.multipart import MultipartResponseWrapper from aiohttp.streams import StreamReader -from aiohttp.test_utils import make_mocked_coro BOUNDARY = b"--:" @@ -97,21 +96,21 @@ def test_at_eof(self) -> None: async def test_next(self) -> None: wrapper = MultipartResponseWrapper(mock.Mock(), mock.Mock()) - wrapper.stream.next = make_mocked_coro(b"") + wrapper.stream.next = mock.AsyncMock(b"") wrapper.stream.at_eof.return_value = False await wrapper.next() assert wrapper.stream.next.called async def test_release(self) -> None: wrapper = MultipartResponseWrapper(mock.Mock(), mock.Mock()) - wrapper.resp.release = make_mocked_coro(None) + wrapper.resp.release = mock.AsyncMock(None) await wrapper.release() assert wrapper.resp.release.called async def test_release_when_stream_at_eof(self) -> None: wrapper = MultipartResponseWrapper(mock.Mock(), mock.Mock()) - wrapper.resp.release = make_mocked_coro(None) - wrapper.stream.next = make_mocked_coro(b"") + wrapper.resp.release = mock.AsyncMock(None) + wrapper.stream.next = mock.AsyncMock(b"") wrapper.stream.at_eof.return_value = True await wrapper.next() assert wrapper.stream.next.called diff --git a/tests/test_proxy.py b/tests/test_proxy.py index 83457de891f..0e73210f58b 100644 --- a/tests/test_proxy.py +++ b/tests/test_proxy.py @@ -14,7 +14,6 @@ from aiohttp.client_reqrep import ClientRequest, ClientResponse, Fingerprint from aiohttp.connector import _SSL_CONTEXT_VERIFIED from aiohttp.helpers import TimerNoop -from aiohttp.test_utils import make_mocked_coro pytestmark = pytest.mark.skipif( sys.platform == "win32", reason="Proxy tests are unstable on Windows" @@ -27,7 +26,9 @@ class TestProxy(unittest.TestCase): } mocked_response = mock.Mock(**response_mock_attrs) clientrequest_mock_attrs = { - "return_value.send.return_value.start": make_mocked_coro(mocked_response), + "return_value.send.return_value.start": mock.AsyncMock( + return_value=mocked_response + ), } def setUp(self): @@ -61,8 +62,8 @@ async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -79,7 +80,9 @@ async def make_conn(): "transport.get_extra_info.return_value": False, } ) - self.loop.create_connection = make_mocked_coro((proto.transport, proto)) + self.loop.create_connection = mock.AsyncMock( + return_value=(proto.transport, proto) + ) conn = self.loop.run_until_complete( connector.connect(req, None, aiohttp.ClientTimeout()) ) @@ -119,8 +122,8 @@ async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -137,7 +140,9 @@ async def make_conn(): "transport.get_extra_info.return_value": False, } ) - self.loop.create_connection = make_mocked_coro((proto.transport, proto)) + self.loop.create_connection = mock.AsyncMock( + return_value=(proto.transport, proto) + ) conn = self.loop.run_until_complete( connector.connect(req, None, aiohttp.ClientTimeout()) ) @@ -185,8 +190,8 @@ async def make_conn(): return aiohttp.TCPConnector() connector: aiohttp.TCPConnector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - raise_exception=OSError("dont take it serious") + connector._resolve_host = mock.AsyncMock( + side_effect=OSError("dont take it serious") ) req = ClientRequest( @@ -214,8 +219,8 @@ async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "www.python.org", "host": "127.0.0.1", @@ -226,8 +231,8 @@ async def make_conn(): } ] ) - connector._loop.create_connection = make_mocked_coro( - raise_exception=OSError("dont take it serious") + connector._loop.create_connection = mock.AsyncMock( + side_effect=OSError("dont take it serious") ) req = ClientRequest( @@ -266,15 +271,15 @@ def test_proxy_server_hostname_default( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -287,8 +292,8 @@ async def make_conn(): ) tr, proto = mock.Mock(), mock.Mock() - self.loop.create_connection = make_mocked_coro((tr, proto)) - self.loop.start_tls = make_mocked_coro(mock.Mock()) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) + self.loop.start_tls = mock.AsyncMock(return_value=mock.Mock()) req = ClientRequest( "GET", @@ -335,15 +340,15 @@ def test_proxy_server_hostname_override( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -356,8 +361,8 @@ async def make_conn(): ) tr, proto = mock.Mock(), mock.Mock() - self.loop.create_connection = make_mocked_coro((tr, proto)) - self.loop.start_tls = make_mocked_coro(mock.Mock()) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) + self.loop.start_tls = mock.AsyncMock(return_value=mock.Mock()) req = ClientRequest( "GET", @@ -513,15 +518,15 @@ def test_https_connect( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -534,8 +539,8 @@ async def make_conn(): ) tr, proto = mock.Mock(), mock.Mock() - self.loop.create_connection = make_mocked_coro((tr, proto)) - self.loop.start_tls = make_mocked_coro(mock.Mock()) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) + self.loop.start_tls = mock.AsyncMock(return_value=mock.Mock()) req = ClientRequest( "GET", @@ -580,15 +585,15 @@ def test_https_connect_certificate_error( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -601,9 +606,11 @@ async def make_conn(): ) # Called on connection to http://proxy.example.com - self.loop.create_connection = make_mocked_coro((mock.Mock(), mock.Mock())) + self.loop.create_connection = mock.AsyncMock( + return_value=(mock.Mock(), mock.Mock()) + ) # Called on connection to https://www.python.org - self.loop.start_tls = make_mocked_coro(raise_exception=ssl.CertificateError) + self.loop.start_tls = mock.AsyncMock(side_effect=ssl.CertificateError) req = ClientRequest( "GET", @@ -641,15 +648,15 @@ def test_https_connect_ssl_error( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -662,11 +669,11 @@ async def make_conn(): ) # Called on connection to http://proxy.example.com - self.loop.create_connection = make_mocked_coro( - (mock.Mock(), mock.Mock()), + self.loop.create_connection = mock.AsyncMock( + return_value=(mock.Mock(), mock.Mock()), ) # Called on connection to https://www.python.org - self.loop.start_tls = make_mocked_coro(raise_exception=ssl.SSLError) + self.loop.start_tls = mock.AsyncMock(side_effect=ssl.SSLError) req = ClientRequest( "GET", @@ -704,15 +711,17 @@ def test_https_connect_http_proxy_error( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=400, reason="bad request")) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock( + return_value=mock.Mock(status=400, reason="bad request") + ) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -726,7 +735,7 @@ async def make_conn(): tr, proto = mock.Mock(), mock.Mock() tr.get_extra_info.return_value = None - self.loop.create_connection = make_mocked_coro((tr, proto)) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) req = ClientRequest( "GET", @@ -770,15 +779,15 @@ def test_https_connect_resp_start_error( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(raise_exception=OSError("error message")) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(side_effect=OSError("error message")) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -792,7 +801,7 @@ async def make_conn(): tr, proto = mock.Mock(), mock.Mock() tr.get_extra_info.return_value = None - self.loop.create_connection = make_mocked_coro((tr, proto)) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) req = ClientRequest( "GET", @@ -821,8 +830,8 @@ async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -836,7 +845,7 @@ async def make_conn(): tr, proto = mock.Mock(), mock.Mock() tr.get_extra_info.return_value = None - self.loop.create_connection = make_mocked_coro((tr, proto)) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) req = ClientRequest( "GET", @@ -893,15 +902,15 @@ def test_https_connect_pass_ssl_context( loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -914,8 +923,8 @@ async def make_conn(): ) tr, proto = mock.Mock(), mock.Mock() - self.loop.create_connection = make_mocked_coro((tr, proto)) - self.loop.start_tls = make_mocked_coro(mock.Mock()) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) + self.loop.start_tls = mock.AsyncMock(return_value=mock.Mock()) req = ClientRequest( "GET", @@ -969,15 +978,15 @@ def test_https_auth(self, start_connection: Any, ClientRequestMock: Any) -> None loop=self.loop, session=mock.Mock(), ) - proxy_req.send = make_mocked_coro(proxy_resp) - proxy_resp.start = make_mocked_coro(mock.Mock(status=200)) + proxy_req.send = mock.AsyncMock(return_value=proxy_resp) + proxy_resp.start = mock.AsyncMock(return_value=mock.Mock(status=200)) async def make_conn(): return aiohttp.TCPConnector() connector = self.loop.run_until_complete(make_conn()) - connector._resolve_host = make_mocked_coro( - [ + connector._resolve_host = mock.AsyncMock( + return_value=[ { "hostname": "hostname", "host": "127.0.0.1", @@ -990,8 +999,8 @@ async def make_conn(): ) tr, proto = mock.Mock(), mock.Mock() - self.loop.create_connection = make_mocked_coro((tr, proto)) - self.loop.start_tls = make_mocked_coro(mock.Mock()) + self.loop.create_connection = mock.AsyncMock(return_value=(tr, proto)) + self.loop.start_tls = mock.AsyncMock(return_value=mock.Mock()) self.assertIn("AUTHORIZATION", proxy_req.headers) self.assertNotIn("PROXY-AUTHORIZATION", proxy_req.headers) diff --git a/tests/test_run_app.py b/tests/test_run_app.py index 9332d4aa96c..e269b452f86 100644 --- a/tests/test_run_app.py +++ b/tests/test_run_app.py @@ -14,6 +14,7 @@ Awaitable, Callable, Coroutine, + Iterator, NoReturn, Optional, Set, @@ -25,7 +26,6 @@ import pytest from aiohttp import ClientConnectorError, ClientSession, ClientTimeout, WSCloseCode, web -from aiohttp.test_utils import make_mocked_coro from aiohttp.web_runner import BaseRunner # Test for features of OS' socket support @@ -65,15 +65,25 @@ def skip_if_on_windows(): @pytest.fixture -def patched_loop(loop): - server = mock.Mock() - server.wait_closed = make_mocked_coro(None) - loop.create_server = make_mocked_coro(server) - unix_server = mock.Mock() - unix_server.wait_closed = make_mocked_coro(None) - loop.create_unix_server = make_mocked_coro(unix_server) - asyncio.set_event_loop(loop) - return loop +def patched_loop( + loop: asyncio.AbstractEventLoop, +) -> Iterator[asyncio.AbstractEventLoop]: + server = mock.create_autospec(asyncio.Server, spec_set=True, instance=True) + server.wait_closed.return_value = None + unix_server = mock.create_autospec(asyncio.Server, spec_set=True, instance=True) + unix_server.wait_closed.return_value = None + with mock.patch.object( + loop, "create_server", autospec=True, spec_set=True, return_value=server + ): + with mock.patch.object( + loop, + "create_unix_server", + autospec=True, + spec_set=True, + return_value=unix_server, + ): + asyncio.set_event_loop(loop) + yield loop def stopper(loop): @@ -88,9 +98,9 @@ def f(*args): def test_run_app_http(patched_loop) -> None: app = web.Application() - startup_handler = make_mocked_coro() + startup_handler = mock.AsyncMock() app.on_startup.append(startup_handler) - cleanup_handler = make_mocked_coro() + cleanup_handler = mock.AsyncMock() app.on_cleanup.append(cleanup_handler) web.run_app(app, print=stopper(patched_loop), loop=patched_loop) @@ -693,9 +703,9 @@ def test_startup_cleanup_signals_even_on_failure(patched_loop) -> None: patched_loop.create_server = mock.Mock(side_effect=RuntimeError()) app = web.Application() - startup_handler = make_mocked_coro() + startup_handler = mock.AsyncMock() app.on_startup.append(startup_handler) - cleanup_handler = make_mocked_coro() + cleanup_handler = mock.AsyncMock() app.on_cleanup.append(cleanup_handler) with pytest.raises(RuntimeError): @@ -711,9 +721,9 @@ def test_run_app_coro(patched_loop) -> None: async def make_app(): nonlocal startup_handler, cleanup_handler app = web.Application() - startup_handler = make_mocked_coro() + startup_handler = mock.AsyncMock() app.on_startup.append(startup_handler) - cleanup_handler = make_mocked_coro() + cleanup_handler = mock.AsyncMock() app.on_cleanup.append(cleanup_handler) return app diff --git a/tests/test_tracing.py b/tests/test_tracing.py index 809d757f199..845c0ba6ab4 100644 --- a/tests/test_tracing.py +++ b/tests/test_tracing.py @@ -1,9 +1,9 @@ from types import SimpleNamespace +from unittest import mock from unittest.mock import Mock import pytest -from aiohttp.test_utils import make_mocked_coro from aiohttp.tracing import ( Trace, TraceConfig, @@ -104,7 +104,7 @@ class TestTrace: async def test_send(self, signal, params, param_obj) -> None: session = Mock() trace_request_ctx = Mock() - callback = Mock(side_effect=make_mocked_coro(Mock())) + callback = mock.AsyncMock() trace_config = TraceConfig() getattr(trace_config, "on_%s" % signal).append(callback) diff --git a/tests/test_web_app.py b/tests/test_web_app.py index 8c03a6041b2..69655b1a49a 100644 --- a/tests/test_web_app.py +++ b/tests/test_web_app.py @@ -8,7 +8,6 @@ from aiohttp import log, web from aiohttp.abc import AbstractAccessLogger, AbstractRouter from aiohttp.helpers import DEBUG -from aiohttp.test_utils import make_mocked_coro from aiohttp.typedefs import Handler @@ -167,8 +166,8 @@ async def test_app_make_handler_raises_deprecation_warning() -> None: async def test_app_register_on_finish() -> None: app = web.Application() - cb1 = make_mocked_coro(None) - cb2 = make_mocked_coro(None) + cb1 = mock.AsyncMock(return_value=None) + cb2 = mock.AsyncMock(return_value=None) app.on_cleanup.append(cb1) app.on_cleanup.append(cb2) app.freeze() diff --git a/tests/test_web_functional.py b/tests/test_web_functional.py index e4979851300..2bf0b4ce47e 100644 --- a/tests/test_web_functional.py +++ b/tests/test_web_functional.py @@ -23,8 +23,7 @@ web, ) from aiohttp.hdrs import CONTENT_LENGTH, CONTENT_TYPE, TRANSFER_ENCODING -from aiohttp.pytest_plugin import AiohttpClient -from aiohttp.test_utils import make_mocked_coro +from aiohttp.pytest_plugin import AiohttpClient, AiohttpServer from aiohttp.typedefs import Handler from aiohttp.web_protocol import RequestHandler @@ -2014,15 +2013,14 @@ async def handler(request): assert resp.status == 200 -async def test_request_tracing(aiohttp_server) -> None: - - on_request_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_request_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_resolvehost_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_dns_resolvehost_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_request_redirect = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_connection_create_start = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) - on_connection_create_end = mock.Mock(side_effect=make_mocked_coro(mock.Mock())) +async def test_request_tracing(aiohttp_server: AiohttpServer) -> None: + on_request_start = mock.AsyncMock() + on_request_end = mock.AsyncMock() + on_dns_resolvehost_start = mock.AsyncMock() + on_dns_resolvehost_end = mock.AsyncMock() + on_request_redirect = mock.AsyncMock() + on_connection_create_start = mock.AsyncMock() + on_connection_create_end = mock.AsyncMock() async def redirector(request): raise web.HTTPFound(location=URL("/redirected")) diff --git a/tests/test_web_request_handler.py b/tests/test_web_request_handler.py index 4837cab030e..ee30e485f1b 100644 --- a/tests/test_web_request_handler.py +++ b/tests/test_web_request_handler.py @@ -1,7 +1,6 @@ from unittest import mock from aiohttp import web -from aiohttp.test_utils import make_mocked_coro async def serve(request: web.BaseRequest) -> web.Response: @@ -37,7 +36,7 @@ async def test_shutdown_no_timeout() -> None: handler = mock.Mock(spec_set=web.RequestHandler) handler._task_handler = None - handler.shutdown = make_mocked_coro(mock.Mock()) + handler.shutdown = mock.AsyncMock(return_value=mock.Mock()) transport = mock.Mock() manager.connection_made(handler, transport) @@ -52,7 +51,7 @@ async def test_shutdown_timeout() -> None: manager = web.Server(serve) handler = mock.Mock() - handler.shutdown = make_mocked_coro(mock.Mock()) + handler.shutdown = mock.AsyncMock(return_value=mock.Mock()) transport = mock.Mock() manager.connection_made(handler, transport) diff --git a/tests/test_web_response.py b/tests/test_web_response.py index 06bc0b4bb75..ae65b6fca17 100644 --- a/tests/test_web_response.py +++ b/tests/test_web_response.py @@ -18,7 +18,7 @@ from aiohttp.http_writer import StreamWriter, _serialize_headers from aiohttp.multipart import BodyPartReader, MultipartWriter from aiohttp.payload import BytesPayload, StringPayload -from aiohttp.test_utils import make_mocked_coro, make_mocked_request +from aiohttp.test_utils import make_mocked_request from aiohttp.web import ContentCoding, Response, StreamResponse, json_response @@ -829,8 +829,8 @@ async def test_cannot_write_eof_twice() -> None: resp = StreamResponse() writer = mock.Mock() resp_impl = await resp.prepare(make_request("GET", "/")) - resp_impl.write = make_mocked_coro(None) - resp_impl.write_eof = make_mocked_coro(None) + resp_impl.write = mock.AsyncMock(None) + resp_impl.write_eof = mock.AsyncMock(None) await resp.write(b"data") assert resp_impl.write.called @@ -1023,7 +1023,7 @@ async def test_prepare_twice() -> None: async def test_prepare_calls_signal() -> None: app = mock.Mock() - sig = make_mocked_coro() + sig = mock.AsyncMock() on_response_prepare = aiosignal.Signal(app) on_response_prepare.append(sig) req = make_request("GET", "/", app=app, on_response_prepare=on_response_prepare) @@ -1294,8 +1294,8 @@ async def test_send_set_cookie_header(buf, writer) -> None: async def test_consecutive_write_eof() -> None: writer = mock.Mock() - writer.write_eof = make_mocked_coro() - writer.write_headers = make_mocked_coro() + writer.write_eof = mock.AsyncMock() + writer.write_headers = mock.AsyncMock() req = make_request("GET", "/", writer=writer) data = b"data" resp = Response(body=data) diff --git a/tests/test_web_sendfile.py b/tests/test_web_sendfile.py index 58a46ec602c..1776a3aabd3 100644 --- a/tests/test_web_sendfile.py +++ b/tests/test_web_sendfile.py @@ -3,7 +3,7 @@ from unittest import mock from aiohttp import hdrs -from aiohttp.test_utils import make_mocked_coro, make_mocked_request +from aiohttp.test_utils import make_mocked_request from aiohttp.web_fileresponse import FileResponse MOCK_MODE = S_IFREG | S_IRUSR | S_IWUSR @@ -28,7 +28,7 @@ def test_using_gzip_if_header_present_and_file_available(loop) -> None: file_sender = FileResponse(filepath) file_sender._path = filepath - file_sender._sendfile = make_mocked_coro(None) # type: ignore[assignment] + file_sender._sendfile = mock.AsyncMock(return_value=None) # type: ignore[method-assign] loop.run_until_complete(file_sender.prepare(request)) @@ -53,7 +53,7 @@ def test_gzip_if_header_not_present_and_file_available(loop) -> None: file_sender = FileResponse(filepath) file_sender._path = filepath - file_sender._sendfile = make_mocked_coro(None) # type: ignore[assignment] + file_sender._sendfile = mock.AsyncMock(return_value=None) # type: ignore[method-assign] loop.run_until_complete(file_sender.prepare(request)) @@ -76,7 +76,7 @@ def test_gzip_if_header_not_present_and_file_not_available(loop) -> None: file_sender = FileResponse(filepath) file_sender._path = filepath - file_sender._sendfile = make_mocked_coro(None) # type: ignore[assignment] + file_sender._sendfile = mock.AsyncMock(return_value=None) # type: ignore[method-assign] loop.run_until_complete(file_sender.prepare(request)) @@ -101,7 +101,7 @@ def test_gzip_if_header_present_and_file_not_available(loop) -> None: file_sender = FileResponse(filepath) file_sender._path = filepath - file_sender._sendfile = make_mocked_coro(None) # type: ignore[assignment] + file_sender._sendfile = mock.AsyncMock(return_value=None) # type: ignore[method-assign] loop.run_until_complete(file_sender.prepare(request)) @@ -120,7 +120,7 @@ def test_status_controlled_by_user(loop) -> None: file_sender = FileResponse(filepath, status=203) file_sender._path = filepath - file_sender._sendfile = make_mocked_coro(None) # type: ignore[assignment] + file_sender._sendfile = mock.AsyncMock(return_value=None) # type: ignore[method-assign] loop.run_until_complete(file_sender.prepare(request)) diff --git a/tests/test_web_websocket.py b/tests/test_web_websocket.py index f9a92d0587f..390d6224d3d 100644 --- a/tests/test_web_websocket.py +++ b/tests/test_web_websocket.py @@ -10,7 +10,7 @@ from aiohttp import WSMessage, WSMessageTypeError, WSMsgType, web from aiohttp.http import WS_CLOSED_MESSAGE from aiohttp.streams import EofStream -from aiohttp.test_utils import make_mocked_coro, make_mocked_request +from aiohttp.test_utils import make_mocked_request from aiohttp.web import HTTPBadRequest, WebSocketResponse from aiohttp.web_ws import WebSocketReady @@ -420,13 +420,11 @@ async def test_receive_eofstream_in_reader(make_request, loop) -> None: ws._reader = mock.Mock() exc = EofStream() - res = loop.create_future() - res.set_exception(exc) - ws._reader.read = make_mocked_coro(res) - ws._payload_writer.drain = mock.Mock() - ws._payload_writer.drain.return_value = loop.create_future() - ws._payload_writer.drain.return_value.set_result(True) - + ws._reader.read = mock.AsyncMock(side_effect=exc) + assert ws._payload_writer is not None + f = loop.create_future() + f.set_result(True) + ws._payload_writer.drain.return_value = f # type: ignore[attr-defined] msg = await ws.receive() assert msg.type == WSMsgType.CLOSED assert ws.closed @@ -439,12 +437,7 @@ async def test_receive_exception_in_reader(make_request: Any, loop: Any) -> None ws._reader = mock.Mock() exc = Exception() - res = loop.create_future() - res.set_exception(exc) - ws._reader.read = make_mocked_coro(res) - ws._payload_writer.drain = mock.Mock() - ws._payload_writer.drain.return_value = loop.create_future() - ws._payload_writer.drain.return_value.set_result(True) + ws._reader.read = mock.AsyncMock(side_effect=exc) msg = await ws.receive() assert msg.type == WSMsgType.ERROR @@ -526,9 +519,7 @@ async def test_receive_timeouterror(make_request: Any, loop: Any) -> None: assert len(ws._req.transport.close.mock_calls) == 0 ws._reader = mock.Mock() - res = loop.create_future() - res.set_exception(asyncio.TimeoutError()) - ws._reader.read = make_mocked_coro(res) + ws._reader.read = mock.AsyncMock(side_effect=asyncio.TimeoutError()) with pytest.raises(asyncio.TimeoutError): await ws.receive() diff --git a/tests/test_websocket_writer.py b/tests/test_websocket_writer.py index 77eaa2f74b8..dfad36f525b 100644 --- a/tests/test_websocket_writer.py +++ b/tests/test_websocket_writer.py @@ -8,13 +8,12 @@ from aiohttp import WSMsgType from aiohttp._websocket.reader import WebSocketDataQueue from aiohttp.http import WebSocketReader, WebSocketWriter -from aiohttp.test_utils import make_mocked_coro @pytest.fixture def protocol(): ret = mock.Mock() - ret._drain_helper = make_mocked_coro() + ret._drain_helper = mock.AsyncMock() return ret From d54090cf2b4774e8be671318b38e5bdb08e6be8d Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Thu, 22 May 2025 11:33:20 -0500 Subject: [PATCH 040/148] [PR #10933/597161d backport][3.11] Fix flakey client functional keep alive tests (#10936) --- tests/test_client_functional.py | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/tests/test_client_functional.py b/tests/test_client_functional.py index ba75e8e93c6..0b2cda024a3 100644 --- a/tests/test_client_functional.py +++ b/tests/test_client_functional.py @@ -231,8 +231,8 @@ async def handler(request): assert 0 == len(client._session.connector._conns) -async def test_keepalive_timeout_async_sleep() -> None: - async def handler(request): +async def test_keepalive_timeout_async_sleep(unused_port_socket: socket.socket) -> None: + async def handler(request: web.Request) -> web.Response: body = await request.read() assert b"" == body return web.Response(body=b"OK") @@ -243,17 +243,18 @@ async def handler(request): runner = web.AppRunner(app, tcp_keepalive=True, keepalive_timeout=0.001) await runner.setup() - port = unused_port() - site = web.TCPSite(runner, host="localhost", port=port) + site = web.SockSite(runner, unused_port_socket) await site.start() + host, port = unused_port_socket.getsockname()[:2] + try: - async with aiohttp.client.ClientSession() as sess: - resp1 = await sess.get(f"http://localhost:{port}/") + async with aiohttp.ClientSession() as sess: + resp1 = await sess.get(f"http://{host}:{port}/") await resp1.read() # wait for server keepalive_timeout await asyncio.sleep(0.01) - resp2 = await sess.get(f"http://localhost:{port}/") + resp2 = await sess.get(f"http://{host}:{port}/") await resp2.read() finally: await asyncio.gather(runner.shutdown(), site.stop()) @@ -263,8 +264,8 @@ async def handler(request): sys.version_info[:2] == (3, 11), reason="https://github.com/pytest-dev/pytest/issues/10763", ) -async def test_keepalive_timeout_sync_sleep() -> None: - async def handler(request): +async def test_keepalive_timeout_sync_sleep(unused_port_socket: socket.socket) -> None: + async def handler(request: web.Request) -> web.Response: body = await request.read() assert b"" == body return web.Response(body=b"OK") @@ -275,18 +276,19 @@ async def handler(request): runner = web.AppRunner(app, tcp_keepalive=True, keepalive_timeout=0.001) await runner.setup() - port = unused_port() - site = web.TCPSite(runner, host="localhost", port=port) + site = web.SockSite(runner, unused_port_socket) await site.start() + host, port = unused_port_socket.getsockname()[:2] + try: - async with aiohttp.client.ClientSession() as sess: - resp1 = await sess.get(f"http://localhost:{port}/") + async with aiohttp.ClientSession() as sess: + resp1 = await sess.get(f"http://{host}:{port}/") await resp1.read() # wait for server keepalive_timeout # time.sleep is a more challenging scenario than asyncio.sleep time.sleep(0.01) - resp2 = await sess.get(f"http://localhost:{port}/") + resp2 = await sess.get(f"http://{host}:{port}/") await resp2.read() finally: await asyncio.gather(runner.shutdown(), site.stop()) From ab84403ce6ee7d62f3870cdc976c0ca2483200fd Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 22 May 2025 16:45:49 +0000 Subject: [PATCH 041/148] [PR #10932/6b3672f0 backport][3.11] Fix flakey test_normal_closure_while_client_sends_msg test (#10934) Co-authored-by: J. Nick Koston --- tests/test_web_websocket_functional.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_web_websocket_functional.py b/tests/test_web_websocket_functional.py index 945096a2af3..0229809592a 100644 --- a/tests/test_web_websocket_functional.py +++ b/tests/test_web_websocket_functional.py @@ -1246,13 +1246,13 @@ async def handler(request: web.Request) -> web.WebSocketResponse: async def test_normal_closure_while_client_sends_msg( aiohttp_client: AiohttpClient, ) -> None: - """Test abnormal closure when the server closes and the client doesn't respond.""" + """Test normal closure when the server closes and the client responds properly.""" close_code: Optional[WSCloseCode] = None got_close_code = asyncio.Event() async def handler(request: web.Request) -> web.WebSocketResponse: - # Setting a short close timeout - ws = web.WebSocketResponse(timeout=0.2) + # Setting a longer close timeout to avoid race conditions + ws = web.WebSocketResponse(timeout=1.0) await ws.prepare(request) await ws.close() From ab7ba381bb27c77c9ab9cec7cf635ef738cddc59 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Thu, 22 May 2025 17:52:03 -0500 Subject: [PATCH 042/148] [PR #10951/12ff66d backport][3.11] Fix AsyncResolver not using the loop argument (#10954) fixes #10787 --- CHANGES/10951.bugfix.rst | 1 + aiohttp/resolver.py | 3 ++- tests/test_resolver.py | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 CHANGES/10951.bugfix.rst diff --git a/CHANGES/10951.bugfix.rst b/CHANGES/10951.bugfix.rst new file mode 100644 index 00000000000..d539fc1a52d --- /dev/null +++ b/CHANGES/10951.bugfix.rst @@ -0,0 +1 @@ +Fixed :py:class:`~aiohttp.resolver.AsyncResolver` not using the ``loop`` argument in versions 3.x where it should still be supported -- by :user:`bdraco`. diff --git a/aiohttp/resolver.py b/aiohttp/resolver.py index e14179cc8a2..1c9e5487165 100644 --- a/aiohttp/resolver.py +++ b/aiohttp/resolver.py @@ -93,7 +93,8 @@ def __init__( if aiodns is None: raise RuntimeError("Resolver requires aiodns library") - self._resolver = aiodns.DNSResolver(*args, **kwargs) + loop = loop or kwargs.pop("loop", None) or asyncio.get_running_loop() + self._resolver = aiodns.DNSResolver(*args, loop=loop, **kwargs) # type: ignore[misc] if not hasattr(self._resolver, "gethostbyname"): # aiodns 1.1 is not available, fallback to DNSResolver.query diff --git a/tests/test_resolver.py b/tests/test_resolver.py index b4606067079..92f7efcfa48 100644 --- a/tests/test_resolver.py +++ b/tests/test_resolver.py @@ -404,3 +404,36 @@ def test_aio_dns_is_default() -> None: @pytest.mark.skipif(getaddrinfo, reason="aiodns <3.2.0 required") def test_threaded_resolver_is_default() -> None: assert DefaultResolver is ThreadedResolver + + +@pytest.mark.skipif(aiodns is None, reason="aiodns required") +def test_async_resolver_uses_provided_loop() -> None: + """Test that AsyncResolver uses the loop parameter when provided.""" + # Create a custom event loop + custom_loop = asyncio.new_event_loop() + + try: + # Need to set the loop as current for get_running_loop() to work + asyncio.set_event_loop(custom_loop) + + # Create resolver with explicit loop parameter + resolver = AsyncResolver(loop=custom_loop) + + # Check that the resolver uses the provided loop + assert resolver._resolver.loop is custom_loop + finally: + asyncio.set_event_loop(None) + custom_loop.close() + + +@pytest.mark.skipif(aiodns is None, reason="aiodns required") +async def test_async_resolver_uses_running_loop_when_none_provided() -> None: + """Test that AsyncResolver uses get_running_loop() when no loop is provided.""" + # Create resolver without loop parameter + resolver = AsyncResolver() + + # Check that the resolver uses the current running loop + assert resolver._resolver.loop is asyncio.get_running_loop() + + # Clean up + await resolver.close() From 3d6be6e0f843a85f1500646450b9d27b915e55f9 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Thu, 22 May 2025 18:57:47 -0500 Subject: [PATCH 043/148] [PR #10956/5dcb36a4 backport][3.11] Fix some missing connector closes in tests (#10958) --- tests/test_proxy_functional.py | 3 +++ tests/test_web_sendfile_functional.py | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/test_proxy_functional.py b/tests/test_proxy_functional.py index 446f4be56ed..fb6d6b2035e 100644 --- a/tests/test_proxy_functional.py +++ b/tests/test_proxy_functional.py @@ -418,6 +418,7 @@ async def test_proxy_http_acquired_cleanup(proxy_test_server, loop) -> None: assert 0 == len(conn._acquired) await sess.close() + await conn.close() @pytest.mark.skip("we need to reconsider how we test this") @@ -439,6 +440,7 @@ async def request(): assert 0 == len(conn._acquired) await sess.close() + await conn.close() @pytest.mark.skip("we need to reconsider how we test this") @@ -470,6 +472,7 @@ async def request(pid): assert {resp.status for resp in responses} == {200} await sess.close() + await conn.close() @pytest.mark.xfail diff --git a/tests/test_web_sendfile_functional.py b/tests/test_web_sendfile_functional.py index 256cf4d243a..52df4ee136c 100644 --- a/tests/test_web_sendfile_functional.py +++ b/tests/test_web_sendfile_functional.py @@ -612,6 +612,7 @@ async def test_static_file_ssl( await resp.release() await client.close() + await conn.close() async def test_static_file_directory_traversal_attack(aiohttp_client) -> None: From 39459abc81486226111ea3b19334e44c9030803e Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 23 May 2025 19:24:39 +0000 Subject: [PATCH 044/148] [PR #10971/1ee187c0 backport][3.11] Fix `WebSocketResponse.prepared` not correctly reflect the WebSocket's prepared state (#10982) Co-authored-by: J. Nick Koston fixes #6009 --- CHANGES/6009.bugfix.rst | 1 + aiohttp/web_ws.py | 4 + tests/test_web_websocket.py | 2 +- tests/test_web_websocket_functional.py | 113 +++++++++++++++++++++++++ 4 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 CHANGES/6009.bugfix.rst diff --git a/CHANGES/6009.bugfix.rst b/CHANGES/6009.bugfix.rst new file mode 100644 index 00000000000..6462da31869 --- /dev/null +++ b/CHANGES/6009.bugfix.rst @@ -0,0 +1 @@ +Fixed ``WebSocketResponse.prepared`` property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:`bdraco` diff --git a/aiohttp/web_ws.py b/aiohttp/web_ws.py index 439b8049987..575f9a3dc85 100644 --- a/aiohttp/web_ws.py +++ b/aiohttp/web_ws.py @@ -354,6 +354,10 @@ def can_prepare(self, request: BaseRequest) -> WebSocketReady: else: return WebSocketReady(True, protocol) + @property + def prepared(self) -> bool: + return self._writer is not None + @property def closed(self) -> bool: return self._closed diff --git a/tests/test_web_websocket.py b/tests/test_web_websocket.py index 390d6224d3d..3a285b76aad 100644 --- a/tests/test_web_websocket.py +++ b/tests/test_web_websocket.py @@ -639,4 +639,4 @@ async def test_get_extra_info( await ws.prepare(req) ws._writer = ws_transport - assert ws.get_extra_info(valid_key, default_value) == expected_result + assert expected_result == ws.get_extra_info(valid_key, default_value) diff --git a/tests/test_web_websocket_functional.py b/tests/test_web_websocket_functional.py index 0229809592a..f7f5c31356c 100644 --- a/tests/test_web_websocket_functional.py +++ b/tests/test_web_websocket_functional.py @@ -1281,3 +1281,116 @@ async def handler(request: web.Request) -> web.WebSocketResponse: ) await client.server.close() assert close_code == WSCloseCode.OK + + +async def test_websocket_prepare_timeout_close_issue( + loop: asyncio.AbstractEventLoop, aiohttp_client: AiohttpClient +) -> None: + """Test that WebSocket can handle prepare with early returns. + + This is a regression test for issue #6009 where the prepared property + incorrectly checked _payload_writer instead of _writer. + """ + + async def handler(request: web.Request) -> web.WebSocketResponse: + ws = web.WebSocketResponse() + assert ws.can_prepare(request) + await ws.prepare(request) + await ws.send_str("test") + await ws.close() + return ws + + app = web.Application() + app.router.add_route("GET", "/ws", handler) + client = await aiohttp_client(app) + + # Connect via websocket + ws = await client.ws_connect("/ws") + msg = await ws.receive() + assert msg.type is WSMsgType.TEXT + assert msg.data == "test" + await ws.close() + + +async def test_websocket_prepare_timeout_from_issue_reproducer( + loop: asyncio.AbstractEventLoop, aiohttp_client: AiohttpClient +) -> None: + """Test websocket behavior when prepare is interrupted. + + This test verifies the fix for issue #6009 where close() would + fail after prepare() was interrupted. + """ + prepare_complete = asyncio.Event() + close_complete = asyncio.Event() + + async def handler(request: web.Request) -> web.WebSocketResponse: + ws = web.WebSocketResponse() + + # Prepare the websocket + await ws.prepare(request) + prepare_complete.set() + + # Send a message to confirm connection works + await ws.send_str("connected") + + # Wait for client to close + msg = await ws.receive() + assert msg.type is WSMsgType.CLOSE + await ws.close() + close_complete.set() + + return ws + + app = web.Application() + app.router.add_route("GET", "/ws", handler) + client = await aiohttp_client(app) + + # Connect and verify the connection works + ws = await client.ws_connect("/ws") + await prepare_complete.wait() + + msg = await ws.receive() + assert msg.type is WSMsgType.TEXT + assert msg.data == "connected" + + # Close the connection + await ws.close() + await close_complete.wait() + + +async def test_websocket_prepared_property( + loop: asyncio.AbstractEventLoop, aiohttp_client: AiohttpClient +) -> None: + """Test that WebSocketResponse.prepared property correctly reflects state.""" + prepare_called = asyncio.Event() + + async def handler(request: web.Request) -> web.WebSocketResponse: + ws = web.WebSocketResponse() + + # Initially not prepared + initial_state = ws.prepared + assert not initial_state + + # After prepare() is called, should be prepared + await ws.prepare(request) + prepare_called.set() + + # Check prepared state + prepared_state = ws.prepared + assert prepared_state + + # Send a message to verify the connection works + await ws.send_str("test") + await ws.close() + return ws + + app = web.Application() + app.router.add_route("GET", "/", handler) + client = await aiohttp_client(app) + + ws = await client.ws_connect("/") + await prepare_called.wait() + msg = await ws.receive() + assert msg.type is WSMsgType.TEXT + assert msg.data == "test" + await ws.close() From 0cbcab684ba3e71f7c992ed6f8963b2aa624a2fb Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 23 May 2025 20:56:25 +0000 Subject: [PATCH 045/148] [PR #10988/54f1a84f backport][3.11] Add missing prepared method for WebSocketResponse to docs (#10989) Co-authored-by: J. Nick Koston --- CHANGES/10988.bugfix.rst | 1 + CHANGES/6009.bugfix.rst | 2 +- docs/web_reference.rst | 5 +++++ 3 files changed, 7 insertions(+), 1 deletion(-) create mode 120000 CHANGES/10988.bugfix.rst diff --git a/CHANGES/10988.bugfix.rst b/CHANGES/10988.bugfix.rst new file mode 120000 index 00000000000..6e737bb336c --- /dev/null +++ b/CHANGES/10988.bugfix.rst @@ -0,0 +1 @@ +6009.bugfix.rst \ No newline at end of file diff --git a/CHANGES/6009.bugfix.rst b/CHANGES/6009.bugfix.rst index 6462da31869..a530832c8a9 100644 --- a/CHANGES/6009.bugfix.rst +++ b/CHANGES/6009.bugfix.rst @@ -1 +1 @@ -Fixed ``WebSocketResponse.prepared`` property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:`bdraco` +Fixed :py:attr:`~aiohttp.web.WebSocketResponse.prepared` property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:`bdraco` diff --git a/docs/web_reference.rst b/docs/web_reference.rst index 51f5c43d7e7..d182401de14 100644 --- a/docs/web_reference.rst +++ b/docs/web_reference.rst @@ -1068,6 +1068,11 @@ and :ref:`aiohttp-web-signals` handlers:: of closing. :const:`~aiohttp.WSMsgType.CLOSE` message has been received from peer. + .. attribute:: prepared + + Read-only :class:`bool` property, ``True`` if :meth:`prepare` has + been called, ``False`` otherwise. + .. attribute:: close_code Read-only property, close code from peer. It is set to ``None`` on From abed93c59aba314d1938867cd5d19b1502d71a79 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 28 May 2025 14:01:59 -0500 Subject: [PATCH 046/148] [PR #11055/abcb2cc4 backport][3.11] Fix failing lint jobs due to caching (#11057) Co-authored-by: J. Nick Koston --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 13c50dc8026..4434af9204a 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -49,7 +49,7 @@ jobs: - name: Cache PyPI uses: actions/cache@v4.2.0 with: - key: pip-lint-${{ hashFiles('requirements/*.txt') }} + key: pip-lint-${{ hashFiles('requirements/*.txt') }}-v2 path: ~/.cache/pip restore-keys: | pip-lint- From 31584a49fc5513d1bbd959df2d63a29574d49e1b Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 28 May 2025 20:02:41 +0000 Subject: [PATCH 047/148] [PR #11060/59259572 backport][3.11] Fix failing linter CI (#11061) Co-authored-by: J. Nick Koston --- .github/workflows/ci-cd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 4434af9204a..4a7d1909756 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -49,7 +49,7 @@ jobs: - name: Cache PyPI uses: actions/cache@v4.2.0 with: - key: pip-lint-${{ hashFiles('requirements/*.txt') }}-v2 + key: pip-lint-${{ hashFiles('requirements/*.txt') }}-v3 path: ~/.cache/pip restore-keys: | pip-lint- @@ -69,6 +69,7 @@ jobs: make mypy - name: Install libenchant run: | + sudo apt-get update sudo apt install libenchant-2-dev - name: Install spell checker run: | From fa213889568a2160a31755482a82eff4a104ae5a Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 28 May 2025 21:18:05 +0000 Subject: [PATCH 048/148] [PR #11054/e2eb1959 backport][3.11] Fix CookieJar memory leak in filter_cookies() (#11067) Co-authored-by: J. Nick Koston Fixes #11052 memory leak issue --- CHANGES/11052.bugfix.rst | 2 ++ CHANGES/11054.bugfix.rst | 1 + aiohttp/cookiejar.py | 2 ++ tests/test_cookiejar.py | 54 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+) create mode 100644 CHANGES/11052.bugfix.rst create mode 120000 CHANGES/11054.bugfix.rst diff --git a/CHANGES/11052.bugfix.rst b/CHANGES/11052.bugfix.rst new file mode 100644 index 00000000000..73e4ea216c8 --- /dev/null +++ b/CHANGES/11052.bugfix.rst @@ -0,0 +1,2 @@ +Fixed memory leak in :py:meth:`~aiohttp.CookieJar.filter_cookies` that caused unbounded memory growth +when making requests to different URL paths -- by :user:`bdraco` and :user:`Cycloctane`. diff --git a/CHANGES/11054.bugfix.rst b/CHANGES/11054.bugfix.rst new file mode 120000 index 00000000000..2d6e2428f3e --- /dev/null +++ b/CHANGES/11054.bugfix.rst @@ -0,0 +1 @@ +11052.bugfix.rst \ No newline at end of file diff --git a/aiohttp/cookiejar.py b/aiohttp/cookiejar.py index f6b9a921767..696ffddc315 100644 --- a/aiohttp/cookiejar.py +++ b/aiohttp/cookiejar.py @@ -353,6 +353,8 @@ def filter_cookies(self, request_url: URL = URL()) -> "BaseCookie[str]": path_len = len(request_url.path) # Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4 for p in pairs: + if p not in self._cookies: + continue for name, cookie in self._cookies[p].items(): domain = cookie["domain"] diff --git a/tests/test_cookiejar.py b/tests/test_cookiejar.py index 0b440bc2ca6..7f8cf43c3b1 100644 --- a/tests/test_cookiejar.py +++ b/tests/test_cookiejar.py @@ -1127,3 +1127,57 @@ async def test_treat_as_secure_origin() -> None: assert len(jar) == 1 filtered_cookies = jar.filter_cookies(request_url=endpoint) assert len(filtered_cookies) == 1 + + +async def test_filter_cookies_does_not_leak_memory() -> None: + """Test that filter_cookies doesn't create empty cookie entries. + + Regression test for https://github.com/aio-libs/aiohttp/issues/11052 + """ + jar = CookieJar() + + # Set a cookie with Path=/ + jar.update_cookies({"test_cookie": "value; Path=/"}, URL("http://example.com/")) + + # Check initial state + assert len(jar) == 1 + initial_storage_size = len(jar._cookies) + initial_morsel_cache_size = len(jar._morsel_cache) + + # Make multiple requests with different paths + paths = [ + "/", + "/api", + "/api/v1", + "/api/v1/users", + "/api/v1/users/123", + "/static/css/style.css", + "/images/logo.png", + ] + + for path in paths: + url = URL(f"http://example.com{path}") + filtered = jar.filter_cookies(url) + # Should still get the cookie + assert len(filtered) == 1 + assert "test_cookie" in filtered + + # Storage size should not grow significantly + # Only the shared cookie entry ('', '') may be added + final_storage_size = len(jar._cookies) + assert final_storage_size <= initial_storage_size + 1 + + # Verify _morsel_cache doesn't leak either + # It should only have entries for domains/paths where cookies exist + final_morsel_cache_size = len(jar._morsel_cache) + assert final_morsel_cache_size <= initial_morsel_cache_size + 1 + + # Verify no empty entries were created for domain-path combinations + for key, cookies in jar._cookies.items(): + if key != ("", ""): # Skip the shared cookie entry + assert len(cookies) > 0, f"Empty cookie entry found for {key}" + + # Verify _morsel_cache entries correspond to actual cookies + for key, morsels in jar._morsel_cache.items(): + assert key in jar._cookies, f"Orphaned morsel cache entry for {key}" + assert len(morsels) > 0, f"Empty morsel cache entry found for {key}" From 145658fc82d5a88011001341f2b968dc96614f80 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 28 May 2025 16:49:53 -0500 Subject: [PATCH 049/148] [PR #11064/876102c backport][3.11] Remove update of libenchant from linter workflow (#11070) --- .github/workflows/ci-cd.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 4a7d1909756..26cb740c7d6 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -49,7 +49,7 @@ jobs: - name: Cache PyPI uses: actions/cache@v4.2.0 with: - key: pip-lint-${{ hashFiles('requirements/*.txt') }}-v3 + key: pip-lint-${{ hashFiles('requirements/*.txt') }}-v4 path: ~/.cache/pip restore-keys: | pip-lint- @@ -67,10 +67,6 @@ jobs: - name: Run linters run: | make mypy - - name: Install libenchant - run: | - sudo apt-get update - sudo apt install libenchant-2-dev - name: Install spell checker run: | pip install -r requirements/doc-spelling.in -c requirements/doc-spelling.txt From 9f6c54db27032fb37fd6951c425a5a8fa71239e5 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 29 May 2025 00:19:28 +0000 Subject: [PATCH 050/148] [PR #11074/e550c78a backport][3.11] Fix connector not waiting for connections to close (#11076) Co-authored-by: J. Nick Koston fixes #1925 fixes #3736 --- CHANGES/11074.bugfix.rst | 1 + CHANGES/1925.bugfix.rst | 1 + aiohttp/client_proto.py | 15 ++++++++ aiohttp/connector.py | 60 ++++++++++++++++++++++++------ tests/test_client_request.py | 7 +++- tests/test_client_session.py | 9 ++++- tests/test_connector.py | 71 +++++++++++++++++++++++++----------- 7 files changed, 130 insertions(+), 34 deletions(-) create mode 100644 CHANGES/11074.bugfix.rst create mode 120000 CHANGES/1925.bugfix.rst diff --git a/CHANGES/11074.bugfix.rst b/CHANGES/11074.bugfix.rst new file mode 100644 index 00000000000..120f8efd914 --- /dev/null +++ b/CHANGES/11074.bugfix.rst @@ -0,0 +1 @@ +Fixed connector not waiting for connections to close before returning from :meth:`~aiohttp.BaseConnector.close` (partial backport of :pr:`3733`) -- by :user:`atemate` and :user:`bdraco`. diff --git a/CHANGES/1925.bugfix.rst b/CHANGES/1925.bugfix.rst new file mode 120000 index 00000000000..eb158f4b0f9 --- /dev/null +++ b/CHANGES/1925.bugfix.rst @@ -0,0 +1 @@ +11074.bugfix.rst \ No newline at end of file diff --git a/aiohttp/client_proto.py b/aiohttp/client_proto.py index 2d64b3f3644..6a0318e553a 100644 --- a/aiohttp/client_proto.py +++ b/aiohttp/client_proto.py @@ -4,6 +4,7 @@ from .base_protocol import BaseProtocol from .client_exceptions import ( + ClientConnectionError, ClientOSError, ClientPayloadError, ServerDisconnectedError, @@ -14,6 +15,7 @@ EMPTY_BODY_STATUS_CODES, BaseTimerContext, set_exception, + set_result, ) from .http import HttpResponseParser, RawResponseMessage from .http_exceptions import HttpProcessingError @@ -43,6 +45,7 @@ def __init__(self, loop: asyncio.AbstractEventLoop) -> None: self._read_timeout_handle: Optional[asyncio.TimerHandle] = None self._timeout_ceil_threshold: Optional[float] = 5 + self.closed: asyncio.Future[None] = self._loop.create_future() @property def upgraded(self) -> bool: @@ -83,6 +86,18 @@ def connection_lost(self, exc: Optional[BaseException]) -> None: connection_closed_cleanly = original_connection_error is None + if connection_closed_cleanly: + set_result(self.closed, None) + else: + assert original_connection_error is not None + set_exception( + self.closed, + ClientConnectionError( + f"Connection lost: {original_connection_error !s}", + ), + original_connection_error, + ) + if self._payload_parser is not None: with suppress(Exception): # FIXME: log this somehow? self._payload_parser.feed_eof() diff --git a/aiohttp/connector.py b/aiohttp/connector.py index 7d5bcf755ec..157e22e5db3 100644 --- a/aiohttp/connector.py +++ b/aiohttp/connector.py @@ -1,5 +1,6 @@ import asyncio import functools +import logging import random import socket import sys @@ -118,6 +119,14 @@ def __del__(self) -> None: ) +async def _wait_for_close(waiters: List[Awaitable[object]]) -> None: + """Wait for all waiters to finish closing.""" + results = await asyncio.gather(*waiters, return_exceptions=True) + for res in results: + if isinstance(res, Exception): + logging.error("Error while closing connector: %r", res) + + class Connection: _source_traceback = None @@ -209,10 +218,14 @@ def closed(self) -> bool: class _TransportPlaceholder: """placeholder for BaseConnector.connect function""" - __slots__ = () + __slots__ = ("closed",) + + def __init__(self, closed_future: asyncio.Future[Optional[Exception]]) -> None: + """Initialize a placeholder for a transport.""" + self.closed = closed_future def close(self) -> None: - """Close the placeholder transport.""" + """Close the placeholder.""" class BaseConnector: @@ -309,6 +322,10 @@ def __init__( self._cleanup_closed_disabled = not enable_cleanup_closed self._cleanup_closed_transports: List[Optional[asyncio.Transport]] = [] + self._placeholder_future: asyncio.Future[Optional[Exception]] = ( + loop.create_future() + ) + self._placeholder_future.set_result(None) self._cleanup_closed() def __del__(self, _warnings: Any = warnings) -> None: @@ -441,18 +458,30 @@ def _cleanup_closed(self) -> None: def close(self) -> Awaitable[None]: """Close all opened transports.""" - self._close() - return _DeprecationWaiter(noop()) + if not (waiters := self._close()): + # If there are no connections to close, we can return a noop + # awaitable to avoid scheduling a task on the event loop. + return _DeprecationWaiter(noop()) + coro = _wait_for_close(waiters) + if sys.version_info >= (3, 12): + # Optimization for Python 3.12, try to close connections + # immediately to avoid having to schedule the task on the event loop. + task = asyncio.Task(coro, loop=self._loop, eager_start=True) + else: + task = self._loop.create_task(coro) + return _DeprecationWaiter(task) + + def _close(self) -> List[Awaitable[object]]: + waiters: List[Awaitable[object]] = [] - def _close(self) -> None: if self._closed: - return + return waiters self._closed = True try: if self._loop.is_closed(): - return + return waiters # cancel cleanup task if self._cleanup_handle: @@ -463,16 +492,20 @@ def _close(self) -> None: self._cleanup_closed_handle.cancel() for data in self._conns.values(): - for proto, t0 in data: + for proto, _ in data: proto.close() + waiters.append(proto.closed) for proto in self._acquired: proto.close() + waiters.append(proto.closed) for transport in self._cleanup_closed_transports: if transport is not None: transport.abort() + return waiters + finally: self._conns.clear() self._acquired.clear() @@ -533,7 +566,9 @@ async def connect( if (conn := await self._get(key, traces)) is not None: return conn - placeholder = cast(ResponseHandler, _TransportPlaceholder()) + placeholder = cast( + ResponseHandler, _TransportPlaceholder(self._placeholder_future) + ) self._acquired.add(placeholder) if self._limit_per_host: self._acquired_per_host[key].add(placeholder) @@ -880,15 +915,18 @@ def __init__( self._interleave = interleave self._resolve_host_tasks: Set["asyncio.Task[List[ResolveResult]]"] = set() - def close(self) -> Awaitable[None]: + def _close(self) -> List[Awaitable[object]]: """Close all ongoing DNS calls.""" for fut in chain.from_iterable(self._throttle_dns_futures.values()): fut.cancel() + waiters = super()._close() + for t in self._resolve_host_tasks: t.cancel() + waiters.append(t) - return super().close() + return waiters @property def family(self) -> int: diff --git a/tests/test_client_request.py b/tests/test_client_request.py index 5f07ad51e08..351549c4c88 100644 --- a/tests/test_client_request.py +++ b/tests/test_client_request.py @@ -62,6 +62,8 @@ def protocol(loop, transport): protocol.transport = transport protocol._drain_helper.return_value = loop.create_future() protocol._drain_helper.return_value.set_result(None) + protocol.closed = loop.create_future() + protocol.closed.set_result(None) return protocol @@ -1325,7 +1327,10 @@ async def send(self, conn): async def create_connection(req, traces, timeout): assert isinstance(req, CustomRequest) - return mock.Mock() + proto = mock.Mock() + proto.closed = loop.create_future() + proto.closed.set_result(None) + return proto connector = BaseConnector(loop=loop) connector._create_connection = create_connection diff --git a/tests/test_client_session.py b/tests/test_client_session.py index 701c4c13c3b..24296373162 100644 --- a/tests/test_client_session.py +++ b/tests/test_client_session.py @@ -33,6 +33,8 @@ async def make_conn(): conn = loop.run_until_complete(make_conn()) proto = mock.Mock() + proto.closed = loop.create_future() + proto.closed.set_result(None) conn._conns["a"] = deque([(proto, 123)]) yield conn loop.run_until_complete(conn.close()) @@ -427,7 +429,10 @@ async def test_reraise_os_error(create_session) -> None: async def create_connection(req, traces, timeout): # return self.transport, self.protocol - return mock.Mock() + proto = mock.Mock() + proto.closed = session._loop.create_future() + proto.closed.set_result(None) + return proto session._connector._create_connection = create_connection session._connector._release = mock.Mock() @@ -460,6 +465,8 @@ async def connect(req, traces, timeout): async def create_connection(req, traces, timeout): # return self.transport, self.protocol conn = mock.Mock() + conn.closed = session._loop.create_future() + conn.closed.set_result(None) return conn session._connector.connect = connect diff --git a/tests/test_connector.py b/tests/test_connector.py index 9d90ff406bf..e26745d96ea 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -283,7 +283,7 @@ async def test_async_context_manager(loop) -> None: async def test_close(loop) -> None: - proto = mock.Mock() + proto = create_mocked_conn() conn = aiohttp.BaseConnector(loop=loop) assert not conn.closed @@ -295,6 +295,35 @@ async def test_close(loop) -> None: assert conn.closed +async def test_close_with_exception_during_closing( + loop: asyncio.AbstractEventLoop, caplog: pytest.LogCaptureFixture +) -> None: + """Test that exceptions during connection closing are logged.""" + proto = create_mocked_conn() + + # Make the closed future raise an exception when awaited + exc_future = loop.create_future() + exc_future.set_exception(RuntimeError("Connection close failed")) + proto.closed = exc_future + + conn = aiohttp.BaseConnector(loop=loop) + conn._conns[("host", 8080, False)] = deque([(proto, object())]) + + # Clear any existing log records + caplog.clear() + + # Close should complete even with the exception + await conn.close() + + # Check that the error was logged + assert len(caplog.records) == 1 + assert caplog.records[0].levelname == "ERROR" + assert "Error while closing connector" in caplog.records[0].message + assert "RuntimeError('Connection close failed')" in caplog.records[0].message + + assert conn.closed + + async def test_get(loop: asyncio.AbstractEventLoop, key: ConnectionKey) -> None: conn = aiohttp.BaseConnector() try: @@ -421,7 +450,7 @@ async def test_release(loop, key) -> None: conn = aiohttp.BaseConnector(loop=loop) conn._release_waiter = mock.Mock() - proto = mock.Mock(should_close=False) + proto = create_mocked_conn(should_close=False) conn._acquired.add(proto) conn._acquired_per_host[key].add(proto) @@ -459,7 +488,7 @@ async def test_release_ssl_transport( async def test_release_already_closed(loop) -> None: conn = aiohttp.BaseConnector(loop=loop) - proto = mock.Mock() + proto = create_mocked_conn() key = 1 conn._acquired.add(proto) await conn.close() @@ -559,7 +588,7 @@ async def test_release_waiter_no_available(loop, key, key2) -> None: async def test_release_close(loop, key) -> None: conn = aiohttp.BaseConnector(loop=loop) - proto = mock.Mock(should_close=True) + proto = create_mocked_conn(should_close=True) conn._acquired.add(proto) conn._release(key, proto) @@ -1494,7 +1523,7 @@ async def test_release_close_do_not_add_to_pool(loop, key) -> None: # see issue #473 conn = aiohttp.BaseConnector(loop=loop) - proto = mock.Mock(should_close=True) + proto = create_mocked_conn(should_close=True) conn._acquired.add(proto) conn._release(key, proto) @@ -1504,12 +1533,12 @@ async def test_release_close_do_not_add_to_pool(loop, key) -> None: async def test_release_close_do_not_delete_existing_connections(key) -> None: - proto1 = mock.Mock() + proto1 = create_mocked_conn() conn = aiohttp.BaseConnector() conn._conns[key] = deque([(proto1, 1)]) - proto = mock.Mock(should_close=True) + proto = create_mocked_conn(should_close=True) conn._acquired.add(proto) conn._release(key, proto) assert conn._conns[key] == deque([(proto1, 1)]) @@ -1519,7 +1548,7 @@ async def test_release_close_do_not_delete_existing_connections(key) -> None: async def test_release_not_started(loop) -> None: conn = aiohttp.BaseConnector(loop=loop) - proto = mock.Mock(should_close=False) + proto = create_mocked_conn(should_close=False) key = 1 conn._acquired.add(proto) conn._release(key, proto) @@ -1534,7 +1563,7 @@ async def test_release_not_started(loop) -> None: async def test_release_not_opened(loop, key) -> None: conn = aiohttp.BaseConnector(loop=loop) - proto = mock.Mock() + proto = create_mocked_conn() conn._acquired.add(proto) conn._release(key, proto) assert proto.close.called @@ -1543,7 +1572,7 @@ async def test_release_not_opened(loop, key) -> None: async def test_connect(loop, key) -> None: - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest("GET", URL("http://localhost:80"), loop=loop) @@ -1578,7 +1607,7 @@ async def test_connect_tracing(loop) -> None: trace_config.freeze() traces = [Trace(session, trace_config, trace_config.trace_config_ctx())] - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest("GET", URL("http://host:80"), loop=loop) @@ -2106,7 +2135,7 @@ async def test_ssl_context_once() -> None: async def test_close_twice(loop) -> None: - proto = mock.Mock() + proto = create_mocked_conn() conn = aiohttp.BaseConnector(loop=loop) conn._conns[1] = deque([(proto, object())]) @@ -2123,7 +2152,7 @@ async def test_close_twice(loop) -> None: async def test_close_cancels_cleanup_handle(loop) -> None: conn = aiohttp.BaseConnector(loop=loop) - conn._release(1, mock.Mock(should_close=False)) + conn._release(1, create_mocked_conn(should_close=False)) assert conn._cleanup_handle is not None await conn.close() assert conn._cleanup_handle is None @@ -2574,7 +2603,7 @@ async def test_connect_queued_operation_tracing(loop, key) -> None: trace_config.freeze() traces = [Trace(session, trace_config, trace_config.trace_config_ctx())] - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest( @@ -2618,7 +2647,7 @@ async def test_connect_reuseconn_tracing(loop, key) -> None: trace_config.freeze() traces = [Trace(session, trace_config, trace_config.trace_config_ctx())] - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest( @@ -2671,7 +2700,7 @@ async def f(): async def test_connect_with_no_limit_and_limit_per_host(loop, key) -> None: - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest("GET", URL("http://localhost1:80"), loop=loop) @@ -2736,7 +2765,7 @@ async def f(): async def test_connect_with_limit_cancelled(loop) -> None: - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest("GET", URL("http://host:80"), loop=loop) @@ -2784,7 +2813,7 @@ async def check_with_exc(err: Exception) -> None: async def test_connect_with_limit_concurrent(loop) -> None: - proto = mock.Mock() + proto = create_mocked_conn() proto.should_close = False proto.is_connected.return_value = True @@ -2806,7 +2835,7 @@ async def create_connection(req, traces, timeout): # Make a new transport mock each time because acquired # transports are stored in a set. Reusing the same object # messes with the count. - proto = mock.Mock(should_close=False) + proto = create_mocked_conn(should_close=False) proto.is_connected.return_value = True return proto @@ -2889,7 +2918,7 @@ async def test_connect_waiters_cleanup_key_error(loop) -> None: async def test_close_with_acquired_connection(loop) -> None: - proto = mock.Mock() + proto = create_mocked_conn() proto.is_connected.return_value = True req = ClientRequest("GET", URL("http://host:80"), loop=loop) @@ -3007,7 +3036,7 @@ async def test_cancelled_waiter(loop) -> None: conn = aiohttp.BaseConnector(limit=1, loop=loop) req = mock.Mock() req.connection_key = "key" - proto = mock.Mock() + proto = create_mocked_conn() async def create_connection(req, traces=None): await asyncio.sleep(1) From 4b17a9823b4afb053d4725ee7956a0ac51a6af8a Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 29 May 2025 06:39:07 +0000 Subject: [PATCH 051/148] [PR #11081/5da0231f backport][3.11] Revert cache key change for linter (#11082) Co-authored-by: J. Nick Koston --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 26cb740c7d6..1c357e60256 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -49,7 +49,7 @@ jobs: - name: Cache PyPI uses: actions/cache@v4.2.0 with: - key: pip-lint-${{ hashFiles('requirements/*.txt') }}-v4 + key: pip-lint-${{ hashFiles('requirements/*.txt') }} path: ~/.cache/pip restore-keys: | pip-lint- From 04b2ef664a85c7a3d8699803881a55549c47b3a2 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Mon, 28 Jul 2025 20:35:05 -1000 Subject: [PATCH 052/148] Increment version to 3.12.16.dev0 (#11358) --- aiohttp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index 0ca22003937..45397b71763 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.12.15" +__version__ = "3.12.16.dev0" from typing import TYPE_CHECKING, Tuple From 107e0213e9c106801dac4848b0ea28807dc2b04f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jul 2025 10:46:36 +0000 Subject: [PATCH 053/148] Bump coverage from 7.10.0 to 7.10.1 (#11360) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.0 to 7.10.1.
Changelog

Sourced from coverage's changelog.

Version 7.10.1 — 2025-07-27

  • Fix: the exclusion for if TYPE_CHECKING: was wrong: it marked the branch as partial, but it should have been a line exclusion so the entire clause would be excluded. Improves issue 831_.

  • Fix: changed where .pth files are written for patch = subprocess, closing issue 2006_.

.. _issue 2006: nedbat/coveragepy#2006

.. _changes_7-10-0:

Commits
  • 7fdcbeb docs: sample HTML for 7.10.1
  • c9e9625 docs: prep for 7.10.1
  • e8193ff chore: make upgrade
  • 9aad22a test: improve the if TYPE_CHECKING: exclusion test
  • 1e2f41a fix: excluding TYPE_CHECKING should have been the line not the branch
  • 2134e57 fix: use getsitepackages for writing .pth files. #2006
  • a4300a7 test: signal statuses are mysterious. #2008
  • 2fd4961 docs: update the man page, for once
  • a13607f build: comment_on_fixes should show html urls
  • 0f00d49 build: bump version to 7.10.1
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.0&new-version=7.10.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index babb8f51a0b..566e06c67ed 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.0 +coverage==7.10.1 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 2554f5b6f18..db027ee8a87 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.0 +coverage==7.10.1 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 7ca4e084b38..61b78b3be6d 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.0 +coverage==7.10.1 # via # -r requirements/test.in # pytest-cov From 28671929c3bd607838a6384ce9e0faf702a627c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Jul 2025 10:44:18 +0000 Subject: [PATCH 054/148] Bump regex from 2024.11.6 to 2025.7.31 (#11364) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.11.6 to 2025.7.31.
Changelog

Sourced from regex's changelog.

Version: 2025.7.31

Further updates to main.yml.

Version: 2025.7.30

Updated main.yml and pyproject.toml.

Version: 2025.7.29

Git issue 572: Inline ASCII modifier doesn't seem to affect
anything

Version: 2025.5.19

Changed how main.yml skips unwanted Arch builds.

Version: 2025.5.18

Updated main.yml to build Windows ARM64/aarch64 wheel.

Updated licence text format in pyproject.toml.

Version: 2025.2.13

Dropping support for Python 3.8 and removing it from
main.yml.

Version: 2025.2.12

Further fixes to main.yml.

Version: 2025.2.11

Updated main.yml to Artifacts v4.

Version: 2025.2.10

Git issue 551: Infinite loop on V1 search

It's catastrophic backtracking due to the possibilities of full
casefolding.


Replacing [\s\S] with (?s:.) can help, but
a proper fix would be more difficult.

Version: 2024.11.7

Updated pyproject.toml and setup.py according to PEP 517.

Version: 2024.11.6

Git issue 546: Partial match not working in some instances
with non-greedy capture

... (truncated)

Commits
  • becb0d4 Updated version and added changes to changelog.txt.
  • 457bcd3 Merge pull request #577 from facelessuser/bugfix/linux
  • 0d045f7 No need to upload source in manylinux
  • f2d385b Fix aarch64, ppc64le, s390x, and source dist
  • 4bc46f1 Merge pull request #574 from facelessuser/bugfix/wheels
  • 4c9da2e Experiment with wheel building
  • 33c577b Git issue 572: Inline ASCII modifier doesn't seem to affect anything
  • addaa7c Updated licence format in pyproject.toml.
  • b3905c5 Merge pull request #567 from tangledhelix/windows-arm-ci
  • eea31d0 Build Windows ARM64/aarch64 wheel
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2024.11.6&new-version=2025.7.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 566e06c67ed..a36b35252a7 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -205,7 +205,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2024.11.6 +regex==2025.7.31 # via re-assert requests==2.32.4 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index db027ee8a87..8120bcb660c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -200,7 +200,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2024.11.6 +regex==2025.7.31 # via re-assert requests==2.32.4 # via diff --git a/requirements/test.txt b/requirements/test.txt index 61b78b3be6d..23d6ed7fd83 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -118,7 +118,7 @@ python-on-whales==0.78.0 # via -r requirements/test.in re-assert==1.1.0 # via -r requirements/test.in -regex==2024.11.6 +regex==2025.7.31 # via re-assert rich==14.1.0 # via pytest-codspeed From fbdeb68057362f7329dd1ec1ba05d875d5cdb939 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Jul 2025 11:00:09 +0000 Subject: [PATCH 055/148] Bump pypa/cibuildwheel from 3.1.1 to 3.1.2 (#11366) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 3.1.1 to 3.1.2.
Release notes

Sourced from pypa/cibuildwheel's releases.

v3.1.2

  • ⚠️ Add an error if CIBW_FREE_THREADING_SUPPORT is set; you are likely missing 3.13t wheels, please use the enable/CIBW_ENABLE (#2520)
  • 🛠 riscv64 now enabled if you target that architecture, it's now supported on PyPI (#2509)
  • 🛠 Add warning when using cpython-experimental-riscv64 (no longer needed) (#2526, #2528)
  • 🛠 iOS versions bumped, fixing issues with 3.14 (now RC 1) (#2530)
  • 🐛 Fix bug in Android running wheel from our GitHub Action (#2517)
  • 🐛 Fix warning when using test-skip of "*-macosx_universal2:arm64" (#2522)
  • 🐛 Fix incorrect number of wheels reported in logs, again (#2517)
  • 📚 We welcome our Android platform maintainer (#2516)
Changelog

Sourced from pypa/cibuildwheel's changelog.

v3.1.2

29 July 2025

  • ⚠️ Add an error if CIBW_FREE_THREADING_SUPPORT is set; you are likely missing 3.13t wheels, please use the enable/CIBW_ENABLE (#2520)
  • 🛠 riscv64 now enabled if you target that architecture, it's now supported on PyPI (#2509)
  • 🛠 Add warning when using cpython-experimental-riscv64 (no longer needed) (#2526, #2528)
  • 🛠 iOS versions bumped, fixing issues with 3.14 (now RC 1) (#2530)
  • 🐛 Fix bug in Android running wheel from our GitHub Action (#2517)
  • 🐛 Fix warning when using test-skip of "*-macosx_universal2:arm64" (#2522)
  • 🐛 Fix incorrect number of wheels reported in logs, again (#2517)
  • 📚 We welcome our Android platform maintainer (#2516)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=3.1.1&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index e39c41160cc..95323bdad40 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -414,7 +414,7 @@ jobs: run: | make cythonize - name: Build wheels - uses: pypa/cibuildwheel@v3.1.1 + uses: pypa/cibuildwheel@v3.1.2 env: CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }} CIBW_ARCHS_MACOS: x86_64 arm64 universal2 From bde886db7a60f2ddf2e7b61ed55875938e8e7759 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 10:59:51 +0000 Subject: [PATCH 056/148] Bump freezegun from 1.5.3 to 1.5.4 (#11368) Bumps [freezegun](https://github.com/spulec/freezegun) from 1.5.3 to 1.5.4.
Changelog

Sourced from freezegun's changelog.

1.5.4

  • Fix: Ability to yield fixtures (broken in 1.5.3)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=freezegun&package-manager=pip&previous-version=1.5.3&new-version=1.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index a36b35252a7..50b6232671f 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -76,7 +76,7 @@ filelock==3.18.0 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.3 +freezegun==1.5.4 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 8120bcb660c..28ceefd08fd 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -74,7 +74,7 @@ filelock==3.18.0 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.3 +freezegun==1.5.4 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index bf1268c429b..24f24e4a308 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -31,7 +31,7 @@ filelock==3.18.0 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.3 +freezegun==1.5.4 # via -r requirements/lint.in identify==2.6.12 # via pre-commit diff --git a/requirements/test.txt b/requirements/test.txt index 23d6ed7fd83..30eb768d2f6 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -39,7 +39,7 @@ execnet==2.1.1 # via pytest-xdist forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.3 +freezegun==1.5.4 # via -r requirements/test.in frozenlist==1.7.0 # via From 9d68685dfc79a75b5e9c722b2ec1509b07de0a32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:04:27 +0000 Subject: [PATCH 057/148] Bump pip from 25.1.1 to 25.2 (#11369) Bumps [pip](https://github.com/pypa/pip) from 25.1.1 to 25.2.
Changelog

Sourced from pip's changelog.

25.2 (2025-07-30)

Features

  • Declare support for Python 3.14 ([#13506](https://github.com/pypa/pip/issues/13506) <https://github.com/pypa/pip/issues/13506>_)
  • Automatic download resumption and retrying is enabled by default. ([#13464](https://github.com/pypa/pip/issues/13464) <https://github.com/pypa/pip/issues/13464>_)
  • Requires-Python error message displays version clauses in numerical order. ([#13367](https://github.com/pypa/pip/issues/13367) <https://github.com/pypa/pip/issues/13367>_)
  • Minor performance improvement getting the order to install a very large number of interdependent packages. ([#13424](https://github.com/pypa/pip/issues/13424) <https://github.com/pypa/pip/issues/13424>_)
  • Show time taken instead of eta 0:00:00 at download completion. ([#13483](https://github.com/pypa/pip/issues/13483) <https://github.com/pypa/pip/issues/13483>_)
  • Speed up small CLI tools by removing import re from the console script executable template. ([#13165](https://github.com/pypa/pip/issues/13165) <https://github.com/pypa/pip/issues/13165>_)
  • Remove warning when cloning from a Git reference that does not look like a commit hash. ([#12283](https://github.com/pypa/pip/issues/12283) <https://github.com/pypa/pip/issues/12283>_)

Bug Fixes

  • pip config debug now correctly separates options as set by the different files at the same level. ([#12099](https://github.com/pypa/pip/issues/12099) <https://github.com/pypa/pip/issues/12099>_)

  • Ensure truststore feature remains active even when a proxy is also in use. ([#13343](https://github.com/pypa/pip/issues/13343) <https://github.com/pypa/pip/issues/13343>_)

  • Include sub-commands in tab completion. ([#13140](https://github.com/pypa/pip/issues/13140) <https://github.com/pypa/pip/issues/13140>_)

  • pip list with the json or freeze format enabled will no longer crash when encountering a package with an invalid version. ([#13345](https://github.com/pypa/pip/issues/13345) <https://github.com/pypa/pip/issues/13345>_)

  • Provide a hint if a system error is raised involving long filenames or path segments on Windows. ([#13346](https://github.com/pypa/pip/issues/13346) <https://github.com/pypa/pip/issues/13346>_)

  • Resumed downloads are saved to the HTTP cache like any other normal download. ([#13441](https://github.com/pypa/pip/issues/13441) <https://github.com/pypa/pip/issues/13441>_)

  • Configured verbosity is consistently forwarded while calling Git during VCS operations. ([#13329](https://github.com/pypa/pip/issues/13329) <https://github.com/pypa/pip/issues/13329>_)

  • Suppress the progress bar, when running with --log and --quiet.

    Consequently, a new auto mode for --progress-bar has been added. auto will enable progress bars unless suppressed by --quiet, while on will always enable progress bars. ([#10915](https://github.com/pypa/pip/issues/10915) <https://github.com/pypa/pip/issues/10915>_)

  • Fix normalization of local URLs with non-file schemes. ([#13509](https://github.com/pypa/pip/issues/13509) <https://github.com/pypa/pip/issues/13509>_)

  • Fix normalization of local file URLs on Windows in newer Python versions. ([#13510](https://github.com/pypa/pip/issues/13510) <https://github.com/pypa/pip/issues/13510>_)

  • Fix remaining test failures in Python 3.14 by adjusting path_to_url and similar functions. ([#13423](https://github.com/pypa/pip/issues/13423) <https://github.com/pypa/pip/issues/13423>_)

  • Fix missing network test markings, making the suite pass in offline environments again. ([#13378](https://github.com/pypa/pip/issues/13378) <https://github.com/pypa/pip/issues/13378>_)

Vendored Libraries

  • Upgrade CacheControl to 0.14.3
  • Upgrade certifi to 2025.7.14
  • Upgrade distlib to 0.4.0
  • Upgrade msgpack to 1.1.1
  • Upgrade platformdirs to 4.3.8
  • Upgrade pygments to 2.19.2
  • Upgrade requests to 2.32.4
  • Upgrade resolvelib to 1.2.0

... (truncated)

Commits
  • 2e05cae Bump for release
  • f249061 Update AUTHORS.txt
  • 78d15a5 Copyedit news entries before 25.2 (again)
  • 4fe68d7 Merge pull request #13506 from ichard26/3.14
  • 775a86f Fix broken unit tests & xfail weird failure
  • 2773b13 Reformat and add --allow-unix-socket to pytest config
  • e384d10 Declare Python 3.14 support
  • 4117dc7 Always remove authority section when cleaning local URL path (#13510)
  • 2e21934 Fix cleaning of local URLs with VCS schemes (#13509)
  • 853a593 Improve path_to_url() tests (#13496)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.1.1&new-version=25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 50b6232671f..30deaf06440 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -306,7 +306,7 @@ zstandard==0.23.0 ; implementation_name == "cpython" # -r requirements/runtime-deps.in # The following packages are considered to be unsafe in a requirements file: -pip==25.1.1 +pip==25.2 # via pip-tools setuptools==80.9.0 # via pip-tools diff --git a/requirements/dev.txt b/requirements/dev.txt index 28ceefd08fd..eaf2c14e984 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -297,7 +297,7 @@ zstandard==0.23.0 ; platform_python_implementation == "CPython" and python_versi # -r requirements/runtime-deps.in # The following packages are considered to be unsafe in a requirements file: -pip==25.1.1 +pip==25.2 # via pip-tools setuptools==80.9.0 # via pip-tools From 3c31b6914e45390123e56a4c0f2e4dba4d905c42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:40:19 +0000 Subject: [PATCH 058/148] Bump regex from 2025.7.31 to 2025.7.34 (#11373) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2025.7.31 to 2025.7.34.
Changelog

Sourced from regex's changelog.

Version: 2025.7.34

Git issue 575: Issues with ASCII/Unicode modifiers

Version: 2025.7.33

Updated main.yml and pyproject.toml.

Version: 2025.7.32

Git issue 580: Regression in v2025.7.31: \P{L} no longer
matches in simple patterns

Version: 2025.7.31

Further updates to main.yml.

Version: 2025.7.30

Updated main.yml and pyproject.toml.

Version: 2025.7.29

Git issue 572: Inline ASCII modifier doesn't seem to affect
anything

Version: 2025.5.19

Changed how main.yml skips unwanted Arch builds.

Version: 2025.5.18

Updated main.yml to build Windows ARM64/aarch64 wheel.

Updated licence text format in pyproject.toml.

Version: 2025.2.13

Dropping support for Python 3.8 and removing it from
main.yml.

Version: 2025.2.12

Further fixes to main.yml.

Version: 2025.2.11

Updated main.yml to Artifacts v4.

Version: 2025.2.10

Git issue 551: Infinite loop on V1 search

... (truncated)

Commits
  • 23ca191 Git issue 575: Issues with ASCII/Unicode modifiers
  • 88fee85 Updated main.yml and pyproject.toml.
  • 7ebda8c Merge pull request #582 from facelessuser/bugfix/setuptools
  • 26d6efc Setup failure scenario
  • a4a6d94 Git issue 580: Regression in v2025.7.31: \P{L} no longer matches in simple pa...
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2025.7.31&new-version=2025.7.34)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 30deaf06440..8a97ca38833 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -205,7 +205,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2025.7.31 +regex==2025.7.34 # via re-assert requests==2.32.4 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index eaf2c14e984..6348b65ef44 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -200,7 +200,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2025.7.31 +regex==2025.7.34 # via re-assert requests==2.32.4 # via diff --git a/requirements/test.txt b/requirements/test.txt index 30eb768d2f6..fc1a0b380cf 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -118,7 +118,7 @@ python-on-whales==0.78.0 # via -r requirements/test.in re-assert==1.1.0 # via -r requirements/test.in -regex==2025.7.31 +regex==2025.7.34 # via re-assert rich==14.1.0 # via pytest-codspeed From 6c346bc465f221d4ff1810e6a18c3d7f41e13e85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:40:43 +0000 Subject: [PATCH 059/148] Bump mypy from 1.17.0 to 1.17.1 (#11374) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [mypy](https://github.com/python/mypy) from 1.17.0 to 1.17.1.
Changelog

Sourced from mypy's changelog.

Mypy 1.17.1

  • Retain None as constraints bottom if no bottoms were provided (Stanislav Terliakov, PR 19485)
  • Fix "ignored exception in hasattr" in dmypy (Stanislav Terliakov, PR 19428)
  • Prevent a crash when InitVar is redefined with a method in a subclass (Stanislav Terliakov, PR 19453)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • Alexey Makridenko
  • Brian Schubert
  • Chad Dombrova
  • Chainfire
  • Charlie Denton
  • Charulata
  • Christoph Tyralla
  • CoolCat467
  • Donal Burns
  • Guy Wilson
  • Ivan Levkivskyi
  • johnthagen
  • Jukka Lehtosalo
  • Łukasz Kwieciński
  • Marc Mueller
  • Michael J. Sullivan
  • Mikhail Golubev
  • Sebastian Rittau
  • Shantanu
  • Stanislav Terliakov
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
</tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy&package-manager=pip&previous-version=1.17.0&new-version=1.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 8a97ca38833..ede42841586 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -118,7 +118,7 @@ multidict==6.6.3 # -r requirements/multidict.in # -r requirements/runtime-deps.in # yarl -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 6348b65ef44..1dd727ce3f0 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -115,7 +115,7 @@ multidict==6.6.3 # via # -r requirements/runtime-deps.in # yarl -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 24f24e4a308..5d41572db43 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -45,7 +45,7 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via -r requirements/lint.in mypy-extensions==1.1.0 # via mypy diff --git a/requirements/test.txt b/requirements/test.txt index fc1a0b380cf..3d2d3fc2cf5 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -63,7 +63,7 @@ multidict==6.6.3 # via # -r requirements/runtime-deps.in # yarl -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via -r requirements/test.in mypy-extensions==1.1.0 # via mypy From 0619c1d5600b75969e0eec5d8d61e8c963554bc7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:44:33 +0000 Subject: [PATCH 060/148] Bump pip-tools from 7.4.1 to 7.5.0 (#11370) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 7.4.1 to 7.5.0.
Release notes

Sourced from pip-tools's releases.

v7.5.0

2025-07-30

Bug fixes

  • Fixed the ordering of format controls to preserve underlying pip behavior -- by @​sethmlarson.

    PRs and issues: #2082

  • Fixed NoCandidateFound exception to be compatible with pip >= 24.1 -- by @​chrysle.

    PRs and issues: #2083

  • pip-compile now produces relative paths for editable dependencies -- by @​macro1.

    PRs and issues: #2087

  • Fixed crash failures due to incompatibility with pip >= 25.1 -- by @​gkreitz and @​sirosen.

    PRs and issues: #2176, #2178

Features

  • pip-compile now treats package versions requested on the command line as constraints for the underlying pip usage. This applies to build deps in addition to normal package requirements.

    -- by @​chrysle

    PRs and issues: #2106

  • pip-tools now tests on and officially supports Python 3.12 -- by @​sirosen.

    PRs and issues: #2188

  • Requirements file paths in pip-compile output are now normalized to POSIX-style, even when pip-compile is run on Windows. This provides more consistent output across various platforms.

    -- by @​sirosen

    PRs and issues: #2195

  • pip-tools now tests against and supports pip up to version 25.1 -- by @​sirosen.

    PRs and issues: #2195

Removals and backward incompatible breaking changes

  • pip-compile will now relativize the requirements paths which are recorded in its output. Paths are made relative to the working directory. This provides more consistent results across pip versions.

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.0

2025-07-30

Bug fixes

  • Fixed the ordering of format controls to preserve underlying pip behavior -- by {user}sethmlarson.

    PRs and issues: {issue}2082

  • Fixed NoCandidateFound exception to be compatible with pip >= 24.1 -- by {user}chrysle.

    PRs and issues: {issue}2083

  • pip-compile now produces relative paths for editable dependencies -- by {user}macro1.

    PRs and issues: {issue}2087

  • Fixed crash failures due to incompatibility with pip >= 25.1 -- by {user}gkreitz and {user}sirosen.

    PRs and issues: {issue}2176, {issue}2178

Features

  • pip-compile now treats package versions requested on the command line as constraints for the underlying pip usage. This applies to build deps in addition to normal package requirements.

    -- by {user}chrysle

    PRs and issues: {issue}2106

  • pip-tools now tests on and officially supports Python 3.12 -- by {user}sirosen.

    PRs and issues: {issue}2188

  • Requirements file paths in pip-compile output are now normalized to POSIX-style, even when pip-compile is run on Windows. This provides more consistent output across various platforms.

    -- by {user}sirosen

    PRs and issues: {issue}2195

  • pip-tools now tests against and supports pip up to version 25.1

... (truncated)

Commits
  • debe5a4 Update changelog for version 7.5.0
  • 1c7d9fb Merge pull request #2210 from webknjaz/bugfixes/release-env-context-access
  • 96ed4d2 Merge pull request #2209 from webknjaz/maintenance/release-attestations-cleanup
  • a180dd9 📝 Link the PR #2209 change note to PR #2149
  • 7f9512a 📝 Link the PR #2210 change note to PR #2149
  • 396da33 Run the dist build job in PRs
  • 7b1c22c Fix accessing repo id in the release workflow
  • 05daad6 Drop release attestations for Jazzband upload
  • b4ddd75 Merge pull request #2203 from sirosen/use-towncrier
  • a136172 Add a run of 'changelog-draft' to QA CI jobs
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip-tools&package-manager=pip&previous-version=7.4.1&new-version=7.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ede42841586..02025141578 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -134,7 +134,7 @@ packaging==25.0 # sphinx pathspec==0.12.1 # via mypy -pip-tools==7.4.1 +pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 1dd727ce3f0..72a0180b20a 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -131,7 +131,7 @@ packaging==25.0 # sphinx pathspec==0.12.1 # via mypy -pip-tools==7.4.1 +pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test.in From d3c70b54426806e315afabc91c568dad37be035d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 14:35:33 +0000 Subject: [PATCH 061/148] Bump build from 1.2.2.post1 to 1.3.0 (#11377) Bumps [build](https://github.com/pypa/build) from 1.2.2.post1 to 1.3.0.
Release notes

Sourced from build's releases.

1.3.0

  • Add --config-json (PR #916, fixes issue #900)
  • Drop Python 3.8 (PR #891)
  • Test on Python 3.14, colorful help on 3.14+ (PR #895)
  • Fix ModuleNotFoundError when pip is not installed (PR #898)
  • Disable use of pip install --python for debundled pip (PR #861)
  • Don't pass no-wheel to virtualenv if it would warn (PR #892)
  • Optimize our tests to run faster (PR #871, #872, #738)
  • Allow running our tests without virtualenv (PR #911)
  • Fix issues in our tests (PR #824, #918, #870, #915, #862, #863, #899, #896, #854)
  • Use SPDX identifiers for our license metadata (PR #914)
  • Use dependency-groups for our development (PR #880)
  • Mention conda and update uv mention in README/docs (PR #842, #816, #917)
Changelog

Sourced from build's changelog.

1.3.0 (2025-08-01)

  • Add --config-json (PR :pr:916, fixes issue :issue:900)
  • Drop Python 3.8 (PR :pr:891)
  • Test on Python 3.14, colorful help on 3.14+ (PR :pr:895)
  • Fix ModuleNotFoundError when pip is not installed (PR :pr:898)
  • Disable use of pip install --python for debundled pip (PR :pr:861)
  • Don't pass no-wheel to virtualenv if it would warn (PR :pr:892)
  • Optimize our tests to run faster (PR :pr:871, :pr:872, :pr:738)
  • Allow running our tests without virtualenv (PR :pr:911)
  • Fix issues in our tests (PR :pr:824, :pr:918, :pr:870, :pr:915, :pr:862, :pr:863, :pr:899, :pr:896, :pr:854)
  • Use SPDX identifiers for our license metadata (PR :pr:914)
  • Use dependency-groups for our development (PR :pr:880)
  • Mention conda and update uv mention in README/docs (PR :pr:842, :pr:816, :pr:917)

1.2.2 (2024-09-06)

  • Add editable to builder.get_requries_for_build's static types (PR :pr:764, fixes issue :issue:763)
  • Include artifact attestations in our release (PR :pr:782)
  • Fix typing compatibility with typed pyproject-hooks (PR :pr:788)
  • Mark more tests with network (PR :pr:808)
  • Add more intersphinx links to docs (PR :pr:804)
  • Make uv optional for tests (PR :pr:807 and :pr:813)

1.2.1 (2024-03-28)

  • Avoid error when terminal width is undetectable on Python < 3.11 (PR :pr:761)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=build&package-manager=pip&previous-version=1.2.2.post1&new-version=1.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 02025141578..ebd37231e60 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -32,7 +32,7 @@ blockbuster==1.5.25 # -r requirements/test.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in -build==1.2.2.post1 +build==1.3.0 # via pip-tools certifi==2025.7.14 # via requests diff --git a/requirements/dev.txt b/requirements/dev.txt index 72a0180b20a..ba9eada3cce 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -32,7 +32,7 @@ blockbuster==1.5.25 # -r requirements/test.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in -build==1.2.2.post1 +build==1.3.0 # via pip-tools certifi==2025.7.14 # via requests From db15cf82e2a847b0264efed813092b482b0bfea8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 15:05:50 +0000 Subject: [PATCH 062/148] Bump virtualenv from 20.32.0 to 20.33.0 (#11379) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.32.0 to 20.33.0.
Release notes

Sourced from virtualenv's releases.

20.33.0

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.32.0...20.33.0

Changelog

Sourced from virtualenv's changelog.

v20.33.0 (2025-08-03)

Features - 20.33.0

- Added support for Tcl and Tkinter. You're welcome.
  Contributed by :user:`esafak`. (:issue:`425`)

Bugfixes - 20.33.0

  • Prevent logging setup when --help is passed, fixing a flaky test. Contributed by :user:esafak. (:issue:u)
  • Fix cache invalidation for PythonInfo by hashing py_info.py. Contributed by :user:esafak. (:issue:2467)
  • When no discovery plugins are found, the application would crash with a StopIteration. This change catches the StopIteration and raises a RuntimeError with a more informative message. Contributed by :user:esafak. (:issue:2493)
  • Stop --try-first-with overriding absolute --python paths. Contributed by :user:esafak. (:issue:2659)
  • Force UTF-8 encoding for pip download Contributed by :user:esafak. (:issue:2780)
  • Creating a virtual environment on a filesystem without symlink-support would fail even with --copies Make fs_supports_symlink perform a real symlink creation check on all platforms. Contributed by :user:esafak. (:issue:2786)
  • Add a note to the user guide recommending the use of a specific Python version when creating virtual environments. Contributed by :user:esafak. (:issue:2808)
  • Fix 'Too many open files' error due to a file descriptor leak in virtualenv's locking mechanism. Contributed by :user:esafak. (:issue:2834)
  • Support renamed Windows venv redirector (venvlauncher.exe and venvwlauncher.exe) on Python 3.13 Contributed by :user:esafak. (:issue:2851)
  • Resolve Nushell activation script deprecation warnings by dynamically selecting the --optional flag for Nushell get command on version 0.106.0 and newer, while retaining the deprecated -i flag for older versions to maintain compatibility. Contributed by :user:gaborbernat. (:issue:2910)
Commits
  • 829e3d2 release 20.33.0
  • 3d35fbb feat: Add Tcl/Tkinter support (#2928)
  • 9872144 fix: Update venv redirector detection for Python 3.13 on Windows (#2920)
  • 31eb8b9 fix cache invalidation for PythonInfo (#2925)
  • ec1c83e fix(testing): Prevent logging setup when --help is passed (#2923)
  • 0c84728 fix 'Too many open files' error and improve error message (#2922)
  • f264539 fix: --try-first-with was overriding an absolute --python path (#2921)
  • 19796cf fix: Prevent crash on file in PATH during discovery (#2917)
  • 01074bc fix: Force UTF-8 encoding for pip subprocess (#2918)
  • fb2ba1c docs: Recommend specific python version for virtualenv (#2916)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.32.0&new-version=20.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ebd37231e60..e8704c66f7d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.1.0 # via -r requirements/lint.in -virtualenv==20.32.0 +virtualenv==20.33.0 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index ba9eada3cce..ea89190840c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.1.0 # via -r requirements/lint.in -virtualenv==20.32.0 +virtualenv==20.33.0 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 5d41572db43..1fdc3c4616c 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -115,7 +115,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.1.0 # via -r requirements/lint.in -virtualenv==20.32.0 +virtualenv==20.33.0 # via pre-commit zlib-ng==0.5.1 # via -r requirements/lint.in From 532c95cbaafec60199dbb1aa4330a52e3b7a8f6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 15:11:53 +0000 Subject: [PATCH 063/148] Bump certifi from 2025.7.14 to 2025.8.3 (#11380) Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.7.14 to 2025.8.3.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2025.7.14&new-version=2025.8.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index e8704c66f7d..8c0983ea120 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -34,7 +34,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.3.0 # via pip-tools -certifi==2025.7.14 +certifi==2025.8.3 # via requests cffi==1.17.1 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index ea89190840c..e616e72f310 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -34,7 +34,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.3.0 # via pip-tools -certifi==2025.7.14 +certifi==2025.8.3 # via requests cffi==1.17.1 # via diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index ff9ac9ab561..b052bf7ce1f 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -10,7 +10,7 @@ alabaster==1.0.0 # via sphinx babel==2.17.0 # via sphinx -certifi==2025.7.14 +certifi==2025.8.3 # via requests charset-normalizer==3.4.2 # via requests diff --git a/requirements/doc.txt b/requirements/doc.txt index f2252174aae..ded1ef293fd 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -10,7 +10,7 @@ alabaster==1.0.0 # via sphinx babel==2.17.0 # via sphinx -certifi==2025.7.14 +certifi==2025.8.3 # via requests charset-normalizer==3.4.2 # via requests From 96efd42003d440b16ca9adaac680da6600844b7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 15:23:14 +0000 Subject: [PATCH 064/148] Bump coverage from 7.10.1 to 7.10.2 (#11382) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.1 to 7.10.2.
Changelog

Sourced from coverage's changelog.

Version 7.10.2 — 2025-08-03

  • Fix: some code with NOP bytecodes could report missing branches that are actually executed. This is now fixed, closing issue 1999_. Python 3.9 still shows the problem.

.. _issue 1999: nedbat/coveragepy#1999

.. _changes_7-10-1:

Commits
  • a867852 docs: sample HTML for 7.10.2
  • e7bfabe docs: prep for 7.10.2
  • 5dbd736 test: this test often borks metacov, retry it
  • b7430fa debug: more convenient run_trace.py
  • e2039d0 refactor: less redundancy in branch_trails
  • c177731 fix: see through nop bytecodes to get the right arcs. #1999
  • 7a83ab0 test: don't try to make pth files when invoked from pth #2011
  • 6d8b091 refactor: remove a commented-out line
  • fc507ad test: add a case for an extension-less Python file parse error
  • 05a6e8d test: no need for skip, we already skip windows
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.1&new-version=7.10.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 8c0983ea120..bfdb3606e4a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.1 +coverage==7.10.2 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index e616e72f310..57a4b18b482 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.1 +coverage==7.10.2 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 3d2d3fc2cf5..80afa22a9cd 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.1 +coverage==7.10.2 # via # -r requirements/test.in # pytest-cov From 793473dc5fa824f6ea86388abddc068243818461 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 10:42:54 +0000 Subject: [PATCH 065/148] Bump actions/download-artifact from 4 to 5 (#11390) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
Release notes

Sourced from actions/download-artifact's releases.

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

  • By name: name: my-artifact → extracted to path/ (direct)
  • By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

  • By name: name: my-artifact → extracted to path/ (unchanged)
  • By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:
  • You download artifacts by name
  • You download multiple artifacts by ID
  • You already use merge-multiple: true as a workaround
⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist
# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

</tr></table>

... (truncated)

Commits
  • 634f93c Merge pull request #416 from actions/single-artifact-id-download-path
  • b19ff43 refactor: resolve download path correctly in artifact download tests (mainly ...
  • e262cbe bundle dist
  • bff23f9 update docs
  • fff8c14 fix download path logic when downloading a single artifact by id
  • 448e3f8 Merge pull request #407 from actions/nebuk89-patch-1
  • 47225c4 Update README.md
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 95323bdad40..51d4b6ecc4f 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -174,7 +174,7 @@ jobs: python -m pip install -r requirements/test.in -c requirements/test.txt - name: Restore llhttp generated files if: ${{ matrix.no-extensions == '' }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: llhttp path: vendor/llhttp/build/ @@ -261,7 +261,7 @@ jobs: run: | python -m pip install -r requirements/test.in -c requirements/test.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: llhttp path: vendor/llhttp/build/ @@ -322,7 +322,7 @@ jobs: python -m pip install -r requirements/cython.in -c requirements/cython.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: llhttp path: vendor/llhttp/build/ @@ -406,7 +406,7 @@ jobs: python -m pip install -r requirements/cython.in -c requirements/cython.txt - name: Restore llhttp generated files - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: llhttp path: vendor/llhttp/build/ @@ -451,7 +451,7 @@ jobs: run: | echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token - name: Download distributions - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: path: dist pattern: dist-* From 72135a84b2dc73f6d3fe026b837dd854b15a81f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 10:56:18 +0000 Subject: [PATCH 066/148] Bump virtualenv from 20.33.0 to 20.33.1 (#11391) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.33.0 to 20.33.1.
Release notes

Sourced from virtualenv's releases.

20.33.1

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.33.0...20.33.1

Changelog

Sourced from virtualenv's changelog.

v20.33.1 (2025-08-05)

Bugfixes - 20.33.1

- Correctly unpack _get_tcl_tk_libs() response in PythonInfo.
  Contributed by :user:`esafak`. (:issue:`2930`)
- Restore `py_info.py` timestamp in
`test_py_info_cache_invalidation_on_py_info_change`
  Contributed by :user:`esafak`. (:issue:`2933`)
Commits
  • 8cea2c7 release 20.33.1
  • cac4942 Merge pull request #2942 from esafak/bug_report_template
  • 91d3618 chore: Request shell and python details in bug reports
  • f528c19 Merge pull request #2940 from esafak/fix/2930-tcl-library-bug
  • a7c6824 Merge branch 'main' into fix/2930-tcl-library-bug
  • 034f717 [pre-commit.ci] auto fixes from pre-commit.com hooks
  • 8c9e431 Iterate on quoting
  • 59078c5 Remove investigation scripts, add changelog entry
  • 7336c43 fix: Correctly unpack _get_tcl_tk_libs() response in PythonInfo
  • 94004cc Merge pull request #2937 from pypa/pre-commit-ci-update-config
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.33.0&new-version=20.33.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index bfdb3606e4a..c38e13295b6 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -288,7 +288,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.1.0 # via -r requirements/lint.in -virtualenv==20.33.0 +virtualenv==20.33.1 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 57a4b18b482..5c84f486446 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -279,7 +279,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.1.0 # via -r requirements/lint.in -virtualenv==20.33.0 +virtualenv==20.33.1 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 1fdc3c4616c..388e76a5fd8 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -115,7 +115,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.1.0 # via -r requirements/lint.in -virtualenv==20.33.0 +virtualenv==20.33.1 # via pre-commit zlib-ng==0.5.1 # via -r requirements/lint.in From f2feddb66cfdef1dde3d781ea9e2bee5ac71b1d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:04:46 +0000 Subject: [PATCH 067/148] Bump cryptography from 45.0.5 to 45.0.6 (#11392) Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.5 to 45.0.6.
Changelog

Sourced from cryptography's changelog.

45.0.6 - 2025-08-05


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.2.

.. _v45-0-5:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=45.0.5&new-version=45.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c38e13295b6..374ebc422d7 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -58,7 +58,7 @@ coverage==7.10.2 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.5 +cryptography==45.0.6 # via # pyjwt # trustme diff --git a/requirements/dev.txt b/requirements/dev.txt index 5c84f486446..ba16f0b05a7 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -58,7 +58,7 @@ coverage==7.10.2 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.5 +cryptography==45.0.6 # via # pyjwt # trustme diff --git a/requirements/lint.txt b/requirements/lint.txt index 388e76a5fd8..d8256bb54bd 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -21,7 +21,7 @@ cfgv==3.4.0 # via pre-commit click==8.1.8 # via slotscheck -cryptography==45.0.5 +cryptography==45.0.6 # via trustme distlib==0.4.0 # via virtualenv diff --git a/requirements/test.txt b/requirements/test.txt index 80afa22a9cd..367bc9ed544 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -31,7 +31,7 @@ coverage==7.10.2 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.5 +cryptography==45.0.6 # via trustme exceptiongroup==1.3.0 # via pytest From f35464d17920d1485af3c93506125395a30bd575 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:13:02 +0000 Subject: [PATCH 068/148] Bump pycares from 4.9.0 to 4.10.0 (#11393) Bumps [pycares](https://github.com/saghul/pycares) from 4.9.0 to 4.10.0.
Commits
  • b0450c9 Set version to 4.10.0
  • c3c931f Refactor channel destruction logic
  • 0486f67 Fixup test CI
  • 8b59cea Remove context manager support
  • 3b1912c build(deps): bump pypa/cibuildwheel from 2.23.3 to 3.0.0
  • b66e535 Add new process_read_fd process_write_fd to test
  • 78f3866 Add read & write process_fd functions
  • 1787759 Idna resource reduction using a length check (#247)
  • 881a3a1 Make result.type Final
  • 04e45e8 Fix OpenBSD build
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pycares&package-manager=pip&previous-version=4.9.0&new-version=4.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 83bb464efde..b78f83bc491 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -36,7 +36,7 @@ propcache==0.3.2 # via # -r requirements/runtime-deps.in # yarl -pycares==4.9.0 +pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 374ebc422d7..8986063271d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -152,7 +152,7 @@ propcache==0.3.2 # yarl proxy-py==2.4.10 # via -r requirements/test.in -pycares==4.9.0 +pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/dev.txt b/requirements/dev.txt index ba16f0b05a7..c29bc051deb 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -149,7 +149,7 @@ propcache==0.3.2 # yarl proxy-py==2.4.10 # via -r requirements/test.in -pycares==4.9.0 +pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/lint.txt b/requirements/lint.txt index d8256bb54bd..d952d046049 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -61,7 +61,7 @@ pluggy==1.6.0 # via pytest pre-commit==4.2.0 # via -r requirements/lint.in -pycares==4.9.0 +pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 6bf80715c7c..6a089405135 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -32,7 +32,7 @@ propcache==0.3.2 # via # -r requirements/runtime-deps.in # yarl -pycares==4.9.0 +pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/test.txt b/requirements/test.txt index 367bc9ed544..f89c019dd41 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -85,7 +85,7 @@ propcache==0.3.2 # yarl proxy-py==2.4.10 # via -r requirements/test.in -pycares==4.9.0 +pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi From 98c9f312f49d6007b5399c4726f20b94d2d94bae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 10:35:21 +0000 Subject: [PATCH 069/148] Bump actions/cache from 4.2.3 to 4.2.4 (#11399) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4.
Release notes

Sourced from actions/cache's releases.

v4.2.4

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v4...v4.2.4

Changelog

Sourced from actions/cache's changelog.

4.2.4

  • Bump @actions/cache to v4.0.5
Commits
  • 0400d5f Merge pull request #1636 from actions/Link-/release-4.2.4
  • 374a27f Prepare release 4.2.4
  • 358a730 Merge pull request #1634 from actions/Link-/optimise-deps
  • 2ee706e Fix with another approach
  • 94f7b5d Fix bundle exec
  • c36116c Fix the workflow to use licensed from source
  • 320fe7d Update the licensed workflow to use the latest version
  • d81cc47 Add licensed output
  • de24398 Add licensed output
  • e7b6a9c @​protobuf-ts/plugin to dev dependencies
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.3&new-version=4.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 51d4b6ecc4f..1019b3cd47b 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -47,7 +47,7 @@ jobs: with: python-version: 3.11 - name: Cache PyPI - uses: actions/cache@v4.2.3 + uses: actions/cache@v4.2.4 with: key: pip-lint-${{ hashFiles('requirements/*.txt') }} path: ~/.cache/pip @@ -96,7 +96,7 @@ jobs: with: submodules: true - name: Cache llhttp generated files - uses: actions/cache@v4.2.3 + uses: actions/cache@v4.2.4 id: cache with: key: llhttp-${{ hashFiles('vendor/llhttp/package*.json', 'vendor/llhttp/src/**/*') }} @@ -160,7 +160,7 @@ jobs: echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}" shell: bash - name: Cache PyPI - uses: actions/cache@v4.2.3 + uses: actions/cache@v4.2.4 with: key: pip-ci-${{ runner.os }}-${{ matrix.pyver }}-${{ matrix.no-extensions }}-${{ hashFiles('requirements/*.txt') }} path: ${{ steps.pip-cache.outputs.dir }} From 3e3984e29c076a0d7c91bb6340d3c31b1107891e Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Sat, 9 Aug 2025 22:08:57 +0100 Subject: [PATCH 070/148] Adjust dependencies for Python 3.14 (#10872) (#11401) (cherry picked from commit ec38d25c5a700e4ce798cbe2a91c969cb5d2deb5) --------- Co-authored-by: Kumar Aditya --- CHANGES/10872.contrib.rst | 1 + requirements/constraints.txt | 16 +++++++++------- requirements/dev.txt | 20 ++++++++++---------- requirements/test.in | 2 +- requirements/test.txt | 14 ++++++++------ tests/conftest.py | 11 +++++------ 6 files changed, 34 insertions(+), 30 deletions(-) create mode 100644 CHANGES/10872.contrib.rst diff --git a/CHANGES/10872.contrib.rst b/CHANGES/10872.contrib.rst new file mode 100644 index 00000000000..6a95cd3e64a --- /dev/null +++ b/CHANGES/10872.contrib.rst @@ -0,0 +1 @@ +Updated dependencies to allow testing on Python 3.14. diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 8986063271d..021afd6bc9f 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -1,8 +1,8 @@ # -# This file is autogenerated by pip-compile with python 3.10 -# To update, run: +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: # -# pip-compile --allow-unsafe --output-file=requirements/constraints.txt --resolver=backtracking --strip-extras requirements/constraints.in +# pip-compile --allow-unsafe --output-file=requirements/constraints.txt --strip-extras requirements/constraints.in # aiodns==3.5.0 # via @@ -99,7 +99,7 @@ imagesize==1.4.1 # via sphinx iniconfig==2.1.0 # via pytest -isal==1.7.2 +isal==1.7.2 ; python_version < "3.14" # via # -r requirements/lint.in # -r requirements/test.in @@ -156,9 +156,11 @@ pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.11.7 - # via python-on-whales -pydantic-core==2.33.2 +pydantic==2.12.0a1 + # via + # -r requirements/test.in + # python-on-whales +pydantic-core==2.37.2 # via pydantic pyenchant==3.2.2 # via sphinxcontrib-spelling diff --git a/requirements/dev.txt b/requirements/dev.txt index c29bc051deb..7bbadd6791c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -1,8 +1,8 @@ # -# This file is autogenerated by pip-compile with python 3.10 -# To update, run: +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: # -# pip-compile --allow-unsafe --output-file=requirements/dev.txt --resolver=backtracking --strip-extras requirements/dev.in +# pip-compile --allow-unsafe --output-file=requirements/dev.txt --strip-extras requirements/dev.in # aiodns==3.5.0 # via @@ -97,7 +97,7 @@ imagesize==1.4.1 # via sphinx iniconfig==2.1.0 # via pytest -isal==1.7.2 +isal==1.7.2 ; python_version < "3.14" # via # -r requirements/lint.in # -r requirements/test.in @@ -153,9 +153,11 @@ pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.11.7 - # via python-on-whales -pydantic-core==2.33.2 +pydantic==2.12.0a1 + # via + # -r requirements/test.in + # python-on-whales +pydantic-core==2.37.2 # via pydantic pygments==2.19.2 # via @@ -163,9 +165,7 @@ pygments==2.19.2 # rich # sphinx pyjwt==2.8.0 - # via - # gidgethub - # pyjwt + # via gidgethub pyproject-hooks==1.2.0 # via # build diff --git a/requirements/test.in b/requirements/test.in index 1563689deae..2a692f6e4f6 100644 --- a/requirements/test.in +++ b/requirements/test.in @@ -3,7 +3,7 @@ blockbuster coverage freezegun -isal +isal; python_version < "3.14" # no wheel for 3.14 mypy; implementation_name == "cpython" pkgconfig proxy.py >= 2.4.4rc5 diff --git a/requirements/test.txt b/requirements/test.txt index f89c019dd41..7a32d8d7210 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -1,8 +1,8 @@ # -# This file is autogenerated by pip-compile with python 3.10 +# This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile --allow-unsafe --output-file=requirements/test.txt --resolver=backtracking --strip-extras requirements/test.in +# pip-compile --allow-unsafe --output-file=requirements/test.txt --strip-extras requirements/test.in # aiodns==3.5.0 # via -r requirements/runtime-deps.in @@ -53,7 +53,7 @@ idna==3.4 # yarl iniconfig==2.1.0 # via pytest -isal==1.7.2 +isal==1.7.2 ; python_version < "3.14" # via -r requirements/test.in markdown-it-py==3.0.0 # via rich @@ -89,9 +89,11 @@ pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.11.7 - # via python-on-whales -pydantic-core==2.33.2 +pydantic==2.12.0a1 + # via + # -r requirements/test.in + # python-on-whales +pydantic-core==2.37.2 # via pydantic pygments==2.19.2 # via diff --git a/tests/conftest.py b/tests/conftest.py index 54e0d3f21a7..9404551c9b1 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,6 @@ import socket import ssl import sys -import zlib from hashlib import md5, sha1, sha256 from pathlib import Path from tempfile import TemporaryDirectory @@ -12,9 +11,7 @@ from unittest import mock from uuid import uuid4 -import isal.isal_zlib import pytest -import zlib_ng.zlib_ng from blockbuster import blockbuster_ctx from aiohttp import payload @@ -251,6 +248,8 @@ def selector_loop() -> Iterator[asyncio.AbstractEventLoop]: @pytest.fixture def uvloop_loop() -> Iterator[asyncio.AbstractEventLoop]: + if uvloop is None: + pytest.skip("uvloop is not installed") factory = uvloop.new_event_loop with loop_context(factory) as _loop: asyncio.set_event_loop(_loop) @@ -331,13 +330,13 @@ def unused_port_socket() -> Generator[socket.socket, None, None]: s.close() -@pytest.fixture(params=[zlib, zlib_ng.zlib_ng, isal.isal_zlib]) +@pytest.fixture(params=["zlib", "zlib_ng.zlib_ng", "isal.isal_zlib"]) def parametrize_zlib_backend( request: pytest.FixtureRequest, ) -> Generator[None, None, None]: original_backend: ZLibBackendProtocol = ZLibBackend._zlib_backend - set_zlib_backend(request.param) - + backend = pytest.importorskip(request.param) + set_zlib_backend(backend) yield set_zlib_backend(original_backend) From b3de8387b121c9e630cd4d818ecf76b2cca51aaa Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 10 Aug 2025 01:05:22 +0100 Subject: [PATCH 071/148] [PR #11367/cccbf4cd backport][3.13] Disable the blockbuster fixture when the module is not importable (#11402) **This is a backport of PR #11367 as merged into master (cccbf4cd3390729afe6ebe4c1078c2c979016503).** Co-authored-by: Ben Beasley --- CHANGES/11363.packaging | 2 ++ tests/conftest.py | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 CHANGES/11363.packaging diff --git a/CHANGES/11363.packaging b/CHANGES/11363.packaging new file mode 100644 index 00000000000..65d54bf48c0 --- /dev/null +++ b/CHANGES/11363.packaging @@ -0,0 +1,2 @@ +The `blockbuster` test dependency is now optional; the corresponding test fixture is disabled when it is unavailable +-- by :user:`musicinybrain`. diff --git a/tests/conftest.py b/tests/conftest.py index 9404551c9b1..2be64078659 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -12,7 +12,13 @@ from uuid import uuid4 import pytest -from blockbuster import blockbuster_ctx + +try: + from blockbuster import blockbuster_ctx + + HAS_BLOCKBUSTER = True +except ImportError: # For downstreams only # pragma: no cover + HAS_BLOCKBUSTER = False from aiohttp import payload from aiohttp.client_proto import ResponseHandler @@ -45,7 +51,7 @@ IS_LINUX = sys.platform.startswith("linux") -@pytest.fixture(autouse=True) +@pytest.fixture(autouse=HAS_BLOCKBUSTER) def blockbuster(request: pytest.FixtureRequest) -> Iterator[None]: # Allow selectively disabling blockbuster for specific tests # using the @pytest.mark.skip_blockbuster marker. From f894a779a8b4959243816613464172879563690c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 14:44:36 +0000 Subject: [PATCH 072/148] Bump coverage from 7.10.2 to 7.10.3 (#11403) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.2 to 7.10.3.
Changelog

Sourced from coverage's changelog.

Version 7.10.3 — 2025-08-10

  • Fixes for patch = subprocess:

    • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

    • If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.

    • On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022_.

    • Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn't be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021_. Now the entire configuration is used in subprocesses, regardless of its origin.

    • Added debug=patch to help diagnose problems.

  • Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017: nedbat/coveragepy#2017 .. _issue 2021: nedbat/coveragepy#2021 .. _issue 2022: nedbat/coveragepy#2022 .. _issue 2024: nedbat/coveragepy#2024 .. _issue 2025: nedbat/coveragepy#2025

.. _changes_7-10-2:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.2&new-version=7.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 6 ++---- requirements/dev.txt | 10 +++++----- requirements/test.txt | 6 ++---- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 021afd6bc9f..83236eb7d28 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.2 +coverage==7.10.3 # via # -r requirements/test.in # pytest-cov @@ -157,9 +157,7 @@ pycares==4.10.0 pycparser==2.22 # via cffi pydantic==2.12.0a1 - # via - # -r requirements/test.in - # python-on-whales + # via python-on-whales pydantic-core==2.37.2 # via pydantic pyenchant==3.2.2 diff --git a/requirements/dev.txt b/requirements/dev.txt index 7bbadd6791c..f60f3465c11 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.2 +coverage==7.10.3 # via # -r requirements/test.in # pytest-cov @@ -154,9 +154,7 @@ pycares==4.10.0 pycparser==2.22 # via cffi pydantic==2.12.0a1 - # via - # -r requirements/test.in - # python-on-whales + # via python-on-whales pydantic-core==2.37.2 # via pydantic pygments==2.19.2 @@ -165,7 +163,9 @@ pygments==2.19.2 # rich # sphinx pyjwt==2.8.0 - # via gidgethub + # via + # gidgethub + # pyjwt pyproject-hooks==1.2.0 # via # build diff --git a/requirements/test.txt b/requirements/test.txt index 7a32d8d7210..a045e3e8490 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.2 +coverage==7.10.3 # via # -r requirements/test.in # pytest-cov @@ -90,9 +90,7 @@ pycares==4.10.0 pycparser==2.22 # via cffi pydantic==2.12.0a1 - # via - # -r requirements/test.in - # python-on-whales + # via python-on-whales pydantic-core==2.37.2 # via pydantic pygments==2.19.2 From 734fdf05cfbed49a50fa81cd28aeda590b6a3e36 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 14:57:47 +0000 Subject: [PATCH 073/148] Bump valkey from 6.1.0 to 6.1.1 (#11404) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [valkey](https://github.com/valkey-io/valkey-py) from 6.1.0 to 6.1.1.
Release notes

Sourced from valkey's releases.

v6.1.1

What's Changed

New Contributors

Full Changelog: https://github.com/valkey-io/valkey-py/compare/v6.1.0...v6.1.1

v6.1.1b3

What's Changed

Full Changelog: https://github.com/valkey-io/valkey-py/compare/v6.1.1b2...v6.1.1b3

v6.1.1b2

What's Changed

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=valkey&package-manager=pip&previous-version=6.1.0&new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 83236eb7d28..750225be516 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -286,7 +286,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # via # -r requirements/base.in # -r requirements/lint.in -valkey==6.1.0 +valkey==6.1.1 # via -r requirements/lint.in virtualenv==20.33.1 # via pre-commit diff --git a/requirements/dev.txt b/requirements/dev.txt index f60f3465c11..5ec46ec58b7 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -277,7 +277,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # via # -r requirements/base.in # -r requirements/lint.in -valkey==6.1.0 +valkey==6.1.1 # via -r requirements/lint.in virtualenv==20.33.1 # via pre-commit diff --git a/requirements/lint.txt b/requirements/lint.txt index d952d046049..8aa7ce7e5cc 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -113,7 +113,7 @@ typing-inspection==0.4.1 # via pydantic uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in -valkey==6.1.0 +valkey==6.1.1 # via -r requirements/lint.in virtualenv==20.33.1 # via pre-commit From 851690a2a610531bd9a50fd6bb8ca94b175fca20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 15:02:37 +0000 Subject: [PATCH 074/148] Bump pre-commit from 4.2.0 to 4.3.0 (#11405) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.2.0 to 4.3.0.
Release notes

Sourced from pre-commit's releases.

pre-commit v4.3.0

Features

Changelog

Sourced from pre-commit's changelog.

4.3.0 - 2025-08-09

Features

Commits
  • b74a22d v4.3.0
  • cc899de Merge pull request #3507 from bc-lee/dart-fix
  • 2a0bcea Downgrade Dart SDK version installed in the CI
  • f1cc7a4 Make Dart pre-commit hook compatible with the latest Dart SDKs
  • 72a3b71 Merge pull request #3504 from pre-commit/pre-commit-ci-update-config
  • c8925a4 [pre-commit.ci] pre-commit autoupdate
  • a5fe6c5 Merge pull request #3496 from ericphanson/eph/jl-startup
  • 6f1f433 Julia language: skip startup.jl file
  • c681721 Merge pull request #3499 from pre-commit/pre-commit-ci-update-config
  • 4fd4537 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pre-commit&package-manager=pip&previous-version=4.2.0&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 750225be516..29a3acff067 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -144,7 +144,7 @@ pluggy==1.6.0 # via # pytest # pytest-cov -pre-commit==4.2.0 +pre-commit==4.3.0 # via -r requirements/lint.in propcache==0.3.2 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 5ec46ec58b7..a924cfd7c8e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -141,7 +141,7 @@ pluggy==1.6.0 # via # pytest # pytest-cov -pre-commit==4.2.0 +pre-commit==4.3.0 # via -r requirements/lint.in propcache==0.3.2 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 8aa7ce7e5cc..ad692450447 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -59,7 +59,7 @@ platformdirs==4.3.8 # via virtualenv pluggy==1.6.0 # via pytest -pre-commit==4.2.0 +pre-commit==4.3.0 # via -r requirements/lint.in pycares==4.10.0 # via aiodns From 9c42778ad5d2d005bdfa90f17d606e14ba34d186 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 15:10:07 +0000 Subject: [PATCH 075/148] Bump charset-normalizer from 3.4.2 to 3.4.3 (#11406) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3.
Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Commits
  • 46f662d Release 3.4.3 (#638)
  • 1a059b2 :wrench: skip building on freethreaded as we're not confident it is stable
  • 2275e3d :pencil: final note in CHANGELOG.md
  • c96acdf :pencil: update release date on CHANGELOG.md
  • 43e5460 :pencil: update README.md
  • f277074 :wrench: automatically lower confidence on small bytes str on non Unicode res...
  • 15ae241 :bug: automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
  • 37397c1 :wrench: enable 3.14 in nox test_mypyc session
  • cb82537 :rewind: revert license due to compat python 3.7 issue setuptools
  • 6a2efeb :art: fix linter errors
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=charset-normalizer&package-manager=pip&previous-version=3.4.2&new-version=3.4.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 29a3acff067..5d5f3433ca2 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -43,7 +43,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests cherry-picker==2.5.0 # via -r requirements/dev.in diff --git a/requirements/dev.txt b/requirements/dev.txt index a924cfd7c8e..b4b67691e92 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -43,7 +43,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests cherry-picker==2.5.0 # via -r requirements/dev.in diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index b052bf7ce1f..23f3f4cfff8 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -12,7 +12,7 @@ babel==2.17.0 # via sphinx certifi==2025.8.3 # via requests -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests click==8.1.8 # via towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index ded1ef293fd..32cb6e395d1 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -12,7 +12,7 @@ babel==2.17.0 # via sphinx certifi==2025.8.3 # via requests -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests click==8.1.8 # via towncrier From 356b91be68c9d6d2942d413b2c7868f696e937a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 16:52:15 +0000 Subject: [PATCH 076/148] Bump freezegun from 1.5.4 to 1.5.5 (#11408) Bumps [freezegun](https://github.com/spulec/freezegun) from 1.5.4 to 1.5.5.
Changelog

Sourced from freezegun's changelog.

1.5.5

  • Allow parametrized arguments called 'func' (Broken in 1.5.4)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=freezegun&package-manager=pip&previous-version=1.5.4&new-version=1.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5d5f3433ca2..72356065211 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -76,7 +76,7 @@ filelock==3.18.0 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.4 +freezegun==1.5.5 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index b4b67691e92..e2f9776e208 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -74,7 +74,7 @@ filelock==3.18.0 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.4 +freezegun==1.5.5 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index ad692450447..51635456551 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -31,7 +31,7 @@ filelock==3.18.0 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.4 +freezegun==1.5.5 # via -r requirements/lint.in identify==2.6.12 # via pre-commit diff --git a/requirements/test.txt b/requirements/test.txt index a045e3e8490..a460c971ed8 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -39,7 +39,7 @@ execnet==2.1.1 # via pytest-xdist forbiddenfruit==0.1.4 # via blockbuster -freezegun==1.5.4 +freezegun==1.5.5 # via -r requirements/test.in frozenlist==1.7.0 # via From 4cc2894c2a160fb97234bf39469edf31fedc94bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 16:44:05 +0000 Subject: [PATCH 077/148] Bump identify from 2.6.12 to 2.6.13 (#11414) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.12 to 2.6.13.
Commits
  • af4da9c v2.6.13
  • bdf9c05 Merge pull request #530 from dirtcrusher/feature/special_cpp_extensions
  • 1a6b03c Added C++ 'ipp' and 'tpp' file extensions
  • 1a3399b Merge pull request #529 from pre-commit/pre-commit-ci-update-config
  • 1097f76 [pre-commit.ci] pre-commit autoupdate
  • bbfa578 Merge pull request #528 from pre-commit/pre-commit-ci-update-config
  • 536d751 [pre-commit.ci] pre-commit autoupdate
  • e1c38fe Merge pull request #526 from pre-commit/pre-commit-ci-update-config
  • d084d03 [pre-commit.ci] pre-commit autoupdate
  • 40af39f Merge pull request #524 from pre-commit/pre-commit-ci-update-config
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.12&new-version=2.6.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 72356065211..f891ea44880 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -88,7 +88,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.12 +identify==2.6.13 # via pre-commit idna==3.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index e2f9776e208..d21f75e2a09 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -86,7 +86,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.12 +identify==2.6.13 # via pre-commit idna==3.4 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 51635456551..eb0e497c332 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -33,7 +33,7 @@ forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 # via -r requirements/lint.in -identify==2.6.12 +identify==2.6.13 # via pre-commit idna==3.7 # via trustme From cb74c7d25f1caf2359b1215be7374d9cee041948 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 19:19:19 +0000 Subject: [PATCH 078/148] Bump actions/checkout from 4 to 5 (#11420) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 14 +++++++------- .github/workflows/codeql.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 1019b3cd47b..d323ba796d9 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -32,7 +32,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: >- @@ -92,7 +92,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Cache llhttp generated files @@ -145,7 +145,7 @@ jobs: continue-on-error: ${{ matrix.experimental }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Setup Python ${{ matrix.pyver }} @@ -244,7 +244,7 @@ jobs: timeout-minutes: 9 steps: - name: Checkout project - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Setup Python 3.13.2 @@ -309,7 +309,7 @@ jobs: needs: pre-deploy steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Setup Python @@ -373,7 +373,7 @@ jobs: musl: musllinux steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Set up QEMU @@ -444,7 +444,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Login diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 601d45a35ad..be954079132 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 From 45b4ac67bdd816780a2f62ad224c857a9d743466 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 21:05:00 +0000 Subject: [PATCH 079/148] Bump multidict from 6.6.3 to 6.6.4 (#11424) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [multidict](https://github.com/aio-libs/multidict) from 6.6.3 to 6.6.4.
Release notes

Sourced from multidict's releases.

6.6.4

Bug fixes

  • Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them -- by :user:Vizonex

    Related issues and pull requests on GitHub: #1233.

Contributor-facing changes

  • The type preciseness coverage report generated by MyPy <https://mypy-lang.org>__ is now uploaded to Coveralls <https://coveralls.io/github/aio-libs/multidict>__ and will not be included in the Codecov views <https://app.codecov.io/gh/aio-libs/multidict>__ going forward -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #1122, #1231.

  • Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims. -- by :user:Vizonex

    Related issues and pull requests on GitHub: #1233.

Changelog

Sourced from multidict's changelog.

6.6.4

(2025-08-11)

Bug fixes

  • Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them -- by :user:Vizonex

    Related issues and pull requests on GitHub: :issue:1233.

Contributor-facing changes

  • The type preciseness coverage report generated by MyPy <https://mypy-lang.org>__ is now uploaded to Coveralls <https://coveralls.io/github/aio-libs/multidict>__ and will not be included in the Codecov views <https://app.codecov.io/gh/aio-libs/multidict>__ going forward -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:1122, :issue:1231.

  • Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims. -- by :user:Vizonex

    Related issues and pull requests on GitHub: :issue:1233.

Commits
  • e0e61c2 Release 6.6.4 (#1234)
  • 820631f Fix Memory leaks and add tests to prevent memory leaks during md_clear from p...
  • 00e3803 Merge branch 'maintenance/1122-coveralls-mypy'
  • 736f179 📝 Add a change note for PR #1231
  • 19f085e 🩹 Drop MyPy 3.9 ref from the linters workflow
  • 97ce0ed Move reporting MyPy type preciseness to Coveralls
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=multidict&package-manager=pip&previous-version=6.6.3&new-version=6.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/cython.txt | 2 +- requirements/dev.txt | 2 +- requirements/multidict.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index b78f83bc491..420e4dedfa4 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -26,7 +26,7 @@ gunicorn==23.0.0 # via -r requirements/base.in idna==3.4 # via yarl -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f891ea44880..ebc0bf5af25 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -113,7 +113,7 @@ markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/multidict.in # -r requirements/runtime-deps.in diff --git a/requirements/cython.txt b/requirements/cython.txt index c76c088578c..b80de4842de 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -6,7 +6,7 @@ # cython==3.1.2 # via -r requirements/cython.in -multidict==6.6.3 +multidict==6.6.4 # via -r requirements/multidict.in typing-extensions==4.14.1 # via multidict diff --git a/requirements/dev.txt b/requirements/dev.txt index d21f75e2a09..0182c897d42 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -111,7 +111,7 @@ markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/multidict.txt b/requirements/multidict.txt index 6f90d5c4c34..8330b558883 100644 --- a/requirements/multidict.txt +++ b/requirements/multidict.txt @@ -4,7 +4,7 @@ # # pip-compile --allow-unsafe --output-file=requirements/multidict.txt --resolver=backtracking --strip-extras requirements/multidict.in # -multidict==6.6.3 +multidict==6.6.4 # via -r requirements/multidict.in typing-extensions==4.14.1 # via multidict diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 6a089405135..861ebe0b196 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -24,7 +24,7 @@ frozenlist==1.7.0 # aiosignal idna==3.10 # via yarl -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test.txt b/requirements/test.txt index a460c971ed8..e4f4ae2d1ec 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -59,7 +59,7 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl From a3739bfcac4769fd726093b01ff99eaba65981b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 11:29:04 +0000 Subject: [PATCH 080/148] Bump cython from 3.1.2 to 3.1.3 (#11427) Bumps [cython](https://github.com/cython/cython) from 3.1.2 to 3.1.3.
Changelog

Sourced from cython's changelog.

3.1.3 (2025-??-??)

Bugs fixed

  • Some method calls with 0 or 1 argument failed to use PyObject_VectorCallMethod().

  • cython.pythread_type_lock (also used as fallback for cython.pymutex) could stall on heavily contended locks. (Github issue :issue:6999)

  • C string arrays (not pointers) always coerced to the Python default string type, even on explicit casts to other string types. (Github issue :issue:7020)

  • An internal C function was not marked as static and leaked a linker symbol. (Github issue :issue:6957)

  • Compatibility with PyPy3.8 was lost by accident.

  • The Linux binary wheels of 3.1.2 used SSSE3 CPU instructions which are not available on some CPUs. (Github issue :issue:7038)

Commits
  • 8a1b3c1 Build: Explicitly exclude GraalPython and Freethreaded Python wheels because ...
  • c1a622f Update changelog.
  • 68ff5dc Fix code-generation with walrus+literals (GH-6989)
  • 85aeae1 Fix bug with tokenizing apparent named character literals in raw string (#7057)
  • 308c3f9 Build: Exclude freethreading Python wheels in 3.1.x because we currently use ...
  • 0edc673 Build: Fix matrix generation.
  • f95a8ba Build: Use latest cibuildwheel to include Py3.14.
  • 968aecf Prepare release of 3.1.3.
  • 9cee731 Update changelog.
  • d4cb2fd Build: Do not require wheel for building (GH-7084)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cython&package-manager=pip&previous-version=3.1.2&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/cython.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ebc0bf5af25..91cc0da10a5 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -62,7 +62,7 @@ cryptography==45.0.6 # via # pyjwt # trustme -cython==3.1.2 +cython==3.1.3 # via -r requirements/cython.in distlib==0.4.0 # via virtualenv diff --git a/requirements/cython.txt b/requirements/cython.txt index b80de4842de..792988a9814 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -4,7 +4,7 @@ # # pip-compile --allow-unsafe --output-file=requirements/cython.txt --resolver=backtracking --strip-extras requirements/cython.in # -cython==3.1.2 +cython==3.1.3 # via -r requirements/cython.in multidict==6.6.4 # via -r requirements/multidict.in From 86b43b5afaaec7d643a5b8e878d7fc6bb0659a7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 11:28:16 +0000 Subject: [PATCH 081/148] Bump virtualenv from 20.33.1 to 20.34.0 (#11429) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.33.1 to 20.34.0.
Release notes

Sourced from virtualenv's releases.

20.34.0

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.33.1...20.34.0

Changelog

Sourced from virtualenv's changelog.

v20.34.0 (2025-08-13)

Features - 20.34.0

- Abstract out caching in discovery - by :user:`esafak`.
  Decouple `FileCache` from `py_info` (discovery) - by :user:`esafak`.
  Remove references to py_info in FileCache - by :user:`esafak`.
  Decouple discovery from creator plugins - by :user:`esafak`.
Decouple discovery by duplicating info utils - by :user:`esafak`.
(:issue:`2074`)
- Add PyPy 3.11 support. Contributed by :user:`esafak`. (:issue:`2932`)

Bugfixes - 20.34.0

  • Upgrade embedded wheel pip to 25.2 from 25.1.1 - by :user:gaborbernat. (:issue:2333)
  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)
  • Python in PATH takes precedence over uv-managed python. Contributed by :user:edgarrmondragon. (:issue:2952)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.33.1&new-version=20.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 3 ++- requirements/dev.txt | 3 ++- requirements/lint.txt | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 91cc0da10a5..26c97561340 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -276,6 +276,7 @@ typing-extensions==4.14.1 # pydantic-core # python-on-whales # typing-inspection + # virtualenv typing-inspection==0.4.1 # via pydantic uritemplate==4.2.0 @@ -288,7 +289,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.1.1 # via -r requirements/lint.in -virtualenv==20.33.1 +virtualenv==20.34.0 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 0182c897d42..d71ac52f461 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -267,6 +267,7 @@ typing-extensions==4.14.1 # pydantic-core # python-on-whales # typing-inspection + # virtualenv typing-inspection==0.4.1 # via pydantic uritemplate==4.2.0 @@ -279,7 +280,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.1.1 # via -r requirements/lint.in -virtualenv==20.33.1 +virtualenv==20.34.0 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index eb0e497c332..bec6eff8bc8 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -109,13 +109,14 @@ typing-extensions==4.14.1 # pydantic-core # python-on-whales # typing-inspection + # virtualenv typing-inspection==0.4.1 # via pydantic uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.1.1 # via -r requirements/lint.in -virtualenv==20.33.1 +virtualenv==20.34.0 # via pre-commit zlib-ng==0.5.1 # via -r requirements/lint.in From e57cf506106c4631db502bb7fc9e9b6015ec48cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 12:49:35 +0200 Subject: [PATCH 082/148] Bump filelock from 3.18.0 to 3.19.1 (#11430) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.18.0 to 3.19.1.
Release notes

Sourced from filelock's releases.

3.19.1

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.19.0...3.19.1

3.19.0

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.18.0...3.19.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.18.0&new-version=3.19.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 26c97561340..0be76050ce5 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -72,7 +72,7 @@ exceptiongroup==1.3.0 # via pytest execnet==2.1.1 # via pytest-xdist -filelock==3.18.0 +filelock==3.19.1 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster diff --git a/requirements/dev.txt b/requirements/dev.txt index d71ac52f461..e203cbb478c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -70,7 +70,7 @@ exceptiongroup==1.3.0 # via pytest execnet==2.1.1 # via pytest-xdist -filelock==3.18.0 +filelock==3.19.1 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster diff --git a/requirements/lint.txt b/requirements/lint.txt index bec6eff8bc8..ffca1254239 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -27,7 +27,7 @@ distlib==0.4.0 # via virtualenv exceptiongroup==1.3.0 # via pytest -filelock==3.18.0 +filelock==3.19.1 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster From 955d2cb21830700c86674f91f00503b6e56a8f25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 16:17:15 +0000 Subject: [PATCH 083/148] Bump coverage from 7.10.3 to 7.10.4 (#11434) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.3 to 7.10.4.
Changelog

Sourced from coverage's changelog.

Version 7.10.4 — 2025-08-16

  • Added patch = fork for times when the built-in forking support is insufficient.

  • Fix: patch = execv also inherits the entire coverage configuration now.

.. _changes_7-10-3:

Commits
  • 1cd29f2 docs: sample HTML for 7.10.4
  • 92a91e9 docs: prep for 7.10.4
  • 9ee6390 debug: more details in debug messages
  • 6af8a5d feat: patch=fork
  • 0eb292d refactor: a nicer way to inject config from the environment
  • 183cd9b build: tweaks to how the python build is bannered for tox
  • 6c2fb87 chore: make upgrade
  • a22436c test: since 62434e79 we don't need to account for .tox
  • 4ab4bb0 test: add a test for env var truncation
  • bf1a970 refactor: better style for constants
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.3&new-version=7.10.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 0be76050ce5..f9f6930c1b8 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.3 +coverage==7.10.4 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index e203cbb478c..ea647260e93 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.3 +coverage==7.10.4 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index e4f4ae2d1ec..22536473967 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.3 +coverage==7.10.4 # via # -r requirements/test.in # pytest-cov From e5ba781e0629c8393c1a91e7cc290b1125e6d6d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 16:30:05 +0000 Subject: [PATCH 084/148] Bump zstandard from 0.23.0 to 0.24.0 (#11436) Bumps [zstandard](https://github.com/indygreg/python-zstandard) from 0.23.0 to 0.24.0.
Release notes

Sourced from zstandard's releases.

0.24.0

Backwards Compatibility Notes

  • Support for Python 3.8 has been dropped because it reached end of life. Python 3.9 is the minimum supported Python version. The code should still be compatible with Python 3.8 and removing of version checks from setup.py will likely yield a working install. However, this is not officially supported.

Changes

  • Bundled zstd library upgraded from 1.5.6 to 1.5.7. (#255)
  • We now use and require cffi 1.17.0 or newer. Previously, the constraint was >=1.11.0 on Python <3.13.
  • The pyproject.toml file now defines a [project] section.
  • We now use GitHub's native ARM Linux runners to build wheels and run tests. Previously, Linux ARM wheels were built inside a QEMU virtualized environment and we didn't run tests on this platform.
  • We now use GitHub's native ARM Windows runners to build wheels and run tests. Previously, Windows ARM wheels were cross compiled from an x86-64 runner and we never ran tests for the Windows ARM platform.
  • We now collections.abs.Buffer on Python 3.12+ instead of typing.ByteString, as typing.ByteString was deprecated and later removed. (#238, #262)
  • PyO3 Rust crate upgraded from 0.21 to 0.22 (#257) and later to 0.24.
  • Removed CI coverage for PyPy 3.9.
  • Added CI coverage for PyPy 3.11.
  • Anaconda Windows CI builds have been disabled because we're running into an apparent conda bug.
  • Added CI coverage for Anaconda 3.12 and 3.13 on Linux and Windows x86-64 (but the Windows builds no-op due to above issue).
  • get_frame_parameters() now accepts an optional format argument defining the zstandard frame type. You can pass e.g. zstandard.FORMAT_ZSTD1_MAGICLESS to decode frames without header magic. (#217)
  • Initial Python 3.14 support. We build wheels and have CI test coverage.

Source Archive Publishing Error

During the release process of this version, we uploaded the source archive to PyPI after some wheels. PyPI rejected the source archive because of presence of a license-file entry while using metadata version 2.4. We manually generated the source distribution locally. The source distribution on PyPI therefore does not match what GitHub Actions produced.

Changelog

Sourced from zstandard's changelog.

0.24.0 (released 2025-08-17)

Changes

  • Bundled zstd library upgraded from 1.5.6 to 1.5.7. (#255)
  • We now use and require cffi 1.17.0 or newer. Previously, the constraint was >=1.11.0 on Python <3.13.
  • The pyproject.toml file now defines a [project] section.
  • We now use GitHub's native ARM Linux runners to build wheels and run tests. Previously, Linux ARM wheels were built inside a QEMU virtualized environment and we didn't run tests on this platform.
  • We now use GitHub's native ARM Windows runners to build wheels and run tests. Previously, Windows ARM wheels were cross-compiled from an x86-64 runner and we never ran tests for the Windows ARM platform.
  • We now collections.abs.Buffer on Python 3.12+ instead of typing.ByteString, as typing.ByteString was deprecated and later removed. (#238, #262)
  • PyO3 Rust crate upgraded from 0.21 to 0.22 (#257) and later to 0.24.
  • Removed CI coverage for PyPy 3.9.
  • Added CI coverage for PyPy 3.11.
  • Anaconda Windows CI builds have been disabled because we're running into an apparant conda bug.
  • Added CI coverage for Anaconda 3.12 and 3.13 on Linux and Windows x86-64 (but the Windows builds no-op due to above issue).
  • get_frame_parameters() now accepts an optional format argument defining the zstandard frame type. You can pass e.g. zstandard.FORMAT_ZSTD1_MAGICLESS to decode frames without header magic. (#217)
  • Initial Python 3.14 support. We build wheels and have CI test coverage.

Backwards Compatibility Notes

  • Support for Python 3.8 has been dropped because it reached end of life. Python 3.9 is the minimum supported Python version. The code should still be compatible with Python 3.7 and removing of version checks from setup.py will likely yield a working install. However, this is not officially supported.
Commits
  • 9223924 global: release 0.24.0
  • b63f21e ci: remove cibuildwheel from requirements.txt
  • 724df3d build: require cffi 1.17.0
  • 58fca18 build: use static dependency metadata
  • fd95536 docs: move the potential 1.0 feature list from news.rst to `missing_feature...
  • a32e7a6 docs: fix incorrect dict_id() reference
  • 4110f71 ci: add Python 3.14 wheels and test coverage
  • c950bbf ci: upgrade macOS wheel environment to Python 3.13
  • 075f8ca docs: add top-level docs section for One-Shot APIs
  • 7312fae frameparams: support defining frame format for get_frame_parameters()
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zstandard&package-manager=pip&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 420e4dedfa4..bcc7abad656 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -48,5 +48,5 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # via -r requirements/base.in yarl==1.20.1 # via -r requirements/runtime-deps.in -zstandard==0.23.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f9f6930c1b8..b392f38e87d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -301,7 +301,7 @@ zlib-ng==0.5.1 # via # -r requirements/lint.in # -r requirements/test.in -zstandard==0.23.0 ; implementation_name == "cpython" +zstandard==0.24.0 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/runtime-deps.in diff --git a/requirements/dev.txt b/requirements/dev.txt index ea647260e93..d3961620121 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -292,7 +292,7 @@ zlib-ng==0.5.1 # via # -r requirements/lint.in # -r requirements/test.in -zstandard==0.23.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via # -r requirements/lint.in # -r requirements/runtime-deps.in diff --git a/requirements/lint.txt b/requirements/lint.txt index ffca1254239..79bad840d11 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -120,5 +120,5 @@ virtualenv==20.34.0 # via pre-commit zlib-ng==0.5.1 # via -r requirements/lint.in -zstandard==0.23.0 ; implementation_name == "cpython" +zstandard==0.24.0 ; implementation_name == "cpython" # via -r requirements/lint.in diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 861ebe0b196..a0b986a7dde 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -42,5 +42,5 @@ typing-extensions==4.14.1 # multidict yarl==1.20.1 # via -r requirements/runtime-deps.in -zstandard==0.23.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index 22536473967..96d1958c46d 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -153,5 +153,5 @@ yarl==1.20.1 # via -r requirements/runtime-deps.in zlib-ng==0.5.1 # via -r requirements/test.in -zstandard==0.23.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in From 48b5a7d181059d623e7c0f70a08312f6c0f3c2f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Aug 2025 11:43:41 +0000 Subject: [PATCH 085/148] Bump pypa/cibuildwheel from 3.1.2 to 3.1.4 (#11443) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 3.1.2 to 3.1.4.
Release notes

Sourced from pypa/cibuildwheel's releases.

v3.1.4

  • ✨ Add a --clean-cache command to clean up our cache (#2489)
  • 🛠 Update Python to 3.14rc2 and other patch version bumps (#2542, #2556)
  • 🛠 Update Pyodide to 0.28.2 (#2562, #2558)
  • 🐛 Fix resolution with pyodide-build when dependency-versions is set (#2548)
  • 🐛 Set CMAKE_FIND_ROOT_PATH_MODE_PACKAGE to BOTH on Android (#2547)
  • 🐛 Add patchelf dependency for platforms that can build Android wheels (#2552)
  • 🐛 Ignore empty values for CIBW_ARCHS like most other environment variables (#2541)
  • 💼 The color and suggest_on_error argparse options are now default in 3.14rc1+ (#2554)
  • 💼 Use the virtualenv release URL instead of blob URL (should be more robust) (#2555)
  • 🧪 For iOS, lowering to macos-14 is needed for now due to issues with GitHub's runner images (#2557)
  • 🧪 Split out platforms iOS and Android in our tests (#2519)
  • 🧪 Fix and enable doctests (#2546)
  • 📚 Improve our docs on free-threading (#2549)

v3.1.3

  • 🐛 Fix bug where "latest" dependencies couldn't update to pip 25.2 on Windows (#2537)
  • 🧪 Use pytest-rerunfailures to improve some of our iOS/Android tests (#2527, #2539)
  • 🧪 Remove some GraalPy Windows workarounds in our tests (#2501)
Changelog

Sourced from pypa/cibuildwheel's changelog.

v3.1.4

19 August 2025

  • ✨ Add a --clean-cache command to clean up our cache (#2489)
  • 🛠 Update Python to 3.14rc2 and other patch version bumps (#2542, #2556)
  • 🛠 Update Pyodide to 0.28.2 (#2562, #2558)
  • 🐛 Fix resolution with pyodide-build when dependency-versions is set (#2548)
  • 🐛 Set CMAKE_FIND_ROOT_PATH_MODE_PACKAGE to BOTH on Android (#2547)
  • 🐛 Add patchelf dependency for platforms that can build Android wheels (#2552)
  • 🐛 Ignore empty values for CIBW_ARCHS like most other environment variables (#2541)
  • 💼 The color and suggest_on_error argparse options are now default in 3.14rc1+ (#2554)
  • 💼 Use the virtualenv release URL instead of blob URL (should be more robust) (#2555)
  • 🧪 For iOS, lowering to macos-14 is needed for now due to issues with GitHub's runner images (#2557)
  • 🧪 Split out platforms iOS and Android in our tests (#2519)
  • 🧪 Fix and enable doctests (#2546)
  • 📚 Improve our docs on free-threading (#2549)

v3.1.3

1 August 2025

  • 🐛 Fix bug where "latest" dependencies couldn't update to pip 25.2 on Windows (#2537)
  • 🧪 Use pytest-rerunfailures to improve some of our iOS/Android tests (#2527, #2539)
  • 🧪 Remove some GraalPy Windows workarounds in our tests (#2501)
Commits
  • c923d83 Bump version: v3.1.4
  • 55ee8e4 chore: bump to Pyodide 0.28.2 (#2562)
  • afe486c feat: add a --clean-cache command to clean up locations specified at `CIBW_...
  • 1c1ba8a [pre-commit.ci] pre-commit autoupdate (#2561)
  • 33b75f4 chore: extend CODEOWNERS file to include platform-specific constraints files ...
  • c59c2fe [Bot] Update dependencies (#2556)
  • 24b64c5 chore: update Pyodide constraints (#2558)
  • 6425e48 docs: minor doc link fix (#2560)
  • 0264b4d Revert to macOS-14 image for ARM64 iOS testing (#2557)
  • 68f9762 chore: Use the virtualenv release URL rather than the blob URL (#2555)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=3.1.2&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index d323ba796d9..4c37fcf1c19 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -414,7 +414,7 @@ jobs: run: | make cythonize - name: Build wheels - uses: pypa/cibuildwheel@v3.1.2 + uses: pypa/cibuildwheel@v3.1.4 env: CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }} CIBW_ARCHS_MACOS: x86_64 arm64 universal2 From 90c6134931a64d40e85ad1a26c53ff1fbd0a2fe5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 11:22:40 +0000 Subject: [PATCH 086/148] Bump cherry-picker from 2.5.0 to 2.6.0 (#11445) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [cherry-picker](https://github.com/python/cherry-picker) from 2.5.0 to 2.6.0.
Release notes

Sourced from cherry-picker's releases.

cherry-picker-v2.6.0

What's Changed

Full Changelog: https://github.com/python/cherry-picker/compare/cherry-picker-v2.5.0...cherry-picker-v2.6.0

Changelog

Sourced from cherry-picker's changelog.

2.6.0

Commits
  • beb1939 Update changelog for 2.6.0 (#161)
  • cdae289 Check commit count against upstream (#156)
  • 3c84cda Use PEP 639 licence expression and remove deprecated Trove classifier (#160)
  • 3a6a9ea [pre-commit.ci] pre-commit autoupdate (#157)
  • cb7fdc1 Revert "Ignore Jinja2 CVE warning in safety dep (#129)" after upstream fix ...
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cherry-picker&package-manager=pip&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b392f38e87d..2862c73e3a8 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -45,7 +45,7 @@ cfgv==3.4.0 # via pre-commit charset-normalizer==3.4.3 # via requests -cherry-picker==2.5.0 +cherry-picker==2.6.0 # via -r requirements/dev.in click==8.1.8 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index d3961620121..de2210a1a50 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -45,7 +45,7 @@ cfgv==3.4.0 # via pre-commit charset-normalizer==3.4.3 # via requests -cherry-picker==2.5.0 +cherry-picker==2.6.0 # via -r requirements/dev.in click==8.1.8 # via From 82a63634b85684f938a684b32e4b12491087d4ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 11:34:39 +0000 Subject: [PATCH 087/148] Bump requests from 2.32.4 to 2.32.5 (#11440) Bumps [requests](https://github.com/psf/requests) from 2.32.4 to 2.32.5.
Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • b25c87d v2.32.5
  • 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
  • b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
  • 46e939b Update publish workflow to use artifact-id instead of name
  • 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
  • 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
  • 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
  • fec96cd Update Makefile rules (#6996)
  • d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
  • 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.4&new-version=2.32.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 2862c73e3a8..097a7d24072 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -207,7 +207,7 @@ re-assert==1.1.0 # via -r requirements/test.in regex==2025.7.34 # via re-assert -requests==2.32.4 +requests==2.32.5 # via # cherry-picker # sphinx diff --git a/requirements/dev.txt b/requirements/dev.txt index de2210a1a50..2f03ac4d835 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -202,7 +202,7 @@ re-assert==1.1.0 # via -r requirements/test.in regex==2025.7.34 # via re-assert -requests==2.32.4 +requests==2.32.5 # via # cherry-picker # sphinx diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 23f3f4cfff8..c5a8cc7c96e 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -34,7 +34,7 @@ pyenchant==3.2.2 # via sphinxcontrib-spelling pygments==2.19.2 # via sphinx -requests==2.32.4 +requests==2.32.5 # via # sphinx # sphinxcontrib-spelling diff --git a/requirements/doc.txt b/requirements/doc.txt index 32cb6e395d1..aa4e0420cf1 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -32,7 +32,7 @@ packaging==25.0 # via sphinx pygments==2.19.2 # via sphinx -requests==2.32.4 +requests==2.32.5 # via sphinx snowballstemmer==3.0.1 # via sphinx From 1a4e503e4e9a03183a0d0ef9eb3bb51961563cdc Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 24 Aug 2025 18:52:29 +0100 Subject: [PATCH 088/148] [PR #11425/6d76b651 backport][3.13] Start building riscv64 platform wheels in CI/CD (v2 PR with upstream cibuildwheel support) (#11446) **This is a backport of PR #11425 as merged into master (6d76b651b2c1e99be0de733aee733874be4a698a).** Co-authored-by: E Shattow --- .github/workflows/ci-cd.yml | 6 ++++++ CHANGES/11425.packaging.rst | 1 + docs/spelling_wordlist.txt | 1 + 3 files changed, 8 insertions(+) create mode 100644 CHANGES/11425.packaging.rst diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 4c37fcf1c19..98c93b75524 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -355,6 +355,12 @@ jobs: - os: ubuntu-latest qemu: ppc64le musl: musllinux + - os: ubuntu-latest + qemu: riscv64 + musl: "" + - os: ubuntu-latest + qemu: riscv64 + musl: musllinux - os: ubuntu-latest qemu: s390x musl: "" diff --git a/CHANGES/11425.packaging.rst b/CHANGES/11425.packaging.rst new file mode 100644 index 00000000000..a3cad5f6d96 --- /dev/null +++ b/CHANGES/11425.packaging.rst @@ -0,0 +1 @@ +Added ``riscv64`` build to releases -- by :user:`eshattow`. diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 399630356d9..ec31a3c8806 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -287,6 +287,7 @@ resolvehost resolvers reusage reuseconn +riscv64 Runit runtime runtimes From 2b27ebae908611a0d24b81cc936b02eff754c03d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 19:20:00 +0000 Subject: [PATCH 089/148] Bump coverage from 7.10.4 to 7.10.5 (#11448) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.4 to 7.10.5.
Changelog

Sourced from coverage's changelog.

Version 7.10.5 — 2025-08-23

  • Big speed improvements for coverage combine: it's now about twice as fast! Huge thanks to Alex Gaynor for pull requests 2032 <pull 2032_>, 2033 <pull 2033_>, and 2034 <pull 2034_>_.

.. _pull 2032: nedbat/coveragepy#2032 .. _pull 2033: nedbat/coveragepy#2033 .. _pull 2034: nedbat/coveragepy#2034

.. _changes_7-10-4:

Commits
  • 810abeb chore: make upgrade
  • 3c8f1b5 build: use --universal to keep platform conditions in .pip files
  • 107ae05 docs: sample HTML for 7.10.5
  • b5bc6d4 docs: prep for 7.10.5
  • a5c18cc style: auto-generated changes shouldn't trigger ruff re-formatting
  • 1f9f840 build: tooling for ruff formatting
  • 9ee5b3e chore: make upgrade
  • bfeb2ae style: fix things so pylint is happy with ruff
  • 82467f7 chore: ruff format .
  • 0a7b733 refactor: remove unused things from lab/
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.4&new-version=7.10.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 097a7d24072..b2868dba223 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.4 +coverage==7.10.5 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 2f03ac4d835..9813bda54f3 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.4 +coverage==7.10.5 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 96d1958c46d..4dfd28d9193 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.4 +coverage==7.10.5 # via # -r requirements/test.in # pytest-cov From a0ba5230991c0c12160f28cbf7718a41f0b5287b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Aug 2025 06:29:41 +0000 Subject: [PATCH 090/148] Bump typing-extensions from 4.14.1 to 4.15.0 (#11450) Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.14.1 to 4.15.0.
Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typing-extensions&package-manager=pip&previous-version=4.14.1&new-version=4.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/cython.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/multidict.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index bcc7abad656..ea6669c5a50 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -40,7 +40,7 @@ pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via # aiosignal # multidict diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b2868dba223..5542a363f10 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -266,7 +266,7 @@ trustme==1.2.1 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via # aiosignal # exceptiongroup diff --git a/requirements/cython.txt b/requirements/cython.txt index 792988a9814..6cc5519997d 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -8,5 +8,5 @@ cython==3.1.3 # via -r requirements/cython.in multidict==6.6.4 # via -r requirements/multidict.in -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via multidict diff --git a/requirements/dev.txt b/requirements/dev.txt index 9813bda54f3..2e041fe058b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -257,7 +257,7 @@ trustme==1.2.1 ; platform_machine != "i686" # via # -r requirements/lint.in # -r requirements/test.in -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via # aiosignal # exceptiongroup diff --git a/requirements/lint.txt b/requirements/lint.txt index 79bad840d11..f19f7971d25 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -101,7 +101,7 @@ tomli==2.2.1 # slotscheck trustme==1.2.1 # via -r requirements/lint.in -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via # exceptiongroup # mypy diff --git a/requirements/multidict.txt b/requirements/multidict.txt index 8330b558883..04a7f1fc117 100644 --- a/requirements/multidict.txt +++ b/requirements/multidict.txt @@ -6,5 +6,5 @@ # multidict==6.6.4 # via -r requirements/multidict.in -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via multidict diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index a0b986a7dde..448c5a33a81 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -36,7 +36,7 @@ pycares==4.10.0 # via aiodns pycparser==2.22 # via cffi -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via # aiosignal # multidict diff --git a/requirements/test.txt b/requirements/test.txt index 4dfd28d9193..8fe5d787a5f 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -133,7 +133,7 @@ tomli==2.2.1 # pytest trustme==1.2.1 ; platform_machine != "i686" # via -r requirements/test.in -typing-extensions==4.14.1 +typing-extensions==4.15.0 # via # aiosignal # exceptiongroup From 09f897ea29a097cff2ca1da37a654d42ee42c9b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 06:34:38 +0000 Subject: [PATCH 091/148] Bump towncrier from 24.8.0 to 25.8.0 (#11455) Bumps [towncrier](https://github.com/twisted/towncrier) from 24.8.0 to 25.8.0.
Release notes

Sourced from towncrier's releases.

Towncrier 25.8.0

towncrier 25.8.0 (2025-08-30)

Features

  • Support was added for Mercurial SCM. ([#394](https://github.com/twisted/towncrier/issues/394) <https://github.com/twisted/towncrier/issues/394>_)
  • The towncrier check command now has a --staged flag to inspect the files staged for commit when checking for a news fragment: useful in a pre-commit hook ([#676](https://github.com/twisted/towncrier/issues/676) <https://github.com/twisted/towncrier/issues/676>_)
  • When used with an pyproject.toml file, when no explicit values are defined for [tool.towncrier.name|package] they will now fallback to the value of [project.name]. ([#687](https://github.com/twisted/towncrier/issues/687) <https://github.com/twisted/towncrier/issues/687>_)
  • More simple configuration for Keep a Changelog style changelogs ([#691](https://github.com/twisted/towncrier/issues/691) <https://github.com/twisted/towncrier/issues/691>_)
  • Added support for Python 3.13 and removed support for Python 3.8. ([#700](https://github.com/twisted/towncrier/issues/700) <https://github.com/twisted/towncrier/issues/700>_)

Bugfixes

  • Multi-line newsfragments that ends with a code block will now have a newline inserted before appending the link to the issue, to avoid breaking formatting. ([#614](https://github.com/twisted/towncrier/issues/614) <https://github.com/twisted/towncrier/issues/614>_)
  • Markdown header level is correctly inferred from title_format. ([#695](https://github.com/twisted/towncrier/issues/695) <https://github.com/twisted/towncrier/issues/695>_)

Improved Documentation

  • The documentation RST source files are now included in the sdist package. ([#672](https://github.com/twisted/towncrier/issues/672) <https://github.com/twisted/towncrier/issues/672>_)
  • Refactor the default markdown template to make it easier to understand, extend, and customize. ([#706](https://github.com/twisted/towncrier/issues/706) <https://github.com/twisted/towncrier/issues/706>_)

Deprecations and Removals

  • When no sections are present, the default Markdown template now renders the category headers as H2. In previous versions it was rendered as H3. ([#663](https://github.com/twisted/towncrier/issues/663) <https://github.com/twisted/towncrier/issues/663>_)

Misc

  • [#667](https://github.com/twisted/towncrier/issues/667) <https://github.com/twisted/towncrier/issues/667>, [#669](https://github.com/twisted/towncrier/issues/669) <https://github.com/twisted/towncrier/issues/669>, [#679](https://github.com/twisted/towncrier/issues/679) <https://github.com/twisted/towncrier/issues/679>, [#680](https://github.com/twisted/towncrier/issues/680) <https://github.com/twisted/towncrier/issues/680>, [#682](https://github.com/twisted/towncrier/issues/682) <https://github.com/twisted/towncrier/issues/682>, [#701](https://github.com/twisted/towncrier/issues/701) <https://github.com/twisted/towncrier/issues/701>, [#702](https://github.com/twisted/towncrier/issues/702) <https://github.com/twisted/towncrier/issues/702>, [#713](https://github.com/twisted/towncrier/issues/713) <https://github.com/twisted/towncrier/issues/713>

Towncrier 25.8.0rc2

towncrier 25.8.0rc2 (2025-08-15)

Features

... (truncated)

Changelog

Sourced from towncrier's changelog.

towncrier 25.8.0 (2025-08-30)

No significant changes since the previous release candidate.

Features

  • Support was added for Mercurial SCM. ([#394](https://github.com/twisted/towncrier/issues/394) <https://github.com/twisted/towncrier/issues/394>_)
  • The :command:towncrier check command now has a --staged flag to inspect the files staged for commit when checking for a news fragment: useful in a pre-commit hook ([#676](https://github.com/twisted/towncrier/issues/676) <https://github.com/twisted/towncrier/issues/676>_)
  • When used with an :file:pyproject.toml file, when no explicit values are defined for [tool.towncrier.name|package] they will now fallback to the value of [project.name]. ([#687](https://github.com/twisted/towncrier/issues/687) <https://github.com/twisted/towncrier/issues/687>_)
  • The directory configuration option is no longer required. It can now be generated based on value from the name configuration. ([#691](https://github.com/twisted/towncrier/issues/691) <https://github.com/twisted/towncrier/issues/691>_)
  • Added support for Python 3.13 and removed support for Python 3.8. ([#700](https://github.com/twisted/towncrier/issues/700) <https://github.com/twisted/towncrier/issues/700>_)

Bugfixes

  • Multi-line news fragments that end with a code block will now have a newline inserted before appending the link to the issue, to avoid breaking formatting. ([#614](https://github.com/twisted/towncrier/issues/614) <https://github.com/twisted/towncrier/issues/614>_)
  • Markdown header level is correctly inferred from title_format. ([#695](https://github.com/twisted/towncrier/issues/695) <https://github.com/twisted/towncrier/issues/695>_)

Improved Documentation

  • The documentation RST source files are now included in the sdist package. ([#672](https://github.com/twisted/towncrier/issues/672) <https://github.com/twisted/towncrier/issues/672>_)
  • Refactor the default markdown template to make it easier to understand, extend, and customize. ([#706](https://github.com/twisted/towncrier/issues/706) <https://github.com/twisted/towncrier/issues/706>_)

Deprecations and Removals

  • Support for Python 3.8 was removed. ([#700](https://github.com/twisted/towncrier/issues/700) <https://github.com/twisted/towncrier/issues/700>_)
  • When no sections are present, the default Markdown template now renders the category headers as H2. In previous versions it was rendered as H3. ([#663](https://github.com/twisted/towncrier/issues/663) <https://github.com/twisted/towncrier/issues/663>_)

Misc

  • [#667](https://github.com/twisted/towncrier/issues/667) <https://github.com/twisted/towncrier/issues/667>, [#669](https://github.com/twisted/towncrier/issues/669) <https://github.com/twisted/towncrier/issues/669>, [#679](https://github.com/twisted/towncrier/issues/679) <https://github.com/twisted/towncrier/issues/679>, [#680](https://github.com/twisted/towncrier/issues/680) <https://github.com/twisted/towncrier/issues/680>, [#682](https://github.com/twisted/towncrier/issues/682) <https://github.com/twisted/towncrier/issues/682>, [#701](https://github.com/twisted/towncrier/issues/701) <https://github.com/twisted/towncrier/issues/701>, [#702](https://github.com/twisted/towncrier/issues/702) <https://github.com/twisted/towncrier/issues/702>, [#713](https://github.com/twisted/towncrier/issues/713) <https://github.com/twisted/towncrier/issues/713>
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=towncrier&package-manager=pip&previous-version=24.8.0&new-version=25.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 5542a363f10..baa7d29f38e 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -258,7 +258,7 @@ tomli==2.2.1 # slotscheck # sphinx # towncrier -towncrier==24.8.0 +towncrier==25.8.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier diff --git a/requirements/dev.txt b/requirements/dev.txt index 2e041fe058b..dd5393707ef 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -249,7 +249,7 @@ tomli==2.2.1 # slotscheck # sphinx # towncrier -towncrier==24.8.0 +towncrier==25.8.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index c5a8cc7c96e..677358c2d92 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -65,7 +65,7 @@ tomli==2.2.1 # via # sphinx # towncrier -towncrier==24.8.0 +towncrier==25.8.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index aa4e0420cf1..e506eddedb0 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -58,7 +58,7 @@ tomli==2.2.1 # via # sphinx # towncrier -towncrier==24.8.0 +towncrier==25.8.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier From 120e07f68d5c1b599cb37f781fffb7a6072e846c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 07:36:17 +0000 Subject: [PATCH 092/148] Bump regex from 2025.7.34 to 2025.9.1 (#11459) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2025.7.34 to 2025.9.1.
Changelog

Sourced from regex's changelog.

Version: 2025.9.1

Git PR 585: Fix AttributeError: 'AnyAll' object has no
attribute '_key'

Version: 2025.8.29

Git issue 584: AttributeError: 'AnyAll' object has no
attribute 'positive'

Version: 2025.7.34

Git issue 575: Issues with ASCII/Unicode modifiers

Version: 2025.7.33

Updated main.yml and pyproject.toml.

Version: 2025.7.32

Git issue 580: Regression in v2025.7.31: \P{L} no longer
matches in simple patterns

Version: 2025.7.31

Further updates to main.yml.

Version: 2025.7.30

Updated main.yml and pyproject.toml.

Version: 2025.7.29

Git issue 572: Inline ASCII modifier doesn't seem to affect
anything

Version: 2025.5.19

Changed how main.yml skips unwanted Arch builds.

Version: 2025.5.18

Updated main.yml to build Windows ARM64/aarch64 wheel.

Updated licence text format in pyproject.toml.

Version: 2025.2.13

Dropping support for Python 3.8 and removing it from
main.yml.

Version: 2025.2.12

Further fixes to main.yml.

... (truncated)

Commits
  • 49e3881 Git PR 585: Fix AttributeError: 'AnyAll' object has no attribute '_key'
  • 183a653 Git issue 584: AttributeError: 'AnyAll' object has no attribute 'positive'
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2025.7.34&new-version=2025.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index baa7d29f38e..7a56a5d1d16 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -205,7 +205,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2025.7.34 +regex==2025.9.1 # via re-assert requests==2.32.5 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index dd5393707ef..ba7d541d81f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -200,7 +200,7 @@ pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 # via -r requirements/test.in -regex==2025.7.34 +regex==2025.9.1 # via re-assert requests==2.32.5 # via diff --git a/requirements/test.txt b/requirements/test.txt index 8fe5d787a5f..ba087c3748c 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -118,7 +118,7 @@ python-on-whales==0.78.0 # via -r requirements/test.in re-assert==1.1.0 # via -r requirements/test.in -regex==2025.7.34 +regex==2025.9.1 # via re-assert rich==14.1.0 # via pytest-codspeed From bbffc533fbb98e59046b082e57859b22b2589822 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 07:43:57 +0000 Subject: [PATCH 093/148] Bump cryptography from 45.0.6 to 45.0.7 (#11461) Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.6 to 45.0.7.
Changelog

Sourced from cryptography's changelog.

45.0.7 - 2025-09-01


* Added a function to support an upcoming ``pyOpenSSL`` release.

.. _v45-0-6:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=45.0.6&new-version=45.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 7a56a5d1d16..6c232251064 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -58,7 +58,7 @@ coverage==7.10.5 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.6 +cryptography==45.0.7 # via # pyjwt # trustme diff --git a/requirements/dev.txt b/requirements/dev.txt index ba7d541d81f..9fbc05625be 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -58,7 +58,7 @@ coverage==7.10.5 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.6 +cryptography==45.0.7 # via # pyjwt # trustme diff --git a/requirements/lint.txt b/requirements/lint.txt index f19f7971d25..bc4a86f32a1 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -21,7 +21,7 @@ cfgv==3.4.0 # via pre-commit click==8.1.8 # via slotscheck -cryptography==45.0.6 +cryptography==45.0.7 # via trustme distlib==0.4.0 # via virtualenv diff --git a/requirements/test.txt b/requirements/test.txt index ba087c3748c..09c594a2754 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -31,7 +31,7 @@ coverage==7.10.5 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.6 +cryptography==45.0.7 # via trustme exceptiongroup==1.3.0 # via pytest From 48483580e8a569e39f485972fc71ed07133ba02b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 08:02:47 +0000 Subject: [PATCH 094/148] Bump coverage from 7.10.5 to 7.10.6 (#11458) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.5 to 7.10.6.
Changelog

Sourced from coverage's changelog.

Version 7.10.6 — 2025-08-29

  • Fix: source directories were not properly communicated to subprocesses that ran in different directories, as reported in issue 1499_. This is now fixed.

  • Performance: Alex Gaynor continues fine-tuning <pull 2038_>_ the speed of combination, especially with many contexts.

.. _issue 1499: nedbat/coveragepy#1499 .. _pull 2038: nedbat/coveragepy#2038

.. _changes_7-10-5:

Commits
  • 88c55ff docs: sample HTML for 7.10.6
  • 01d8995 docs: prep for 7.10.6
  • 9b0c24f docs: thanks Alex #2038
  • 66d6910 fix: make source paths absolute where they exist. #1499
  • bb3382f build: no need for the combine/html times now
  • 9ea349a lab: warn_executed.py
  • 808c9b4 build: changing metacov.ini should trigger metacov
  • 384f5f2 build: oops, some 'if's are really line pragmas
  • a7224af perf: pre-compute the mapping between other_db.context and main.context (#2038)
  • 5c00c5b chore: bump the action-dependencies group with 3 updates (#2039)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.5&new-version=7.10.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 6c232251064..d637f3f15e0 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.5 +coverage==7.10.6 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 9fbc05625be..48cd1e9d6f7 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.5 +coverage==7.10.6 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 09c594a2754..8e27ff3b5ff 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.5 +coverage==7.10.6 # via # -r requirements/test.in # pytest-cov From 4f4b2fff6b9bf6480c69f47d22a173522b7e9a9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 13:40:17 +0000 Subject: [PATCH 095/148] Bump actions/setup-node from 4 to 5 (#11472) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Enhancement:

New Contributors

Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changeloghttps://github.com/actions/setup-node/compare/v4...v4.4.0

v4.3.0

What's Changed

Dependency updates

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 98c93b75524..430538f4759 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -103,7 +103,7 @@ jobs: path: vendor/llhttp/build - name: Setup NodeJS if: steps.cache.outputs.cache-hit != 'true' - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: 18 - name: Generate llhttp sources From 8d41e026f99c9080a3c8fa2d00667602752b0202 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 15:15:38 +0100 Subject: [PATCH 096/148] [PR #11464/945837cc backport][3.13] fix thread safety of http writer (#11469) **This is a backport of PR #11464 as merged into master (945837cc2d04341cd54df57f17444b8f9a349eb4).** Co-authored-by: Kumar Aditya --- CHANGES/11464.feature.rst | 1 + Makefile | 6 +++--- aiohttp/_http_parser.pyx | 2 -- aiohttp/_http_writer.pyx | 16 +++++++++------- 4 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 CHANGES/11464.feature.rst diff --git a/CHANGES/11464.feature.rst b/CHANGES/11464.feature.rst new file mode 100644 index 00000000000..12ebf117883 --- /dev/null +++ b/CHANGES/11464.feature.rst @@ -0,0 +1 @@ +Implemented support for free-threading builds of CPython -- by :user:`kumaraditya303`. diff --git a/Makefile b/Makefile index c6193fea9e4..cf621705e2e 100644 --- a/Makefile +++ b/Makefile @@ -59,14 +59,14 @@ aiohttp/_find_header.c: $(call to-hash,aiohttp/hdrs.py ./tools/gen.py) # Special case for reader since we want to be able to disable # the extension with AIOHTTP_NO_EXTENSIONS aiohttp/_websocket/reader_c.c: aiohttp/_websocket/reader_c.py - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror # _find_headers generator creates _headers.pyi as well aiohttp/%.c: aiohttp/%.pyx $(call to-hash,$(CYS)) aiohttp/_find_header.c - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror aiohttp/_websocket/%.c: aiohttp/_websocket/%.pyx $(call to-hash,$(CYS)) - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror vendor/llhttp/node_modules: vendor/llhttp/package.json cd vendor/llhttp; npm ci diff --git a/aiohttp/_http_parser.pyx b/aiohttp/_http_parser.pyx index f0724fcf4ca..b2ddeb30d83 100644 --- a/aiohttp/_http_parser.pyx +++ b/aiohttp/_http_parser.pyx @@ -1,5 +1,3 @@ -#cython: language_level=3 -# # Based on https://github.com/MagicStack/httptools # diff --git a/aiohttp/_http_writer.pyx b/aiohttp/_http_writer.pyx index 4a3ae1f9e68..7989c186c89 100644 --- a/aiohttp/_http_writer.pyx +++ b/aiohttp/_http_writer.pyx @@ -8,7 +8,6 @@ from libc.string cimport memcpy from multidict import istr DEF BUF_SIZE = 16 * 1024 # 16KiB -cdef char BUFFER[BUF_SIZE] cdef object _istr = istr @@ -19,16 +18,17 @@ cdef struct Writer: char *buf Py_ssize_t size Py_ssize_t pos + bint heap_allocated - -cdef inline void _init_writer(Writer* writer): - writer.buf = &BUFFER[0] +cdef inline void _init_writer(Writer* writer, char *buf): + writer.buf = buf writer.size = BUF_SIZE writer.pos = 0 + writer.heap_allocated = 0 cdef inline void _release_writer(Writer* writer): - if writer.buf != BUFFER: + if writer.heap_allocated: PyMem_Free(writer.buf) @@ -39,7 +39,7 @@ cdef inline int _write_byte(Writer* writer, uint8_t ch): if writer.pos == writer.size: # reallocate size = writer.size + BUF_SIZE - if writer.buf == BUFFER: + if not writer.heap_allocated: buf = PyMem_Malloc(size) if buf == NULL: PyErr_NoMemory() @@ -52,6 +52,7 @@ cdef inline int _write_byte(Writer* writer, uint8_t ch): return -1 writer.buf = buf writer.size = size + writer.heap_allocated = 1 writer.buf[writer.pos] = ch writer.pos += 1 return 0 @@ -125,8 +126,9 @@ def _serialize_headers(str status_line, headers): cdef Writer writer cdef object key cdef object val + cdef char buf[BUF_SIZE] - _init_writer(&writer) + _init_writer(&writer, buf) try: if _write_str(&writer, status_line) < 0: From 8a7bd004b548d1c556f358df914694575f139761 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 15:15:55 +0100 Subject: [PATCH 097/148] [PR #11464/945837cc backport][3.12] fix thread safety of http writer (#11468) **This is a backport of PR #11464 as merged into master (945837cc2d04341cd54df57f17444b8f9a349eb4).** Co-authored-by: Kumar Aditya --- CHANGES/11464.feature.rst | 1 + Makefile | 6 +++--- aiohttp/_http_parser.pyx | 2 -- aiohttp/_http_writer.pyx | 16 +++++++++------- 4 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 CHANGES/11464.feature.rst diff --git a/CHANGES/11464.feature.rst b/CHANGES/11464.feature.rst new file mode 100644 index 00000000000..12ebf117883 --- /dev/null +++ b/CHANGES/11464.feature.rst @@ -0,0 +1 @@ +Implemented support for free-threading builds of CPython -- by :user:`kumaraditya303`. diff --git a/Makefile b/Makefile index c6193fea9e4..cf621705e2e 100644 --- a/Makefile +++ b/Makefile @@ -59,14 +59,14 @@ aiohttp/_find_header.c: $(call to-hash,aiohttp/hdrs.py ./tools/gen.py) # Special case for reader since we want to be able to disable # the extension with AIOHTTP_NO_EXTENSIONS aiohttp/_websocket/reader_c.c: aiohttp/_websocket/reader_c.py - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror # _find_headers generator creates _headers.pyi as well aiohttp/%.c: aiohttp/%.pyx $(call to-hash,$(CYS)) aiohttp/_find_header.c - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror aiohttp/_websocket/%.c: aiohttp/_websocket/%.pyx $(call to-hash,$(CYS)) - cython -3 -o $@ $< -I aiohttp -Werror + cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror vendor/llhttp/node_modules: vendor/llhttp/package.json cd vendor/llhttp; npm ci diff --git a/aiohttp/_http_parser.pyx b/aiohttp/_http_parser.pyx index 16893f00e74..80ab5adda3a 100644 --- a/aiohttp/_http_parser.pyx +++ b/aiohttp/_http_parser.pyx @@ -1,5 +1,3 @@ -#cython: language_level=3 -# # Based on https://github.com/MagicStack/httptools # diff --git a/aiohttp/_http_writer.pyx b/aiohttp/_http_writer.pyx index 4a3ae1f9e68..7989c186c89 100644 --- a/aiohttp/_http_writer.pyx +++ b/aiohttp/_http_writer.pyx @@ -8,7 +8,6 @@ from libc.string cimport memcpy from multidict import istr DEF BUF_SIZE = 16 * 1024 # 16KiB -cdef char BUFFER[BUF_SIZE] cdef object _istr = istr @@ -19,16 +18,17 @@ cdef struct Writer: char *buf Py_ssize_t size Py_ssize_t pos + bint heap_allocated - -cdef inline void _init_writer(Writer* writer): - writer.buf = &BUFFER[0] +cdef inline void _init_writer(Writer* writer, char *buf): + writer.buf = buf writer.size = BUF_SIZE writer.pos = 0 + writer.heap_allocated = 0 cdef inline void _release_writer(Writer* writer): - if writer.buf != BUFFER: + if writer.heap_allocated: PyMem_Free(writer.buf) @@ -39,7 +39,7 @@ cdef inline int _write_byte(Writer* writer, uint8_t ch): if writer.pos == writer.size: # reallocate size = writer.size + BUF_SIZE - if writer.buf == BUFFER: + if not writer.heap_allocated: buf = PyMem_Malloc(size) if buf == NULL: PyErr_NoMemory() @@ -52,6 +52,7 @@ cdef inline int _write_byte(Writer* writer, uint8_t ch): return -1 writer.buf = buf writer.size = size + writer.heap_allocated = 1 writer.buf[writer.pos] = ch writer.pos += 1 return 0 @@ -125,8 +126,9 @@ def _serialize_headers(str status_line, headers): cdef Writer writer cdef object key cdef object val + cdef char buf[BUF_SIZE] - _init_writer(&writer) + _init_writer(&writer, buf) try: if _write_str(&writer, status_line) < 0: From 6e60f1afa5154c47edff70542809c3324f2d0db4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 10:38:46 +0000 Subject: [PATCH 098/148] Bump actions/github-script from 7 to 8 (#11478) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: https://github.com/actions/github-script/compare/v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/github-script/compare/v7...v7.1.0

... (truncated)

Commits
  • ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
  • 2dc352e Bold minimum Actions Runner version in README
  • 01e118c Update README for Node 24 runtime requirements
  • 8b222ac Apply suggestion from @​salmanmkc
  • adc0eea README for updating actions/github-script from v7 to v8
  • 20fe497 Merge pull request #637 from actions/node24
  • e7b7f22 update licenses
  • 2c81ba0 Update Node.js version support to 24.x
  • f28e40c Merge pull request #610 from actions/nebuk89-patch-1
  • 1ae9958 Update README.md
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=7&new-version=8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 8d9c0f6f4a2..e3f10214082 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -11,7 +11,7 @@ jobs: name: Backport label added if: ${{ github.event.pull_request.user.type != 'Bot' }} steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | From 73ee0bcaee471c26111e028028a7821672e690e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 10:48:21 +0000 Subject: [PATCH 099/148] Bump pytest from 8.4.1 to 8.4.2 (#11480) Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.1 to 8.4.2.
Release notes

Sourced from pytest's releases.

8.4.2

pytest 8.4.2 (2025-09-03)

Bug fixes

  • #13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.

  • #13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.

  • #13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

    This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.

  • #13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.

  • #13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

  • #13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

  • #13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
  • #13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
  • #13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.
Commits
  • bfae422 Prepare release version 8.4.2
  • 8990538 Fix passenv CI in tox ini and make tests insensitive to the presence of the C...
  • ca676bf Merge pull request #13687 from pytest-dev/patchback/backports/8.4.x/e63f6e51c...
  • 975a60a Merge pull request #13686 from pytest-dev/patchback/backports/8.4.x/12bde8af6...
  • 7723ce8 Merge pull request #13683 from even-even/fix_Exeption_to_Exception_in_errorMe...
  • b7f0568 Merge pull request #13685 from CoretexShadow/fix/docs-pytest-generate-tests
  • 2c94c4a add missing colon (#13640) (#13641)
  • c3d7684 Merge pull request #13606 from pytest-dev/patchback/backports/8.4.x/5f9938563...
  • dc6e3be Merge pull request #13605 from The-Compiler/training-update-2025-07
  • f87289c Fix crash with times output style and skipped module (#13573) (#13579)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=pip&previous-version=8.4.1&new-version=8.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d637f3f15e0..b207574b3a4 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -175,7 +175,7 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.4.1 +pytest==8.4.2 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 48cd1e9d6f7..87337db1d9e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -170,7 +170,7 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.4.1 +pytest==8.4.2 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index bc4a86f32a1..addb2fb4825 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -73,7 +73,7 @@ pygments==2.19.2 # via # pytest # rich -pytest==8.4.1 +pytest==8.4.2 # via # -r requirements/lint.in # pytest-codspeed diff --git a/requirements/test.txt b/requirements/test.txt index 8e27ff3b5ff..a9bb838a23c 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -97,7 +97,7 @@ pygments==2.19.2 # via # pytest # rich -pytest==8.4.1 +pytest==8.4.2 # via # -r requirements/test.in # pytest-codspeed From e6f9966d7d16cf73ed4c7f766b06a2a435c676b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 11:15:26 +0000 Subject: [PATCH 100/148] Bump identify from 2.6.13 to 2.6.14 (#11486) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.13 to 2.6.14.
Commits
  • 6667ae3 v2.6.14
  • 0ce8827 Merge pull request #537 from LNSD/add-meson-options-support
  • 29d1fcc Merge pull request #536 from mike325/fix/add_robot_filetype
  • daf6023 Add support for meson.options
  • 6d49364 fix: add robot filetype
  • 53fdb98 Merge pull request #531 from pre-commit/pre-commit-ci-update-config
  • ffc2322 [pre-commit.ci] pre-commit autoupdate
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.13&new-version=2.6.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index b207574b3a4..72baf04af48 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -88,7 +88,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.13 +identify==2.6.14 # via pre-commit idna==3.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 87337db1d9e..fcdd656e30b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -86,7 +86,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.13 +identify==2.6.14 # via pre-commit idna==3.4 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index addb2fb4825..628afc3dfd5 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -33,7 +33,7 @@ forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 # via -r requirements/lint.in -identify==2.6.13 +identify==2.6.14 # via pre-commit idna==3.7 # via trustme From c0dd8a0e81b0a16b790fa9ba66b466a6ba8be755 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 11:22:17 +0000 Subject: [PATCH 101/148] Bump pytest-cov from 6.2.1 to 6.3.0 (#11487) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 6.2.1 to 6.3.0.
Changelog

Sourced from pytest-cov's changelog.

6.3.0 (2025-09-06)

  • Added support for markdown reports. Contributed by Marcos Boger in [#712](https://github.com/pytest-dev/pytest-cov/issues/712) <https://github.com/pytest-dev/pytest-cov/pull/712>_ and [#714](https://github.com/pytest-dev/pytest-cov/issues/714) <https://github.com/pytest-dev/pytest-cov/pull/714>_.
  • Fixed some formatting issues in docs. Anonymous contribution in [#706](https://github.com/pytest-dev/pytest-cov/issues/706) <https://github.com/pytest-dev/pytest-cov/pull/706>_.
Commits
  • a69d1ab Bump version: 6.2.1 → 6.3.0
  • 475bf32 Update changelog.
  • 3834009 Add GitHub Actions example and fix example to not break with default markdown...
  • 0824728 Small phrasing adustments in Markdown docs
  • 474c1f4 Move markdown dest files check to StoreReport for earlier error and parser.er...
  • 7b21833 Default markdown-append to coverage.md and raise warning if both markdown opt...
  • 3a15312 Fix usage of Path.open() to write/append to files
  • 4b79449 Change output file cov-append.md in md-append example
  • 40e9e8e Add docs and update AUTHORS.rst
  • f5ca33a Add tests for markdown and markdown-append
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-cov&package-manager=pip&previous-version=6.2.1&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 72baf04af48..88158fd6eed 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -187,7 +187,7 @@ pytest-codspeed==4.0.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==6.2.1 +pytest-cov==6.3.0 # via -r requirements/test.in pytest-mock==3.14.1 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index fcdd656e30b..4197aaa980c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -182,7 +182,7 @@ pytest-codspeed==4.0.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==6.2.1 +pytest-cov==6.3.0 # via -r requirements/test.in pytest-mock==3.14.1 # via diff --git a/requirements/test.txt b/requirements/test.txt index a9bb838a23c..3aaf930c2b7 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -106,7 +106,7 @@ pytest==8.4.2 # pytest-xdist pytest-codspeed==4.0.0 # via -r requirements/test.in -pytest-cov==6.2.1 +pytest-cov==6.3.0 # via -r requirements/test.in pytest-mock==3.14.1 # via -r requirements/test.in From 4b2c272c4ba34f781c15d830d4e2c065b4b34966 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 11:53:05 +0000 Subject: [PATCH 102/148] Bump pytest-mock from 3.14.1 to 3.15.0 (#11479) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [pytest-mock](https://github.com/pytest-dev/pytest-mock) from 3.14.1 to 3.15.0.
Release notes

Sourced from pytest-mock's releases.

v3.15.0

2025-09-04

  • Python 3.8 (EOL) is no longer supported.
  • #524: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.
Changelog

Sourced from pytest-mock's changelog.

3.15.0

2025-09-04

  • Python 3.8 (EOL) is no longer supported.
  • [#524](https://github.com/pytest-dev/pytest-mock/issues/524) <https://github.com/pytest-dev/pytest-mock/pull/524>_: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-mock&package-manager=pip&previous-version=3.14.1&new-version=3.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 88158fd6eed..74311d3fa8d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -189,7 +189,7 @@ pytest-codspeed==4.0.0 # -r requirements/test.in pytest-cov==6.3.0 # via -r requirements/test.in -pytest-mock==3.14.1 +pytest-mock==3.15.0 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 4197aaa980c..c2bcb7a6db8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -184,7 +184,7 @@ pytest-codspeed==4.0.0 # -r requirements/test.in pytest-cov==6.3.0 # via -r requirements/test.in -pytest-mock==3.14.1 +pytest-mock==3.15.0 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 628afc3dfd5..b49edaeed24 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -80,7 +80,7 @@ pytest==8.4.2 # pytest-mock pytest-codspeed==4.0.0 # via -r requirements/lint.in -pytest-mock==3.14.1 +pytest-mock==3.15.0 # via -r requirements/lint.in python-dateutil==2.9.0.post0 # via freezegun diff --git a/requirements/test.txt b/requirements/test.txt index 3aaf930c2b7..3bf44126460 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -108,7 +108,7 @@ pytest-codspeed==4.0.0 # via -r requirements/test.in pytest-cov==6.3.0 # via -r requirements/test.in -pytest-mock==3.14.1 +pytest-mock==3.15.0 # via -r requirements/test.in pytest-xdist==3.8.0 # via -r requirements/test.in From 140705bfa0979b0ec3b0cd1cf8ae97bff1ec15ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 10:35:43 +0000 Subject: [PATCH 103/148] Bump cffi from 1.17.1 to 2.0.0 (#11489) Bumps [cffi](https://github.com/python-cffi/cffi) from 1.17.1 to 2.0.0.
Release notes

Sourced from cffi's releases.

v2.0.0

What's Changed

  • Add Python 3.14 support.
  • Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
  • Drop Python <= 3.8 support.
  • Fix order dependency affecting nested type size calculation (#148).

Full Changelog: https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0

v2.0.0b1

What's Changed

  • Add Python 3.14 support.
  • Add CPython free-threaded support (3.14t+ only).
  • Drop Python <= 3.8 support.
  • Fix order dependency affecting nested type size calculation (#148).

Full Changelog: https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0b1

Commits
  • 6366c01 release 2.0.0 (#196)
  • 95c8476 2.0.0 post beta backports (#195)
  • 195cbda Release 2.0.0b1 (#183)
  • b4bbe79 fix version test to support beta
  • 7ed073d Add support for the free-threaded build (#178)
  • 67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
  • 92645ec Add Python 3.14 support/testing (#177)
  • 2b81170 doc: update test commands in Section Testing/development tips (#158)
  • 25172b8 doc: update year (#153)
  • b57a92c issue 147: force-compute nested structs before parent structs. Occurs mainly...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cffi&package-manager=pip&previous-version=1.17.1&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index ea6669c5a50..c88d548f928 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -16,7 +16,7 @@ attrs==25.3.0 # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in -cffi==1.17.1 +cffi==2.0.0 # via pycares frozenlist==1.7.0 # via diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 74311d3fa8d..00c8977588a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -36,7 +36,7 @@ build==1.3.0 # via pip-tools certifi==2025.8.3 # via requests -cffi==1.17.1 +cffi==2.0.0 # via # cryptography # pycares diff --git a/requirements/dev.txt b/requirements/dev.txt index c2bcb7a6db8..6cb1d1fcb7e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -36,7 +36,7 @@ build==1.3.0 # via pip-tools certifi==2025.8.3 # via requests -cffi==1.17.1 +cffi==2.0.0 # via # cryptography # pycares diff --git a/requirements/lint.txt b/requirements/lint.txt index b49edaeed24..9a7f51d3bed 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -12,7 +12,7 @@ async-timeout==5.0.1 # via valkey blockbuster==1.5.25 # via -r requirements/lint.in -cffi==1.17.1 +cffi==2.0.0 # via # cryptography # pycares diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 448c5a33a81..b5b5f7741a7 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -16,7 +16,7 @@ attrs==25.3.0 # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in -cffi==1.17.1 +cffi==2.0.0 # via pycares frozenlist==1.7.0 # via diff --git a/requirements/test.txt b/requirements/test.txt index 3bf44126460..810fd33f33f 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -20,7 +20,7 @@ blockbuster==1.5.25 # via -r requirements/test.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in -cffi==1.17.1 +cffi==2.0.0 # via # cryptography # pycares From a9f26b295206495aa5c8e6d367d5d81a53012217 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 11:04:55 +0000 Subject: [PATCH 104/148] Bump pytest-cov from 6.3.0 to 7.0.0 (#11493) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 6.3.0 to 7.0.0.
Changelog

Sourced from pytest-cov's changelog.

7.0.0 (2025-09-09)

  • Dropped support for subprocesses measurement.

    It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

    To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

    .. code-block:: ini

    [run] patch = subprocess

    This release also requires at least coverage 7.10.6.

  • Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

  • Removed some not really necessary testing deps like six.

Commits
  • 224d896 Bump version: 6.3.0 → 7.0.0
  • 73424e3 Cleanup the docs a bit.
  • 36f1cc2 Bump pins in template.
  • f299c59 Bump the github-actions group with 2 updates
  • 25f0b2e Update docs/config.rst
  • bb23eac Improve configuration docs
  • a19531e Switch from build/pre-commit to uv/prek - this should make this faster.
  • 82f9993 Update changelog.
  • 211b5cd Fix links.
  • 97aadd7 Update some ci config, reformat and apply some lint fixes.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-cov&package-manager=pip&previous-version=6.3.0&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 00c8977588a..c470429693e 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -187,7 +187,7 @@ pytest-codspeed==4.0.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==6.3.0 +pytest-cov==7.0.0 # via -r requirements/test.in pytest-mock==3.15.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 6cb1d1fcb7e..7665b8ef351 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -182,7 +182,7 @@ pytest-codspeed==4.0.0 # via # -r requirements/lint.in # -r requirements/test.in -pytest-cov==6.3.0 +pytest-cov==7.0.0 # via -r requirements/test.in pytest-mock==3.15.0 # via diff --git a/requirements/test.txt b/requirements/test.txt index 810fd33f33f..a58afdb53f6 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -106,7 +106,7 @@ pytest==8.4.2 # pytest-xdist pytest-codspeed==4.0.0 # via -r requirements/test.in -pytest-cov==6.3.0 +pytest-cov==7.0.0 # via -r requirements/test.in pytest-mock==3.15.0 # via -r requirements/test.in From 9c6c4dea9accf3c3843594f3f8373fcbf008d9c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 11:06:11 +0000 Subject: [PATCH 105/148] Bump pycares from 4.10.0 to 4.11.0 (#11496) Bumps [pycares](https://github.com/saghul/pycares) from 4.10.0 to 4.11.0.
Commits
  • 613184b Fial language classifier
  • 7c4f734 Bump version to 4.11.0Set version to 4.11.0
  • 37f0c54 build(deps): bump pypa/cibuildwheel from 3.1.3 to 3.1.4
  • 9d0d4b7 build(deps): bump actions/download-artifact from 4 to 5
  • 08e4925 build(deps): bump actions/checkout from 4 to 5
  • 52cb246 run tests with unittest-ft on free-threaded build
  • 075a5c8 Add support for Python 3.14 and 3.14t
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pycares&package-manager=pip&previous-version=4.10.0&new-version=4.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index c88d548f928..814a1089ad8 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -36,7 +36,7 @@ propcache==0.3.2 # via # -r requirements/runtime-deps.in # yarl -pycares==4.10.0 +pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c470429693e..f011b81be22 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -152,7 +152,7 @@ propcache==0.3.2 # yarl proxy-py==2.4.10 # via -r requirements/test.in -pycares==4.10.0 +pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/dev.txt b/requirements/dev.txt index 7665b8ef351..0ca5b2428f8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -149,7 +149,7 @@ propcache==0.3.2 # yarl proxy-py==2.4.10 # via -r requirements/test.in -pycares==4.10.0 +pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/lint.txt b/requirements/lint.txt index 9a7f51d3bed..de7242272c5 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -61,7 +61,7 @@ pluggy==1.6.0 # via pytest pre-commit==4.3.0 # via -r requirements/lint.in -pycares==4.10.0 +pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index b5b5f7741a7..d35ed575da0 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -32,7 +32,7 @@ propcache==0.3.2 # via # -r requirements/runtime-deps.in # yarl -pycares==4.10.0 +pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi diff --git a/requirements/test.txt b/requirements/test.txt index a58afdb53f6..cc1f34cd2b1 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -85,7 +85,7 @@ propcache==0.3.2 # yarl proxy-py==2.4.10 # via -r requirements/test.in -pycares==4.10.0 +pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi From ca9ebf96a31016ce5b7f23351d829877572d7aa8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Sep 2025 10:31:55 +0000 Subject: [PATCH 106/148] Bump zlib-ng from 0.5.1 to 1.0.0 (#11500) Bumps [zlib-ng](https://github.com/pycompression/python-zlib-ng) from 0.5.1 to 1.0.0.
Release notes

Sourced from zlib-ng's releases.

version 1.0.0

The library has been running without issues as a dependency in quite a few projects and is now stable enough for the first major version.

  • Updated bundled zlib-ng to 2.2.5.
  • Python 3.14 is supported.
  • Python 3.8 and 3.9 are no longer supported.
  • Fix an issue where flushing using igzip_threaded caused a gzip end of stream and started a new gzip stream. In essence creating a concatenated gzip stream. Now it is in concordance with how single threaded gzip streams are flushed using Z_SYNC_FLUSH.
  • Switched to setuptools-scm for building the package rather than versioningit.
  • Test files are added to the source distribution.
  • Fix an issue where some tests failed because they ignored PYTHONPATH.
Changelog

Sourced from zlib-ng's changelog.

version 1.0.0

The library has been running without issues as a dependency in quite a few projects and is now stable enough for the first major version.

  • Updated bundled zlib-ng to 2.2.5.
  • Python 3.14 is supported.
  • Python 3.8 and 3.9 are no longer supported.
  • Fix an issue where flushing using igzip_threaded caused a gzip end of stream and started a new gzip stream. In essence creating a concatenated gzip stream. Now it is in concordance with how single threaded gzip streams are flushed using Z_SYNC_FLUSH.
  • Switched to setuptools-scm for building the package rather than versioningit.
  • Test files are added to the source distribution.
  • Fix an issue where some tests failed because they ignored PYTHONPATH.
Commits
  • 018aed8 Merge pull request #70 from pycompression/3.14threaded
  • 5c48059 Enable GIL_NOT_USED
  • 798fa1a Also test on 3.14 threaded
  • e163b2b Merge pull request #69 from pycompression/release_1.0.0
  • 2a3d6bf Update bundled zlib-ng to 2.2.5
  • 5d4d68b Run on latest macos
  • 0baca00 Prepare release 1.0.0
  • faea9dc Merge pull request #67 from pycompression/fixasan
  • 402d8c9 Fix improper URL for readthedocs
  • 67fe5ce Fix an issue where some tests failed because they ignored PYTHONPATH
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zlib-ng&package-manager=pip&previous-version=0.5.1&new-version=1.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f011b81be22..a432a50f0be 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -297,7 +297,7 @@ wheel==0.45.1 # via pip-tools yarl==1.20.1 # via -r requirements/runtime-deps.in -zlib-ng==0.5.1 +zlib-ng==1.0.0 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 0ca5b2428f8..4963eab5a33 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -288,7 +288,7 @@ wheel==0.45.1 # via pip-tools yarl==1.20.1 # via -r requirements/runtime-deps.in -zlib-ng==0.5.1 +zlib-ng==1.0.0 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index de7242272c5..e642cc6c31e 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -118,7 +118,7 @@ valkey==6.1.1 # via -r requirements/lint.in virtualenv==20.34.0 # via pre-commit -zlib-ng==0.5.1 +zlib-ng==1.0.0 # via -r requirements/lint.in zstandard==0.24.0 ; implementation_name == "cpython" # via -r requirements/lint.in diff --git a/requirements/test.txt b/requirements/test.txt index cc1f34cd2b1..60447b55d4d 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -151,7 +151,7 @@ wait-for-it==2.3.0 # via -r requirements/test.in yarl==1.20.1 # via -r requirements/runtime-deps.in -zlib-ng==0.5.1 +zlib-ng==1.0.0 # via -r requirements/test.in zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in From 8a37ab90f75ddf11f61d3c79b9dcf244f941df05 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 11 Sep 2025 16:57:58 +0100 Subject: [PATCH 107/148] [3.13] Use `unix_sockname` fixture for `test_run_app_preexisting_unix_socket` (#11501) Manual backport of https://github.com/aio-libs/aiohttp/pull/11498. --- tests/test_run_app.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/test_run_app.py b/tests/test_run_app.py index e269b452f86..eeb28d6ff41 100644 --- a/tests/test_run_app.py +++ b/tests/test_run_app.py @@ -621,14 +621,13 @@ def test_run_app_preexisting_inet6_socket(patched_loop) -> None: @pytest.mark.skipif(not hasattr(socket, "AF_UNIX"), reason="requires UNIX sockets") -def test_run_app_preexisting_unix_socket(patched_loop, mocker) -> None: +def test_run_app_preexisting_unix_socket(patched_loop, unix_sockname, mocker) -> None: app = web.Application() - sock_path = "/tmp/test_preexisting_sock1" sock = socket.socket(socket.AF_UNIX) with contextlib.closing(sock): - sock.bind(sock_path) - os.unlink(sock_path) + sock.bind(unix_sockname) + os.unlink(unix_sockname) printer = mock.Mock(wraps=stopper(patched_loop)) web.run_app(app, sock=sock, print=printer, loop=patched_loop) @@ -636,7 +635,7 @@ def test_run_app_preexisting_unix_socket(patched_loop, mocker) -> None: patched_loop.create_server.assert_called_with( mock.ANY, sock=sock, backlog=128, ssl=None ) - assert f"http://unix:{sock_path}:" in printer.call_args[0][0] + assert f"http://unix:{unix_sockname}:" in printer.call_args[0][0] def test_run_app_multiple_preexisting_sockets(patched_loop) -> None: From dec5d337a7d7bcf859ec2abefa46d2c5703df73f Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 11 Sep 2025 16:58:34 +0100 Subject: [PATCH 108/148] [3.12] Use `unix_sockname` fixture for `test_run_app_preexisting_unix_socket` (#11502) Manual backport of https://github.com/aio-libs/aiohttp/pull/11498. --- tests/test_run_app.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/test_run_app.py b/tests/test_run_app.py index e269b452f86..eeb28d6ff41 100644 --- a/tests/test_run_app.py +++ b/tests/test_run_app.py @@ -621,14 +621,13 @@ def test_run_app_preexisting_inet6_socket(patched_loop) -> None: @pytest.mark.skipif(not hasattr(socket, "AF_UNIX"), reason="requires UNIX sockets") -def test_run_app_preexisting_unix_socket(patched_loop, mocker) -> None: +def test_run_app_preexisting_unix_socket(patched_loop, unix_sockname, mocker) -> None: app = web.Application() - sock_path = "/tmp/test_preexisting_sock1" sock = socket.socket(socket.AF_UNIX) with contextlib.closing(sock): - sock.bind(sock_path) - os.unlink(sock_path) + sock.bind(unix_sockname) + os.unlink(unix_sockname) printer = mock.Mock(wraps=stopper(patched_loop)) web.run_app(app, sock=sock, print=printer, loop=patched_loop) @@ -636,7 +635,7 @@ def test_run_app_preexisting_unix_socket(patched_loop, mocker) -> None: patched_loop.create_server.assert_called_with( mock.ANY, sock=sock, backlog=128, ssl=None ) - assert f"http://unix:{sock_path}:" in printer.call_args[0][0] + assert f"http://unix:{unix_sockname}:" in printer.call_args[0][0] def test_run_app_multiple_preexisting_sockets(patched_loop) -> None: From 74258eb8293041a87964f74721686e58ab6e30b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 11:15:03 +0000 Subject: [PATCH 109/148] Bump pyenchant from 3.2.2 to 3.3.0 (#11508) Bumps [pyenchant](https://github.com/pyenchant/pyenchant) from 3.2.2 to 3.3.0.
Commits
  • f8b40fd Bump to 3.3.0
  • 07928e1 Update changelog
  • bc49633 Bump to 3.3.0rc4
  • f74975f tbump: don't try and make a release after the push
  • 6f32de5 Bump to 3.3.0rc3
  • 86ae615 Try to publish to pypi.org from GitHub
  • 1dd1470 Rename build.py -> build_artifacts.py
  • 6283bce Add workflow to publish to testpypi
  • 53ab967 Bump to 3.3.0rc2
  • 640a82a rename release -> build, don't use setup.py do build
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyenchant&package-manager=pip&previous-version=3.2.2&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/doc-spelling.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index a432a50f0be..f3b7f8a7e07 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -160,7 +160,7 @@ pydantic==2.12.0a1 # via python-on-whales pydantic-core==2.37.2 # via pydantic -pyenchant==3.2.2 +pyenchant==3.3.0 # via sphinxcontrib-spelling pygments==2.19.2 # via diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 677358c2d92..9fca6b28f88 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -30,7 +30,7 @@ markupsafe==3.0.2 # via jinja2 packaging==25.0 # via sphinx -pyenchant==3.2.2 +pyenchant==3.3.0 # via sphinxcontrib-spelling pygments==2.19.2 # via sphinx From bc9e62c670334e5d17375cc86f60d0f3a9b5af02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 11:34:36 +0000 Subject: [PATCH 110/148] Bump pydantic from 2.11.7 to 2.11.9 (#11509) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.7 to 2.11.9.
Release notes

Sourced from pydantic's releases.

v2.11.9 2025-09-13

What's Changed

Fixes

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.11.8...v2.11.9

v2.11.8 2025-09-13

v2.11.8 (2025-09-13)

What's Changed

Fixes

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.11.7...v2.11.8

Changelog

Sourced from pydantic's changelog.

v2.11.9 (2025-09-13)

GitHub release

What's Changed

Fixes

v2.11.8 (2025-09-13)

GitHub release

What's Changed

Fixes

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.11.7&new-version=2.11.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 4 ++-- requirements/dev.txt | 4 ++-- requirements/lint.txt | 2 +- requirements/test.txt | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f3b7f8a7e07..599364e1b68 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -156,9 +156,9 @@ pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.12.0a1 +pydantic==2.11.9 # via python-on-whales -pydantic-core==2.37.2 +pydantic-core==2.33.2 # via pydantic pyenchant==3.3.0 # via sphinxcontrib-spelling diff --git a/requirements/dev.txt b/requirements/dev.txt index 4963eab5a33..f54d1de11c4 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -153,9 +153,9 @@ pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.12.0a1 +pydantic==2.11.9 # via python-on-whales -pydantic-core==2.37.2 +pydantic-core==2.33.2 # via pydantic pygments==2.19.2 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index e642cc6c31e..647108afc43 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -65,7 +65,7 @@ pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.11.7 +pydantic==2.11.9 # via python-on-whales pydantic-core==2.33.2 # via pydantic diff --git a/requirements/test.txt b/requirements/test.txt index 60447b55d4d..3854d2a0721 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -89,9 +89,9 @@ pycares==4.11.0 # via aiodns pycparser==2.22 # via cffi -pydantic==2.12.0a1 +pydantic==2.11.9 # via python-on-whales -pydantic-core==2.37.2 +pydantic-core==2.33.2 # via pydantic pygments==2.19.2 # via From af12405869144ec27bf522991cb473b6829f9217 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 11:49:27 +0000 Subject: [PATCH 111/148] Bump pycparser from 2.22 to 2.23 (#11497) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [pycparser](https://github.com/eliben/pycparser) from 2.22 to 2.23.
Release notes

Sourced from pycparser's releases.

release_v2.23

What's Changed

New Contributors

Full Changelog: https://github.com/eliben/pycparser/compare/release_v2.22...release_v2.23

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pycparser&package-manager=pip&previous-version=2.22&new-version=2.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 814a1089ad8..55d00a0ee33 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -38,7 +38,7 @@ propcache==0.3.2 # yarl pycares==4.11.0 # via aiodns -pycparser==2.22 +pycparser==2.23 # via cffi typing-extensions==4.15.0 # via diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 599364e1b68..655f9b981c5 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -154,7 +154,7 @@ proxy-py==2.4.10 # via -r requirements/test.in pycares==4.11.0 # via aiodns -pycparser==2.22 +pycparser==2.23 # via cffi pydantic==2.11.9 # via python-on-whales diff --git a/requirements/dev.txt b/requirements/dev.txt index f54d1de11c4..a0e6fcca3c9 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -151,7 +151,7 @@ proxy-py==2.4.10 # via -r requirements/test.in pycares==4.11.0 # via aiodns -pycparser==2.22 +pycparser==2.23 # via cffi pydantic==2.11.9 # via python-on-whales diff --git a/requirements/lint.txt b/requirements/lint.txt index 647108afc43..55bde922e24 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -63,7 +63,7 @@ pre-commit==4.3.0 # via -r requirements/lint.in pycares==4.11.0 # via aiodns -pycparser==2.22 +pycparser==2.23 # via cffi pydantic==2.11.9 # via python-on-whales diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index d35ed575da0..ed868311a78 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -34,7 +34,7 @@ propcache==0.3.2 # yarl pycares==4.11.0 # via aiodns -pycparser==2.22 +pycparser==2.23 # via cffi typing-extensions==4.15.0 # via diff --git a/requirements/test.txt b/requirements/test.txt index 3854d2a0721..1c4751661a7 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -87,7 +87,7 @@ proxy-py==2.4.10 # via -r requirements/test.in pycares==4.11.0 # via aiodns -pycparser==2.22 +pycparser==2.23 # via cffi pydantic==2.11.9 # via python-on-whales From e3753081144492b596ce5f5dc3e84ab5d19491cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 12:00:59 +0000 Subject: [PATCH 112/148] Bump zstandard from 0.24.0 to 0.25.0 (#11510) Bumps [zstandard](https://github.com/indygreg/python-zstandard) from 0.24.0 to 0.25.0.
Release notes

Sourced from zstandard's releases.

0.25.0

  • PyO3 Rust created upgraded from 0.24 to 0.25. (#273)
  • We now use Py_REFCNT(obj) instead of accessing (*obj)->ob_refcnt directly. This fixes a nogil / multi-threaded compile error. (#201, #275)
  • A zstandard commit to fix qsort detection on BSD operating systems has been backported. (#272)
  • The PYTHON_ZSTANDARD_IMPORT_POLICY environment variable now has leading and trailing whitespace stripped. Values like cffi and cffi are now equivalent to cffi.
  • The CI jobs for building wheels have been overhauled to always use cibuildwheel and uv (where possible). This change should be backwards compatible. But wheel building for this project has historically been fragile and there may be unwanted changes. We're optimistic that standardizing on uv (except for musllinux ppc64le and s390x where uv isn't available) will lead to more stability over time.
  • CI now runs tests against the wheels we distribute. Previously, we ran tests against a separate build that was theoretically identical. But the builds may have been subtly different, leading to preventable bugs in our wheels. (Enabling this test coverage did not uncover any failures.)
  • The pyproject.toml build backend has been switched from setuptools.build_meta:__legacy__ to setuptools.build_meta.
  • The setuptools build dependency has been upgraded from <69.0.0 to >=77.0.0. Modern versions of setuptools broke --config-settings=--build-option=... as part of implementing PEP 660. A workaround is to use --config-settings=--global-option=... instead. --global-option apparently is deprecated and the setuptools folks have yet to figure out how to thread config settings into setup.py invocations. (--build-option is sent to the build_wheel command but not the build_editable command.)
  • Python 3.14 wheels are now built with manylinux_2_28 (versus manylinux2014) for older Python versions. This may raise the minimum glibc version, effectively dropping support for Debian 8 and 9, Ubuntu 13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in practice most platforms don't container newer glibc symbols and are still ABI compatible with manylinux2014 and glibc 2.17.
  • We now require cffi >= 2.0.0b on Python 3.14. <3.14 still requires 1.17. (#274)
  • The cffi backend is now automatically disabled for free-threaded builds on Python <3.14, as cffi didn't implement free-threaded support until the 2.0 release. (#274)
  • Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not yet formally support free-threaded builds. (#276)
  • The C and Rust backends now declare the GIL as unused.
  • The pythoncapi_compat.h file has been upgraded to the latest version. (#278)
  • setup.py now depends on packaging and uses packaging.version.Version for version comparisons. This removes some deprecation warnings from usage of legacy distutils Version classes.
  • Relax run-time libzstd version checking in C extension from exactly 1.5.7 to >=1.5.6. (#254, #267)
  • C extension types now (correctly) declare their fully qualified type names

... (truncated)

Changelog

Sourced from zstandard's changelog.

0.25.0 (released 2025-09-14)

  • PyO3 Rust created upgraded from 0.24 to 0.25. (#273)
  • We now use Py_REFCNT(obj) instead of accessing (*obj)->ob_refcnt directly. This fixes a nogil / multi-threaded compile error. (#201, #275)
  • A zstandard commit to fix qsort detection on BSD operating systems has been backported. (#272)
  • The PYTHON_ZSTANDARD_IMPORT_POLICY environment variable now has leading and trailing whitespace stripped. Values like cffi and cffi are now equivalent to cffi.
  • The CI jobs for building wheels have been overhauled to always use cibuildwheel and uv (where possible). This change should be backwards compatible. But wheel building for this project has historically been fragile and there may be unwanted changes. We're optimistic that standardizing on uv (except for musllinux ppc64le and s390x where uv isn't available) will lead to more stability over time.
  • CI now runs tests against the wheels we distribute. Previously, we ran tests against a separate build that was theoretically identical. But the builds may have been subtly different, leading to preventable bugs in our wheels. (Enabling this test coverage did not uncover any failures.)
  • The pyproject.toml build backend has been switched from setuptools.build_meta:__legacy__ to setuptools.build_meta.
  • The setuptools build dependency has been upgraded from <69.0.0 to >=77.0.0. Modern versions of setuptools broke --config-settings=--build-option=... as part of implementing PEP 660. A workaround is to use --config-settings=--global-option=...`` instead. --global-optionapparently is deprecated and the setuptools folks have yet to figure out how to thread config settings intosetup.py invocations. (`--build-option is sent to the build_wheel command but not the build_editable command.)
  • Python 3.14 wheels are now built with manylinux_2_28 (versus manylinux2014) for older Python versions. This may raise the minimum glibc version, effectively dropping support for Debian 8 and 9, Ubuntu 13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in practice most platforms don't container newer glibc symbols and are still ABI compatible with manylinux2014 and glibc 2.17.
  • We now require cffi >= 2.0.0b on Python 3.14. <3.14 still requires 1.17. (#274)
  • The cffi backend is now automatically disabled for free-threaded builds on Python <3.14, as cffi didn't implement free-threaded support until the 2.0 release. (#274)
  • Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not yet formally support free-threaded builds. (#276)
  • The C and Rust backends now declare the GIL as unused.
  • The pythoncapi_compat.h file has been upgraded to the latest version. (#278)
  • setup.py now depends on packaging and uses packaging.version.Version for version comparisons. This removes some deprecation warnings from usage of legacy distutils Version classes.
  • Relax run-time libzstd version checking in C extension from exactly 1.5.7

... (truncated)

Commits
  • 7a77a75 global: release 0.25.0
  • 7935539 rust: cargo upgrade
  • bc3074c rust: update dependencies
  • 51a277a c-ext: correctly define fully qualified type names to zstandard.*
  • 9ccbc39 docs: fix ReST in news.rst
  • 58c68a1 zstd: synchronize qsort code with upstream
  • 395f693 docs: document existence of compression.zstd in stdlib
  • 6967817 docs: update comparisons to other implementations
  • e4e829a docs: document new libzstd version constraint behaviors
  • 604a65a Relax libzstd version checking
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zstandard&package-manager=pip&previous-version=0.24.0&new-version=0.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 55d00a0ee33..70c160e7322 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -48,5 +48,5 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # via -r requirements/base.in yarl==1.20.1 # via -r requirements/runtime-deps.in -zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 655f9b981c5..9f276b88592 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -301,7 +301,7 @@ zlib-ng==1.0.0 # via # -r requirements/lint.in # -r requirements/test.in -zstandard==0.24.0 ; implementation_name == "cpython" +zstandard==0.25.0 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/runtime-deps.in diff --git a/requirements/dev.txt b/requirements/dev.txt index a0e6fcca3c9..3afc8a5d36d 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -292,7 +292,7 @@ zlib-ng==1.0.0 # via # -r requirements/lint.in # -r requirements/test.in -zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via # -r requirements/lint.in # -r requirements/runtime-deps.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 55bde922e24..adb7f14c250 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -120,5 +120,5 @@ virtualenv==20.34.0 # via pre-commit zlib-ng==1.0.0 # via -r requirements/lint.in -zstandard==0.24.0 ; implementation_name == "cpython" +zstandard==0.25.0 ; implementation_name == "cpython" # via -r requirements/lint.in diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index ed868311a78..f3c98e7e88a 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -42,5 +42,5 @@ typing-extensions==4.15.0 # multidict yarl==1.20.1 # via -r requirements/runtime-deps.in -zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index 1c4751661a7..2332b452fc5 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -153,5 +153,5 @@ yarl==1.20.1 # via -r requirements/runtime-deps.in zlib-ng==1.0.0 # via -r requirements/test.in -zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14" +zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in From 16cb99ba7c3e03acb400f04194ed677d0d1ec585 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Sep 2025 10:38:34 +0000 Subject: [PATCH 113/148] Bump cython from 3.1.3 to 3.1.4 (#11513) Bumps [cython](https://github.com/cython/cython) from 3.1.3 to 3.1.4.
Changelog

Sourced from cython's changelog.

3.1.4 (2025-09-16)

Features added

  • Declarations for the new PyUnstable_*() refcounting C-API functions in Py3.14 were added. (Github issue :issue:6836)

Bugs fixed

  • The monitoring code could crash on tracing. (Github issue :issue:7050)

  • Initialising the monitoring code could fail with a CPython exception. See nedbat/coveragepy#1790

  • Optimised integer shifting triggered undefined behaviour in C. (Github issue :issue:7089)

  • Deallocating objects that inherit from external types defined in pxd files could run into an infinite loop. (Github issue :issue:7143)

  • A reference to metaclasses could be leaked on instantiation. (Github issue :issue:7130)

  • (Unlikely) error handling during empty builtin container tests was ineffective. (Github issue :issue:7190)

  • Generated *_api.h files used potentially unknown Cython configuration macros. (Github issue :issue:7108)

  • cythonize() avoids parallel compiler runs on systems using spawn() in multiprocessing. Patch by Marcel Bargull. (Github issue :issue:3262)

  • The @cython.ufunc decorator was missing in type checker stubs. Patch by jayClean. (Github issue :issue:7109)

Commits
  • 236e4a3 Build: Update cibuildwheel version to 3.1.4.
  • cb2e2a3 Prepare release of 3.1.4.
  • 4fdb990 Update changelog.
  • fa78291 Remove confusing "optionally" from embedded docs (#7071)
  • 2886cd9 Fix error handling in empty container test (GH-7096)
  • 8993322 Library: Add declarations for new refcounting C-API functions in Py3.14.
  • dc54ef2 Simpify some conditions.
  • 41f985e Bump OS X runner version to "macos-latest" (GH-7041)
  • dd18f11 Disable parallel cythonization for "spawn" start method. (GH-3263)
  • be16c51 Fix a small typo (#7125)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cython&package-manager=pip&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/cython.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 9f276b88592..0f0e292a86b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -62,7 +62,7 @@ cryptography==45.0.7 # via # pyjwt # trustme -cython==3.1.3 +cython==3.1.4 # via -r requirements/cython.in distlib==0.4.0 # via virtualenv diff --git a/requirements/cython.txt b/requirements/cython.txt index 6cc5519997d..824e216600b 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -4,7 +4,7 @@ # # pip-compile --allow-unsafe --output-file=requirements/cython.txt --resolver=backtracking --strip-extras requirements/cython.in # -cython==3.1.3 +cython==3.1.4 # via -r requirements/cython.in multidict==6.6.4 # via -r requirements/multidict.in From 18a7c2f4e90149807cf02de0980539dac4f37e3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 10:40:44 +0000 Subject: [PATCH 114/148] Bump cryptography from 45.0.7 to 46.0.1 (#11516) Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.7 to 46.0.1.
Changelog

Sourced from cryptography's changelog.

46.0.1 - 2025-09-16


* Fixed an issue where users installing via ``pip`` on Python 3.14
development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:


46.0.0 - 2025-09-16

  • BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.
  • Support for OpenSSL < 3.0 is deprecated and will be removed in the next release.
  • Support for x86_64 macOS (including publishing wheels) is deprecated and will be removed in two releases. We will switch to publishing an arm64 only wheel for macOS.
  • Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in two releases. Users should move to a 64-bit Python installation.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
  • We now build ppc64le manylinux wheels and publish them to PyPI.
  • We now build win_arm64 (Windows on Arm) wheels and publish them to PyPI.
  • Added support for free-threaded Python 3.14.
  • Removed the deprecated get_attribute_for_oid method on :class:~cryptography.x509.CertificateSigningRequest. Users should use :meth:~cryptography.x509.Attributes.get_attribute_for_oid instead.
  • Removed the deprecated CAST5, SEED, IDEA, and Blowfish classes from the cipher module. These are still available in :doc:/hazmat/decrepit/index.
  • In X.509, when performing a PSS signature with a SHA-3 hash, it is now encoded with the official NIST SHA3 OID.

.. _v45-0-7:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=45.0.7&new-version=46.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 3 ++- requirements/dev.txt | 3 ++- requirements/lint.txt | 3 ++- requirements/test.txt | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 0f0e292a86b..c7aafc29a1d 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -58,7 +58,7 @@ coverage==7.10.6 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.7 +cryptography==46.0.1 # via # pyjwt # trustme @@ -269,6 +269,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 # via # aiosignal + # cryptography # exceptiongroup # multidict # mypy diff --git a/requirements/dev.txt b/requirements/dev.txt index 3afc8a5d36d..148852f3213 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -58,7 +58,7 @@ coverage==7.10.6 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.7 +cryptography==46.0.1 # via # pyjwt # trustme @@ -260,6 +260,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 # via # aiosignal + # cryptography # exceptiongroup # multidict # mypy diff --git a/requirements/lint.txt b/requirements/lint.txt index adb7f14c250..afcf071907f 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -21,7 +21,7 @@ cfgv==3.4.0 # via pre-commit click==8.1.8 # via slotscheck -cryptography==45.0.7 +cryptography==46.0.1 # via trustme distlib==0.4.0 # via virtualenv @@ -103,6 +103,7 @@ trustme==1.2.1 # via -r requirements/lint.in typing-extensions==4.15.0 # via + # cryptography # exceptiongroup # mypy # pydantic diff --git a/requirements/test.txt b/requirements/test.txt index 2332b452fc5..db8d39eaf9d 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -31,7 +31,7 @@ coverage==7.10.6 # via # -r requirements/test.in # pytest-cov -cryptography==45.0.7 +cryptography==46.0.1 # via trustme exceptiongroup==1.3.0 # via pytest @@ -136,6 +136,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 # via # aiosignal + # cryptography # exceptiongroup # multidict # mypy From 3bdbbe9f7b0ee994cd8635e16daaa748d102c521 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 10:50:12 +0000 Subject: [PATCH 115/148] Bump pytest-mock from 3.15.0 to 3.15.1 (#11517) Bumps [pytest-mock](https://github.com/pytest-dev/pytest-mock) from 3.15.0 to 3.15.1.
Release notes

Sourced from pytest-mock's releases.

v3.15.1

2025-09-16

  • #529: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.
Changelog

Sourced from pytest-mock's changelog.

3.15.1

2025-09-16

  • [#529](https://github.com/pytest-dev/pytest-mock/issues/529) <https://github.com/pytest-dev/pytest-mock/issues/529>_: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-mock&package-manager=pip&previous-version=3.15.0&new-version=3.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c7aafc29a1d..ba4ac816dc3 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -189,7 +189,7 @@ pytest-codspeed==4.0.0 # -r requirements/test.in pytest-cov==7.0.0 # via -r requirements/test.in -pytest-mock==3.15.0 +pytest-mock==3.15.1 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 148852f3213..eaac736b9bd 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -184,7 +184,7 @@ pytest-codspeed==4.0.0 # -r requirements/test.in pytest-cov==7.0.0 # via -r requirements/test.in -pytest-mock==3.15.0 +pytest-mock==3.15.1 # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index afcf071907f..0ef7c141645 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -80,7 +80,7 @@ pytest==8.4.2 # pytest-mock pytest-codspeed==4.0.0 # via -r requirements/lint.in -pytest-mock==3.15.0 +pytest-mock==3.15.1 # via -r requirements/lint.in python-dateutil==2.9.0.post0 # via freezegun diff --git a/requirements/test.txt b/requirements/test.txt index db8d39eaf9d..1a23534aca2 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -108,7 +108,7 @@ pytest-codspeed==4.0.0 # via -r requirements/test.in pytest-cov==7.0.0 # via -r requirements/test.in -pytest-mock==3.15.0 +pytest-mock==3.15.1 # via -r requirements/test.in pytest-xdist==3.8.0 # via -r requirements/test.in From 3f63083d80499a679e6daf7190daba06c5081dfe Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 17 Sep 2025 14:32:43 -0500 Subject: [PATCH 116/148] [PR #10851/e5d1240 backport][3.13] remove use of deprecated policy API from tests (#10851) (#11521) Co-authored-by: Kumar Aditya --- CHANGES/10851.bugfix.rst | 1 + CHANGES/10851.contrib.rst | 2 ++ tests/test_loop.py | 3 --- 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 CHANGES/10851.bugfix.rst create mode 100644 CHANGES/10851.contrib.rst diff --git a/CHANGES/10851.bugfix.rst b/CHANGES/10851.bugfix.rst new file mode 100644 index 00000000000..9c47cc95905 --- /dev/null +++ b/CHANGES/10851.bugfix.rst @@ -0,0 +1 @@ +Fixed pytest plugin to not use deprecated :py:mod:`asyncio` policy APIs. diff --git a/CHANGES/10851.contrib.rst b/CHANGES/10851.contrib.rst new file mode 100644 index 00000000000..623f96bc227 --- /dev/null +++ b/CHANGES/10851.contrib.rst @@ -0,0 +1,2 @@ +Updated tests to avoid using deprecated :py:mod:`asyncio` policy APIs and +make it compatible with Python 3.14. diff --git a/tests/test_loop.py b/tests/test_loop.py index 944f17e69f0..a3520b457e4 100644 --- a/tests/test_loop.py +++ b/tests/test_loop.py @@ -33,9 +33,6 @@ async def on_startup_hook(self, app): async def test_on_startup_hook(self) -> None: self.assertTrue(self.on_startup_called) - def test_default_loop(self) -> None: - self.assertIs(self.loop, asyncio.get_event_loop_policy().get_event_loop()) - def test_default_loop(loop: asyncio.AbstractEventLoop) -> None: assert asyncio.get_event_loop() is loop From 6dd38ae10d1c12bfe8ca091733094883e2552c3b Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 17 Sep 2025 17:22:20 -0500 Subject: [PATCH 117/148] [PR #11466/d9a4714 backport][3.13] add free-threading CI for Python 3.14 (#11518) Co-authored-by: Kumar Aditya --- .github/workflows/ci-cd.yml | 10 ++- CHANGES/11466.contrib.rst | 1 + requirements/base-ft.in | 3 + requirements/base-ft.txt | 48 +++++++++++ requirements/test-common.in | 18 ++++ requirements/test-common.txt | 117 ++++++++++++++++++++++++++ requirements/test-ft.in | 2 + requirements/test-ft.txt | 156 +++++++++++++++++++++++++++++++++++ requirements/test.in | 20 +---- requirements/test.txt | 66 +++++++-------- 10 files changed, 388 insertions(+), 53 deletions(-) create mode 100644 CHANGES/11466.contrib.rst create mode 100644 requirements/base-ft.in create mode 100644 requirements/base-ft.txt create mode 100644 requirements/test-common.in create mode 100644 requirements/test-common.txt create mode 100644 requirements/test-ft.in create mode 100644 requirements/test-ft.txt diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 430538f4759..c32e60a9bbf 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -140,6 +140,9 @@ jobs: pyver: "3.14" experimental: true no-extensions: 'Y' + - os: ubuntu + pyver: "3.14t" + experimental: true fail-fast: true runs-on: ${{ matrix.os }}-latest continue-on-error: ${{ matrix.experimental }} @@ -170,8 +173,13 @@ jobs: run: | python -m pip install -U pip wheel setuptools build twine - name: Install dependencies + env: + DEPENDENCY_GROUP: test${{ endsWith(matrix.pyver, 't') && '-ft' || '' }} run: | - python -m pip install -r requirements/test.in -c requirements/test.txt + python -Im pip install -r requirements/${{ env.DEPENDENCY_GROUP }}.in -c requirements/${{ env.DEPENDENCY_GROUP }}.txt + - name: Set PYTHON_GIL=0 for free-threading builds + if: ${{ endsWith(matrix.pyver, 't') }} + run: echo "PYTHON_GIL=0" >> $GITHUB_ENV - name: Restore llhttp generated files if: ${{ matrix.no-extensions == '' }} uses: actions/download-artifact@v5 diff --git a/CHANGES/11466.contrib.rst b/CHANGES/11466.contrib.rst new file mode 100644 index 00000000000..07c5f40c82e --- /dev/null +++ b/CHANGES/11466.contrib.rst @@ -0,0 +1 @@ +Added free-threading CI job for CPython 3.14 -- by :user:`kumaraditya303`. diff --git a/requirements/base-ft.in b/requirements/base-ft.in new file mode 100644 index 00000000000..2b0cbf7d0c2 --- /dev/null +++ b/requirements/base-ft.in @@ -0,0 +1,3 @@ +-r runtime-deps.in + +gunicorn diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt new file mode 100644 index 00000000000..15c562571be --- /dev/null +++ b/requirements/base-ft.txt @@ -0,0 +1,48 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --allow-unsafe --output-file=requirements/base-ft.txt --strip-extras requirements/base-ft.in +# +aiodns==3.5.0 + # via -r requirements/runtime-deps.in +aiohappyeyeballs==2.6.1 + # via -r requirements/runtime-deps.in +aiosignal==1.4.0 + # via -r requirements/runtime-deps.in +async-timeout==5.0.1 ; python_version < "3.11" + # via -r requirements/runtime-deps.in +brotli==1.1.0 ; platform_python_implementation == "CPython" + # via -r requirements/runtime-deps.in +cffi==2.0.0 + # via pycares +frozenlist==1.7.0 + # via + # -r requirements/runtime-deps.in + # aiosignal +gunicorn==23.0.0 + # via -r requirements/base-ft.in +idna==3.10 + # via yarl +multidict==6.6.4 + # via + # -r requirements/runtime-deps.in + # yarl +packaging==25.0 + # via gunicorn +propcache==0.3.2 + # via + # -r requirements/runtime-deps.in + # yarl +pycares==4.11.0 + # via aiodns +pycparser==2.23 + # via cffi +typing-extensions==4.15.0 + # via + # aiosignal + # multidict +yarl==1.20.1 + # via -r requirements/runtime-deps.in +zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" + # via -r requirements/runtime-deps.in diff --git a/requirements/test-common.in b/requirements/test-common.in new file mode 100644 index 00000000000..84193d7bc11 --- /dev/null +++ b/requirements/test-common.in @@ -0,0 +1,18 @@ +blockbuster +coverage +freezegun +isal; python_version < "3.14" # no wheel for 3.14 +mypy; implementation_name == "cpython" +pkgconfig +proxy.py >= 2.4.4rc5 +pytest +pytest-cov +pytest-mock +pytest-xdist +pytest_codspeed +python-on-whales +re-assert +setuptools-git +trustme; platform_machine != "i686" # no 32-bit wheels +wait-for-it +zlib_ng diff --git a/requirements/test-common.txt b/requirements/test-common.txt new file mode 100644 index 00000000000..ed5b6a41d34 --- /dev/null +++ b/requirements/test-common.txt @@ -0,0 +1,117 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --allow-unsafe --output-file=requirements/test-common.txt --strip-extras requirements/test-common.in +# +annotated-types==0.7.0 + # via pydantic +blockbuster==1.5.25 + # via -r requirements/test-common.in +cffi==2.0.0 + # via + # cryptography + # pytest-codspeed +click==8.2.1 + # via wait-for-it +coverage==7.10.6 + # via + # -r requirements/test-common.in + # pytest-cov +cryptography==46.0.1 + # via trustme +exceptiongroup==1.3.0 + # via pytest +execnet==2.1.1 + # via pytest-xdist +forbiddenfruit==0.1.4 + # via blockbuster +freezegun==1.5.5 + # via -r requirements/test-common.in +idna==3.10 + # via trustme +iniconfig==2.1.0 + # via pytest +isal==1.8.0 ; python_version < "3.14" + # via -r requirements/test-common.in +markdown-it-py==4.0.0 + # via rich +mdurl==0.1.2 + # via markdown-it-py +mypy==1.18.1 ; implementation_name == "cpython" + # via -r requirements/test-common.in +mypy-extensions==1.1.0 + # via mypy +packaging==25.0 + # via pytest +pathspec==0.12.1 + # via mypy +pkgconfig==1.5.5 + # via -r requirements/test-common.in +pluggy==1.6.0 + # via + # pytest + # pytest-cov +proxy-py==2.4.10 + # via -r requirements/test-common.in +pycparser==2.23 + # via cffi +pydantic==2.12.0a1 + # via python-on-whales +pydantic-core==2.37.2 + # via pydantic +pygments==2.19.2 + # via + # pytest + # rich +pytest==8.4.2 + # via + # -r requirements/test-common.in + # pytest-codspeed + # pytest-cov + # pytest-mock + # pytest-xdist +pytest-codspeed==4.0.0 + # via -r requirements/test-common.in +pytest-cov==7.0.0 + # via -r requirements/test-common.in +pytest-mock==3.15.1 + # via -r requirements/test-common.in +pytest-xdist==3.8.0 + # via -r requirements/test-common.in +python-dateutil==2.9.0.post0 + # via freezegun +python-on-whales==0.78.0 + # via -r requirements/test-common.in +re-assert==1.1.0 + # via -r requirements/test-common.in +regex==2025.9.1 + # via re-assert +rich==14.1.0 + # via pytest-codspeed +setuptools-git==1.2 + # via -r requirements/test-common.in +six==1.17.0 + # via python-dateutil +tomli==2.2.1 + # via + # coverage + # mypy + # pytest +trustme==1.2.1 ; platform_machine != "i686" + # via -r requirements/test-common.in +typing-extensions==4.15.0 + # via + # cryptography + # exceptiongroup + # mypy + # pydantic + # pydantic-core + # python-on-whales + # typing-inspection +typing-inspection==0.4.1 + # via pydantic +wait-for-it==2.3.0 + # via -r requirements/test-common.in +zlib-ng==1.0.0 + # via -r requirements/test-common.in diff --git a/requirements/test-ft.in b/requirements/test-ft.in new file mode 100644 index 00000000000..b85406e5d7b --- /dev/null +++ b/requirements/test-ft.in @@ -0,0 +1,2 @@ +-r base-ft.in +-r test-common.in diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt new file mode 100644 index 00000000000..06407612b64 --- /dev/null +++ b/requirements/test-ft.txt @@ -0,0 +1,156 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --allow-unsafe --output-file=requirements/test-ft.txt --strip-extras requirements/test-ft.in +# +aiodns==3.5.0 + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +aiohappyeyeballs==2.6.1 + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +aiosignal==1.4.0 + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +annotated-types==0.7.0 + # via pydantic +async-timeout==5.0.1 ; python_version < "3.11" + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +attrs==25.3.0 + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +blockbuster==1.5.25 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +brotli==1.1.0 ; platform_python_implementation == "CPython" + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +cffi==2.0.0 + # via + # cryptography + # pycares + # pytest-codspeed +click==8.2.1 + # via wait-for-it +coverage==7.10.6 + # via + # -r /Users/bdraco/aiohttp/requirements/test-common.in + # pytest-cov +cryptography==46.0.1 + # via trustme +exceptiongroup==1.3.0 + # via pytest +execnet==2.1.1 + # via pytest-xdist +forbiddenfruit==0.1.4 + # via blockbuster +freezegun==1.5.5 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +frozenlist==1.7.0 + # via + # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # aiosignal +gunicorn==23.0.0 + # via -r /Users/bdraco/aiohttp/requirements/base-ft.in +idna==3.10 + # via + # trustme + # yarl +iniconfig==2.1.0 + # via pytest +isal==1.8.0 ; python_version < "3.14" + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +markdown-it-py==4.0.0 + # via rich +mdurl==0.1.2 + # via markdown-it-py +multidict==6.6.4 + # via + # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # yarl +mypy==1.18.1 ; implementation_name == "cpython" + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +mypy-extensions==1.1.0 + # via mypy +packaging==25.0 + # via + # gunicorn + # pytest +pathspec==0.12.1 + # via mypy +pkgconfig==1.5.5 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +pluggy==1.6.0 + # via + # pytest + # pytest-cov +propcache==0.3.2 + # via + # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # yarl +proxy-py==2.4.10 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +pycares==4.11.0 + # via aiodns +pycparser==2.23 + # via cffi +pydantic==2.12.0a1 + # via python-on-whales +pydantic-core==2.37.2 + # via pydantic +pygments==2.19.2 + # via + # pytest + # rich +pytest==8.4.2 + # via + # -r /Users/bdraco/aiohttp/requirements/test-common.in + # pytest-codspeed + # pytest-cov + # pytest-mock + # pytest-xdist +pytest-codspeed==4.0.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +pytest-cov==7.0.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +pytest-mock==3.15.1 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +pytest-xdist==3.8.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +python-dateutil==2.9.0.post0 + # via freezegun +python-on-whales==0.78.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +re-assert==1.1.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +regex==2025.9.1 + # via re-assert +rich==14.1.0 + # via pytest-codspeed +setuptools-git==1.2 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +six==1.17.0 + # via python-dateutil +tomli==2.2.1 + # via + # coverage + # mypy + # pytest +trustme==1.2.1 ; platform_machine != "i686" + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +typing-extensions==4.15.0 + # via + # aiosignal + # cryptography + # exceptiongroup + # multidict + # mypy + # pydantic + # pydantic-core + # python-on-whales + # typing-inspection +typing-inspection==0.4.1 + # via pydantic +wait-for-it==2.3.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +yarl==1.20.1 + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in +zlib-ng==1.0.0 + # via -r /Users/bdraco/aiohttp/requirements/test-common.in +zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in diff --git a/requirements/test.in b/requirements/test.in index 2a692f6e4f6..d37efd6b841 100644 --- a/requirements/test.in +++ b/requirements/test.in @@ -1,20 +1,2 @@ -r base.in - -blockbuster -coverage -freezegun -isal; python_version < "3.14" # no wheel for 3.14 -mypy; implementation_name == "cpython" -pkgconfig -proxy.py >= 2.4.4rc5 -pytest -pytest-cov -pytest-mock -pytest-xdist -pytest_codspeed -python-on-whales -re-assert -setuptools-git -trustme; platform_machine != "i686" # no 32-bit wheels -wait-for-it -zlib_ng +-r test-common.in diff --git a/requirements/test.txt b/requirements/test.txt index 1a23534aca2..d533b839a9a 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -5,21 +5,21 @@ # pip-compile --allow-unsafe --output-file=requirements/test.txt --strip-extras requirements/test.in # aiodns==3.5.0 - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in aiohappyeyeballs==2.6.1 - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in aiosignal==1.4.0 - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in annotated-types==0.7.0 # via pydantic async-timeout==5.0.1 ; python_version < "3.11" - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in attrs==25.3.0 - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in blockbuster==1.5.25 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in brotli==1.1.0 ; platform_python_implementation == "CPython" - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in cffi==2.0.0 # via # cryptography @@ -29,7 +29,7 @@ click==8.1.8 # via wait-for-it coverage==7.10.6 # via - # -r requirements/test.in + # -r /Users/bdraco/aiohttp/requirements/test-common.in # pytest-cov cryptography==46.0.1 # via trustme @@ -40,13 +40,13 @@ execnet==2.1.1 forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in frozenlist==1.7.0 # via - # -r requirements/runtime-deps.in + # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in # aiosignal gunicorn==23.0.0 - # via -r requirements/base.in + # via -r /Users/bdraco/aiohttp/requirements/base.in idna==3.4 # via # trustme @@ -54,17 +54,17 @@ idna==3.4 iniconfig==2.1.0 # via pytest isal==1.7.2 ; python_version < "3.14" - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py multidict==6.6.4 # via - # -r requirements/runtime-deps.in + # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in # yarl mypy==1.17.1 ; implementation_name == "cpython" - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in mypy-extensions==1.1.0 # via mypy packaging==25.0 @@ -74,24 +74,24 @@ packaging==25.0 pathspec==0.12.1 # via mypy pkgconfig==1.5.5 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in pluggy==1.6.0 # via # pytest # pytest-cov propcache==0.3.2 # via - # -r requirements/runtime-deps.in + # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in # yarl proxy-py==2.4.10 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in pycares==4.11.0 # via aiodns pycparser==2.23 # via cffi -pydantic==2.11.9 +pydantic==2.12.0a1 # via python-on-whales -pydantic-core==2.33.2 +pydantic-core==2.37.2 # via pydantic pygments==2.19.2 # via @@ -99,31 +99,31 @@ pygments==2.19.2 # rich pytest==8.4.2 # via - # -r requirements/test.in + # -r /Users/bdraco/aiohttp/requirements/test-common.in # pytest-codspeed # pytest-cov # pytest-mock # pytest-xdist pytest-codspeed==4.0.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in pytest-cov==7.0.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in pytest-mock==3.15.1 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in pytest-xdist==3.8.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.78.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in re-assert==1.1.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in regex==2025.9.1 # via re-assert rich==14.1.0 # via pytest-codspeed setuptools-git==1.2 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in six==1.17.0 # via python-dateutil tomli==2.2.1 @@ -132,7 +132,7 @@ tomli==2.2.1 # mypy # pytest trustme==1.2.1 ; platform_machine != "i686" - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in typing-extensions==4.15.0 # via # aiosignal @@ -147,12 +147,12 @@ typing-extensions==4.15.0 typing-inspection==0.4.1 # via pydantic uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" - # via -r requirements/base.in + # via -r /Users/bdraco/aiohttp/requirements/base.in wait-for-it==2.3.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in yarl==1.20.1 - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in zlib-ng==1.0.0 - # via -r requirements/test.in + # via -r /Users/bdraco/aiohttp/requirements/test-common.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" - # via -r requirements/runtime-deps.in + # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in From 04f5603bab3d7d0a4d5521bd585089c83def04b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:41:29 +0000 Subject: [PATCH 118/148] Bump regex from 2025.9.1 to 2025.9.18 (#11526) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2025.9.1 to 2025.9.18.
Changelog

Sourced from regex's changelog.

Version: 2025.9.20

Enable free-threading support in cibuildwheel in another
place.

Version: 2025.9.19

Enable free-threading support in cibuildwheel.

Version: 2025.9.18

Git issue 565: Support the free-threaded build of CPython
3.13

Version: 2025.9.1

Git PR 585: Fix AttributeError: 'AnyAll' object has no
attribute '_key'

Version: 2025.8.29

Git issue 584: AttributeError: 'AnyAll' object has no
attribute 'positive'

Version: 2025.7.34

Git issue 575: Issues with ASCII/Unicode modifiers

Version: 2025.7.33

Updated main.yml and pyproject.toml.

Version: 2025.7.32

Git issue 580: Regression in v2025.7.31: \P{L} no longer
matches in simple patterns

Version: 2025.7.31

Further updates to main.yml.

Version: 2025.7.30

Updated main.yml and pyproject.toml.

Version: 2025.7.29

Git issue 572: Inline ASCII modifier doesn't seem to affect
anything

Version: 2025.5.19

Changed how main.yml skips unwanted Arch builds.

Version: 2025.5.18

... (truncated)

Commits
  • db5c9c6 Git issue 565: Support the free-threaded build of CPython 3.13
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2025.9.1&new-version=2025.9.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 38 ++++++++++----------- requirements/dev.txt | 38 ++++++++++----------- requirements/test-common.txt | 2 +- requirements/test-ft.txt | 62 +++++++++++++++++----------------- requirements/test.txt | 64 ++++++++++++++++++------------------ 5 files changed, 102 insertions(+), 102 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ba4ac816dc3..9134a6f19f9 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -29,7 +29,7 @@ babel==2.17.0 blockbuster==1.5.25 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.3.0 @@ -56,7 +56,7 @@ click==8.1.8 # wait-for-it coverage==7.10.6 # via - # -r requirements/test.in + # -r requirements/test-common.in # pytest-cov cryptography==46.0.1 # via @@ -79,7 +79,7 @@ forbiddenfruit==0.1.4 freezegun==1.5.5 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in frozenlist==1.7.0 # via # -r requirements/runtime-deps.in @@ -102,7 +102,7 @@ iniconfig==2.1.0 isal==1.7.2 ; python_version < "3.14" # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in jinja2==3.1.6 # via # sphinx @@ -121,7 +121,7 @@ multidict==6.6.4 mypy==1.17.1 ; implementation_name == "cpython" # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy nodeenv==1.9.1 @@ -137,7 +137,7 @@ pathspec==0.12.1 pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 - # via -r requirements/test.in + # via -r requirements/test-common.in platformdirs==4.3.8 # via virtualenv pluggy==1.6.0 @@ -151,7 +151,7 @@ propcache==0.3.2 # -r requirements/runtime-deps.in # yarl proxy-py==2.4.10 - # via -r requirements/test.in + # via -r requirements/test-common.in pycares==4.11.0 # via aiodns pycparser==2.23 @@ -178,7 +178,7 @@ pyproject-hooks==1.2.0 pytest==8.4.2 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in # pytest-codspeed # pytest-cov # pytest-mock @@ -186,26 +186,26 @@ pytest==8.4.2 pytest-codspeed==4.0.0 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in pytest-cov==7.0.0 - # via -r requirements/test.in + # via -r requirements/test-common.in pytest-mock==3.15.1 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in pytest-xdist==3.8.0 - # via -r requirements/test.in + # via -r requirements/test-common.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.78.0 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 - # via -r requirements/test.in -regex==2025.9.1 + # via -r requirements/test-common.in +regex==2025.9.18 # via re-assert requests==2.32.5 # via @@ -215,7 +215,7 @@ requests==2.32.5 rich==14.1.0 # via pytest-codspeed setuptools-git==1.2 - # via -r requirements/test.in + # via -r requirements/test-common.in six==1.17.0 # via python-dateutil slotscheck==0.19.1 @@ -265,7 +265,7 @@ towncrier==25.8.0 trustme==1.2.1 ; platform_machine != "i686" # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in typing-extensions==4.15.0 # via # aiosignal @@ -293,7 +293,7 @@ valkey==6.1.1 virtualenv==20.34.0 # via pre-commit wait-for-it==2.3.0 - # via -r requirements/test.in + # via -r requirements/test-common.in wheel==0.45.1 # via pip-tools yarl==1.20.1 @@ -301,7 +301,7 @@ yarl==1.20.1 zlib-ng==1.0.0 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in zstandard==0.25.0 ; implementation_name == "cpython" # via # -r requirements/lint.in diff --git a/requirements/dev.txt b/requirements/dev.txt index eaac736b9bd..708cdce65f4 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -29,7 +29,7 @@ babel==2.17.0 blockbuster==1.5.25 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.3.0 @@ -56,7 +56,7 @@ click==8.1.8 # wait-for-it coverage==7.10.6 # via - # -r requirements/test.in + # -r requirements/test-common.in # pytest-cov cryptography==46.0.1 # via @@ -77,7 +77,7 @@ forbiddenfruit==0.1.4 freezegun==1.5.5 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in frozenlist==1.7.0 # via # -r requirements/runtime-deps.in @@ -100,7 +100,7 @@ iniconfig==2.1.0 isal==1.7.2 ; python_version < "3.14" # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in jinja2==3.1.6 # via # sphinx @@ -118,7 +118,7 @@ multidict==6.6.4 mypy==1.17.1 ; implementation_name == "cpython" # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy nodeenv==1.9.1 @@ -134,7 +134,7 @@ pathspec==0.12.1 pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 - # via -r requirements/test.in + # via -r requirements/test-common.in platformdirs==4.3.8 # via virtualenv pluggy==1.6.0 @@ -148,7 +148,7 @@ propcache==0.3.2 # -r requirements/runtime-deps.in # yarl proxy-py==2.4.10 - # via -r requirements/test.in + # via -r requirements/test-common.in pycares==4.11.0 # via aiodns pycparser==2.23 @@ -173,7 +173,7 @@ pyproject-hooks==1.2.0 pytest==8.4.2 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in # pytest-codspeed # pytest-cov # pytest-mock @@ -181,26 +181,26 @@ pytest==8.4.2 pytest-codspeed==4.0.0 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in pytest-cov==7.0.0 - # via -r requirements/test.in + # via -r requirements/test-common.in pytest-mock==3.15.1 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in pytest-xdist==3.8.0 - # via -r requirements/test.in + # via -r requirements/test-common.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.78.0 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in pyyaml==6.0.2 # via pre-commit re-assert==1.1.0 - # via -r requirements/test.in -regex==2025.9.1 + # via -r requirements/test-common.in +regex==2025.9.18 # via re-assert requests==2.32.5 # via @@ -209,7 +209,7 @@ requests==2.32.5 rich==14.1.0 # via pytest-codspeed setuptools-git==1.2 - # via -r requirements/test.in + # via -r requirements/test-common.in six==1.17.0 # via python-dateutil slotscheck==0.19.1 @@ -256,7 +256,7 @@ towncrier==25.8.0 trustme==1.2.1 ; platform_machine != "i686" # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in typing-extensions==4.15.0 # via # aiosignal @@ -284,7 +284,7 @@ valkey==6.1.1 virtualenv==20.34.0 # via pre-commit wait-for-it==2.3.0 - # via -r requirements/test.in + # via -r requirements/test-common.in wheel==0.45.1 # via pip-tools yarl==1.20.1 @@ -292,7 +292,7 @@ yarl==1.20.1 zlib-ng==1.0.0 # via # -r requirements/lint.in - # -r requirements/test.in + # -r requirements/test-common.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via # -r requirements/lint.in diff --git a/requirements/test-common.txt b/requirements/test-common.txt index ed5b6a41d34..0d67f48e3ee 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -85,7 +85,7 @@ python-on-whales==0.78.0 # via -r requirements/test-common.in re-assert==1.1.0 # via -r requirements/test-common.in -regex==2025.9.1 +regex==2025.9.18 # via re-assert rich==14.1.0 # via pytest-codspeed diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 06407612b64..57f448ec883 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -5,21 +5,21 @@ # pip-compile --allow-unsafe --output-file=requirements/test-ft.txt --strip-extras requirements/test-ft.in # aiodns==3.5.0 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in aiohappyeyeballs==2.6.1 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in aiosignal==1.4.0 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in annotated-types==0.7.0 # via pydantic async-timeout==5.0.1 ; python_version < "3.11" - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in attrs==25.3.0 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in blockbuster==1.5.25 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in brotli==1.1.0 ; platform_python_implementation == "CPython" - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in cffi==2.0.0 # via # cryptography @@ -29,7 +29,7 @@ click==8.2.1 # via wait-for-it coverage==7.10.6 # via - # -r /Users/bdraco/aiohttp/requirements/test-common.in + # -r requirements/test-common.in # pytest-cov cryptography==46.0.1 # via trustme @@ -40,13 +40,13 @@ execnet==2.1.1 forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in frozenlist==1.7.0 # via - # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # -r requirements/runtime-deps.in # aiosignal gunicorn==23.0.0 - # via -r /Users/bdraco/aiohttp/requirements/base-ft.in + # via -r requirements/base-ft.in idna==3.10 # via # trustme @@ -54,17 +54,17 @@ idna==3.10 iniconfig==2.1.0 # via pytest isal==1.8.0 ; python_version < "3.14" - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in markdown-it-py==4.0.0 # via rich mdurl==0.1.2 # via markdown-it-py multidict==6.6.4 # via - # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # -r requirements/runtime-deps.in # yarl mypy==1.18.1 ; implementation_name == "cpython" - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy packaging==25.0 @@ -74,17 +74,17 @@ packaging==25.0 pathspec==0.12.1 # via mypy pkgconfig==1.5.5 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pluggy==1.6.0 # via # pytest # pytest-cov propcache==0.3.2 # via - # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # -r requirements/runtime-deps.in # yarl proxy-py==2.4.10 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pycares==4.11.0 # via aiodns pycparser==2.23 @@ -99,31 +99,31 @@ pygments==2.19.2 # rich pytest==8.4.2 # via - # -r /Users/bdraco/aiohttp/requirements/test-common.in + # -r requirements/test-common.in # pytest-codspeed # pytest-cov # pytest-mock # pytest-xdist pytest-codspeed==4.0.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pytest-cov==7.0.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pytest-mock==3.15.1 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pytest-xdist==3.8.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.78.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in re-assert==1.1.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in -regex==2025.9.1 + # via -r requirements/test-common.in +regex==2025.9.18 # via re-assert rich==14.1.0 # via pytest-codspeed setuptools-git==1.2 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in six==1.17.0 # via python-dateutil tomli==2.2.1 @@ -132,7 +132,7 @@ tomli==2.2.1 # mypy # pytest trustme==1.2.1 ; platform_machine != "i686" - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in typing-extensions==4.15.0 # via # aiosignal @@ -147,10 +147,10 @@ typing-extensions==4.15.0 typing-inspection==0.4.1 # via pydantic wait-for-it==2.3.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in yarl==1.20.1 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in zlib-ng==1.0.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index d533b839a9a..b695a895341 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -5,21 +5,21 @@ # pip-compile --allow-unsafe --output-file=requirements/test.txt --strip-extras requirements/test.in # aiodns==3.5.0 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in aiohappyeyeballs==2.6.1 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in aiosignal==1.4.0 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in annotated-types==0.7.0 # via pydantic async-timeout==5.0.1 ; python_version < "3.11" - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in attrs==25.3.0 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in blockbuster==1.5.25 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in brotli==1.1.0 ; platform_python_implementation == "CPython" - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in cffi==2.0.0 # via # cryptography @@ -29,7 +29,7 @@ click==8.1.8 # via wait-for-it coverage==7.10.6 # via - # -r /Users/bdraco/aiohttp/requirements/test-common.in + # -r requirements/test-common.in # pytest-cov cryptography==46.0.1 # via trustme @@ -40,13 +40,13 @@ execnet==2.1.1 forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in frozenlist==1.7.0 # via - # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # -r requirements/runtime-deps.in # aiosignal gunicorn==23.0.0 - # via -r /Users/bdraco/aiohttp/requirements/base.in + # via -r requirements/base.in idna==3.4 # via # trustme @@ -54,17 +54,17 @@ idna==3.4 iniconfig==2.1.0 # via pytest isal==1.7.2 ; python_version < "3.14" - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py multidict==6.6.4 # via - # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # -r requirements/runtime-deps.in # yarl mypy==1.17.1 ; implementation_name == "cpython" - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy packaging==25.0 @@ -74,17 +74,17 @@ packaging==25.0 pathspec==0.12.1 # via mypy pkgconfig==1.5.5 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pluggy==1.6.0 # via # pytest # pytest-cov propcache==0.3.2 # via - # -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # -r requirements/runtime-deps.in # yarl proxy-py==2.4.10 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pycares==4.11.0 # via aiodns pycparser==2.23 @@ -99,31 +99,31 @@ pygments==2.19.2 # rich pytest==8.4.2 # via - # -r /Users/bdraco/aiohttp/requirements/test-common.in + # -r requirements/test-common.in # pytest-codspeed # pytest-cov # pytest-mock # pytest-xdist pytest-codspeed==4.0.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pytest-cov==7.0.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pytest-mock==3.15.1 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in pytest-xdist==3.8.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.78.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in re-assert==1.1.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in -regex==2025.9.1 + # via -r requirements/test-common.in +regex==2025.9.18 # via re-assert rich==14.1.0 # via pytest-codspeed setuptools-git==1.2 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in six==1.17.0 # via python-dateutil tomli==2.2.1 @@ -132,7 +132,7 @@ tomli==2.2.1 # mypy # pytest trustme==1.2.1 ; platform_machine != "i686" - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in typing-extensions==4.15.0 # via # aiosignal @@ -147,12 +147,12 @@ typing-extensions==4.15.0 typing-inspection==0.4.1 # via pydantic uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" - # via -r /Users/bdraco/aiohttp/requirements/base.in + # via -r requirements/base.in wait-for-it==2.3.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in yarl==1.20.1 - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in zlib-ng==1.0.0 - # via -r /Users/bdraco/aiohttp/requirements/test-common.in + # via -r requirements/test-common.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" - # via -r /Users/bdraco/aiohttp/requirements/runtime-deps.in + # via -r requirements/runtime-deps.in From e29bc36953a8b41cc3d55c84ffcbedf199bd7ebc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:54:47 +0000 Subject: [PATCH 119/148] Bump platformdirs from 4.3.8 to 4.4.0 (#11453) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [platformdirs](https://github.com/tox-dev/platformdirs) from 4.3.8 to 4.4.0.
Release notes

Sourced from platformdirs's releases.

4.4.0

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/platformdirs/compare/4.3.8...4.4.0

Commits
  • c945a28 feat: improve homebrew path detection (#370)
  • 9f616e9 [pre-commit.ci] pre-commit autoupdate (#372)
  • 5720f26 [pre-commit.ci] pre-commit autoupdate (#367)
  • 848924d [pre-commit.ci] pre-commit autoupdate (#365)
  • df2e678 Bump actions/checkout from 4 to 5 in the all group (#366)
  • 009a3f8 Bump actions/download-artifact from 4 to 5 in the all group (#364)
  • 3d194ee [pre-commit.ci] pre-commit autoupdate (#363)
  • 6046533 [pre-commit.ci] pre-commit autoupdate (#362)
  • 88389ce [pre-commit.ci] pre-commit autoupdate (#361)
  • 82763ff [pre-commit.ci] pre-commit autoupdate (#360)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=platformdirs&package-manager=pip&previous-version=4.3.8&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 9134a6f19f9..e801d0d84bd 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -138,7 +138,7 @@ pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test-common.in -platformdirs==4.3.8 +platformdirs==4.4.0 # via virtualenv pluggy==1.6.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 708cdce65f4..92e2ee95e8d 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -135,7 +135,7 @@ pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test-common.in -platformdirs==4.3.8 +platformdirs==4.4.0 # via virtualenv pluggy==1.6.0 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 0ef7c141645..785eb7f37f9 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -55,7 +55,7 @@ packaging==25.0 # via pytest pathspec==0.12.1 # via mypy -platformdirs==4.3.8 +platformdirs==4.4.0 # via virtualenv pluggy==1.6.0 # via pytest From b348b0b997e6025776478e87279ccd581953007b Mon Sep 17 00:00:00 2001 From: Cycloctane Date: Sun, 21 Sep 2025 23:39:23 +0800 Subject: [PATCH 120/148] [PR #11529/9a2f146 backport][3.13] Ignore partitioned attributes in cookies if it is not supported by http.cookie (#11530) cherry-picked from commit 9a2f146a12e3525b43e96723ef41584bf9cf784e --- CHANGES/11523.bugfix.rst | 2 ++ aiohttp/_cookie_helpers.py | 8 ++------ tests/test_cookie_helpers.py | 33 +++++++++++++++++++++++++++++++++ tests/test_cookiejar.py | 13 +++++++++++++ 4 files changed, 50 insertions(+), 6 deletions(-) create mode 100644 CHANGES/11523.bugfix.rst diff --git a/CHANGES/11523.bugfix.rst b/CHANGES/11523.bugfix.rst new file mode 100644 index 00000000000..7b70bcf6e76 --- /dev/null +++ b/CHANGES/11523.bugfix.rst @@ -0,0 +1,2 @@ +Fix saved ``CookieJar`` fail to be loaded if cookies have ``partitioned`` flag when +``http.cookie`` does not have partitioned cookies supports. -- by :user:`Cycloctane`. diff --git a/aiohttp/_cookie_helpers.py b/aiohttp/_cookie_helpers.py index 4e9fc968814..9e80b6065d7 100644 --- a/aiohttp/_cookie_helpers.py +++ b/aiohttp/_cookie_helpers.py @@ -6,7 +6,6 @@ """ import re -import sys from http.cookies import Morsel from typing import List, Optional, Sequence, Tuple, cast @@ -270,11 +269,8 @@ def parse_set_cookie_headers(headers: Sequence[str]) -> List[Tuple[str, Morsel[s break if lower_key in _COOKIE_BOOL_ATTRS: # Boolean attribute with any value should be True - if current_morsel is not None: - if lower_key == "partitioned" and sys.version_info < (3, 14): - dict.__setitem__(current_morsel, lower_key, True) - else: - current_morsel[lower_key] = True + if current_morsel is not None and current_morsel.isReservedKey(key): + current_morsel[lower_key] = True elif value is None: # Invalid cookie string - non-boolean attribute without value break diff --git a/tests/test_cookie_helpers.py b/tests/test_cookie_helpers.py index 6deef6544c2..0ec393e2b79 100644 --- a/tests/test_cookie_helpers.py +++ b/tests/test_cookie_helpers.py @@ -1,5 +1,6 @@ """Tests for internal cookie helper functions.""" +import sys from http.cookies import ( CookieError, Morsel, @@ -427,6 +428,10 @@ def test_parse_set_cookie_headers_boolean_attrs() -> None: assert morsel.get("httponly") is True, f"{name} should have httponly=True" +@pytest.mark.skipif( + sys.version_info < (3, 14), + reason="Partitioned cookies support requires Python 3.14+", +) def test_parse_set_cookie_headers_boolean_attrs_with_partitioned() -> None: """Test that boolean attributes including partitioned work correctly.""" # Test secure attribute variations @@ -482,6 +487,10 @@ def test_parse_set_cookie_headers_encoded_values() -> None: assert result[2][1].value == "%21%40%23%24%25%5E%26*%28%29" +@pytest.mark.skipif( + sys.version_info < (3, 14), + reason="Partitioned cookies support requires Python 3.14+", +) def test_parse_set_cookie_headers_partitioned() -> None: """ Test that parse_set_cookie_headers handles partitioned attribute correctly. @@ -518,6 +527,10 @@ def test_parse_set_cookie_headers_partitioned() -> None: assert result[4][1].get("path") == "/" +@pytest.mark.skipif( + sys.version_info < (3, 14), + reason="Partitioned cookies support requires Python 3.14+", +) def test_parse_set_cookie_headers_partitioned_case_insensitive() -> None: """Test that partitioned attribute is recognized case-insensitively.""" headers = [ @@ -555,6 +568,26 @@ def test_parse_set_cookie_headers_partitioned_not_set() -> None: # Tests that don't require partitioned support in SimpleCookie +@pytest.mark.skipif( + sys.version_info >= (3, 14), + reason="Python 3.14+ has built-in partitioned cookie support", +) +def test_parse_set_cookie_headers_partitioned_not_set_if_no_support() -> None: + headers = [ + "cookie1=value1; Partitioned", + "cookie2=value2; Partitioned=", + "cookie3=value3; Partitioned=true", + ] + + result = parse_set_cookie_headers(headers) + + assert len(result) == 3 + for i, (_, morsel) in enumerate(result): + assert ( + morsel.get("partitioned") is None + ), f"Cookie {i+1} should not have partitioned flag" + + def test_parse_set_cookie_headers_partitioned_with_other_attrs_manual() -> None: """ Test parsing logic for partitioned cookies combined with all other attributes. diff --git a/tests/test_cookiejar.py b/tests/test_cookiejar.py index 15557085b4e..11bf9bd5b4e 100644 --- a/tests/test_cookiejar.py +++ b/tests/test_cookiejar.py @@ -199,6 +199,19 @@ def test_save_load(tmp_path, loop, cookies_to_send, cookies_to_receive) -> None: assert jar_test == cookies_to_receive +def test_save_load_partitioned_cookies(tmp_path, loop) -> None: + file_path = pathlib.Path(str(tmp_path)) / "aiohttp.test2.cookie" + # export cookie jar + jar_save = CookieJar(loop=loop) + jar_save.update_cookies_from_headers( + ["session=cookie; Partitioned"], URL("https://example.com/") + ) + jar_save.save(file_path=file_path) + jar_load = CookieJar(loop=loop) + jar_load.load(file_path=file_path) + assert jar_save._cookies == jar_load._cookies + + async def test_update_cookie_with_unicode_domain(loop) -> None: cookies = ( "idna-domain-first=first; Domain=xn--9caa.com; Path=/;", From 74668cee4fd9bc0aebd0fa9ff9d788c631fa2943 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 11:12:43 +0000 Subject: [PATCH 121/148] Bump coverage from 7.10.6 to 7.10.7 (#11532) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.6 to 7.10.7.
Changelog

Sourced from coverage's changelog.

Version 7.10.7 — 2025-09-21

  • Performance: with branch coverage in large files, generating HTML, JSON, or LCOV reports could take far too long due to some quadratic behavior when creating the function and class index pages. This is now fixed, closing issue 2048_. Thanks to Daniel Diniz for help diagnosing the problem.

  • Most warnings and a few errors now have links to a page in the docs explaining the specific message. Closes issue 1921_.

.. _issue 1921: nedbat/coveragepy#1921 .. _issue 2048: nedbat/coveragepy#2048

.. _changes_7-10-6:

Commits
  • 92a2af5 docs: sample HTML for 7.10.7
  • 952afda docs: prep for 7.10.7
  • a301761 build: riscv64 wheels (#2055)
  • 5daff8d docs: now source is formatted with ruff
  • 04bbc3a docs: discuss cog in the contributing docs
  • c181b93 build: use cog --check-fail-msg to instruct devs
  • 33c4ba1 chore: make upgrade
  • 0744b73 chore: bump the action-dependencies group across 1 directory with 2 updates (...
  • 0d5a112 perf: bulk narrowing to avoid N**2. #2048
  • a868ed9 docs: mention Python Discord on the index page
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.6&new-version=7.10.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test-common.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index e801d0d84bd..c9d32b1650b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.6 +coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 92e2ee95e8d..a362d8434f2 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -54,7 +54,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.6 +coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov diff --git a/requirements/test-common.txt b/requirements/test-common.txt index 0d67f48e3ee..4f4c277256f 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -14,7 +14,7 @@ cffi==2.0.0 # pytest-codspeed click==8.2.1 # via wait-for-it -coverage==7.10.6 +coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 57f448ec883..2efcc9f8d58 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -27,7 +27,7 @@ cffi==2.0.0 # pytest-codspeed click==8.2.1 # via wait-for-it -coverage==7.10.6 +coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index b695a895341..d3dd2278aac 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -27,7 +27,7 @@ cffi==2.0.0 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.6 +coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov From 59635de1f3af5f134fec699da0b6300554e1e0d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Sep 2025 10:32:02 +0000 Subject: [PATCH 122/148] Bump pypa/cibuildwheel from 3.1.4 to 3.2.0 (#11536) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 3.1.4 to 3.2.0.
Release notes

Sourced from pypa/cibuildwheel's releases.

v3.2.0

  • ✨ Adds GraalPy v25 (Python 3.12) support (#2597)
  • 🛠 Update to CPython 3.14.0rc3 (#2602)
  • 🛠 Adds CPython 3.14.0 prerelease support for Android, and a number of improvements to Android builds (#2568, #2591)
  • 🛠 Improvements to testing on Android, passing environment markers when installing the venv, and providing more debug output when build-verbosity is set (#2575)
  • ⚠️ PyPy 3.10 was moved to pypy-eol in the enable option, as it is now end-of-life. (#2521)
  • 📚 Docs improvements (#2574, #2601, #2598)
Changelog

Sourced from pypa/cibuildwheel's changelog.

v3.2.0

22 September 2025

  • ✨ Adds GraalPy v25 (Python 3.12) support (#2597)
  • 🛠 Update to CPython 3.14.0rc3 (#2602)
  • 🛠 Adds CPython 3.14.0 prerelease support for Android, and a number of improvements to Android builds (#2568, #2591)
  • 🛠 Improvements to testing on Android, passing environment markers when installing the venv, and providing more debug output when build-verbosity is set (#2575)
  • ⚠️ PyPy 3.10 was moved to pypy-eol in the enable option, as it is now end-of-life. (#2521)
  • 📚 Docs improvements (#2574, #2601, #2598)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=3.1.4&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index c32e60a9bbf..11a0ff12c2d 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -428,7 +428,7 @@ jobs: run: | make cythonize - name: Build wheels - uses: pypa/cibuildwheel@v3.1.4 + uses: pypa/cibuildwheel@v3.2.0 env: CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }} CIBW_ARCHS_MACOS: x86_64 arm64 universal2 From 655ed225dd102fc0a00b30c17cb66b0fc5967a50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:31:09 +0000 Subject: [PATCH 123/148] Bump actions/cache from 4.2.4 to 4.3.0 (#11541) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/cache](https://github.com/actions/cache) from 4.2.4 to 4.3.0.
Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v4...v4.3.0

Changelog

Sourced from actions/cache's changelog.

4.3.0

  • Bump @actions/cache to v4.1.0
Commits
  • 0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
  • 4f5ea67 Update licensed cache
  • 9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
  • 638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
  • 3862dcc Add note on runner versions
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.4&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 11a0ff12c2d..959e481e995 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -47,7 +47,7 @@ jobs: with: python-version: 3.11 - name: Cache PyPI - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 with: key: pip-lint-${{ hashFiles('requirements/*.txt') }} path: ~/.cache/pip @@ -96,7 +96,7 @@ jobs: with: submodules: true - name: Cache llhttp generated files - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 id: cache with: key: llhttp-${{ hashFiles('vendor/llhttp/package*.json', 'vendor/llhttp/src/**/*') }} @@ -163,7 +163,7 @@ jobs: echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}" shell: bash - name: Cache PyPI - uses: actions/cache@v4.2.4 + uses: actions/cache@v4.3.0 with: key: pip-ci-${{ runner.os }}-${{ matrix.pyver }}-${{ matrix.no-extensions }}-${{ hashFiles('requirements/*.txt') }} path: ${{ steps.pip-cache.outputs.dir }} From c830788c6287be81890c0246ec82554b4a918619 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Sep 2025 10:47:29 +0000 Subject: [PATCH 124/148] Bump pyyaml from 6.0.2 to 6.0.3 (#11543) Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0.2 to 6.0.3.
Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyyaml&package-manager=pip&previous-version=6.0.2&new-version=6.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c9d32b1650b..d8b02a8a3dd 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -201,7 +201,7 @@ python-on-whales==0.78.0 # via # -r requirements/lint.in # -r requirements/test-common.in -pyyaml==6.0.2 +pyyaml==6.0.3 # via pre-commit re-assert==1.1.0 # via -r requirements/test-common.in diff --git a/requirements/dev.txt b/requirements/dev.txt index a362d8434f2..3d94639e3e9 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -196,7 +196,7 @@ python-on-whales==0.78.0 # via # -r requirements/lint.in # -r requirements/test-common.in -pyyaml==6.0.2 +pyyaml==6.0.3 # via pre-commit re-assert==1.1.0 # via -r requirements/test-common.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 785eb7f37f9..78da6eb5356 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -86,7 +86,7 @@ python-dateutil==2.9.0.post0 # via freezegun python-on-whales==0.78.0 # via -r requirements/lint.in -pyyaml==6.0.2 +pyyaml==6.0.3 # via pre-commit rich==14.1.0 # via pytest-codspeed From 3ca4e1789952e45f86fb7f411d4a2badb67503b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 14:37:11 +0000 Subject: [PATCH 125/148] Bump markupsafe from 3.0.2 to 3.0.3 (#11545) Bumps [markupsafe](https://github.com/pallets/markupsafe) from 3.0.2 to 3.0.3.
Release notes

Sourced from markupsafe's releases.

3.0.3

This is the MarkupSafe 3.0.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/MarkupSafe/3.0.3/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-3 Milestone: https://github.com/pallets/markupsafe/milestone/15?closed=1

  • __version__ raises DeprecationWarning instead of UserWarning. #487
  • Adopt multi-phase initialization PEP 489 for the C extension. #494
  • Build Windows ARM64 wheels. #485
  • Build Python 3.14 wheels. #503
  • Build riscv64 wheels. #505
Changelog

Sourced from markupsafe's changelog.

Version 3.0.3

Released 2025-09-27

  • __version__ raises DeprecationWarning instead of UserWarning. :issue:487
  • Adopt multi-phase initialisation (:pep:489) for the C extension. :issue:494
  • Build Windows ARM64 wheels. :issue:485
  • Build Python 3.14 wheels. :issue:503
  • Build riscv64 wheels. :issue:505
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=markupsafe&package-manager=pip&previous-version=3.0.2&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d8b02a8a3dd..90dae9f4d9b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -109,7 +109,7 @@ jinja2==3.1.6 # towncrier markdown-it-py==3.0.0 # via rich -markupsafe==3.0.2 +markupsafe==3.0.3 # via jinja2 mdurl==0.1.2 # via markdown-it-py diff --git a/requirements/dev.txt b/requirements/dev.txt index 3d94639e3e9..4aca443026a 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -107,7 +107,7 @@ jinja2==3.1.6 # towncrier markdown-it-py==3.0.0 # via rich -markupsafe==3.0.2 +markupsafe==3.0.3 # via jinja2 mdurl==0.1.2 # via markdown-it-py diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 9fca6b28f88..4bdb156e3a7 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -26,7 +26,7 @@ jinja2==3.1.6 # via # sphinx # towncrier -markupsafe==3.0.2 +markupsafe==3.0.3 # via jinja2 packaging==25.0 # via sphinx diff --git a/requirements/doc.txt b/requirements/doc.txt index e506eddedb0..ec7004e6054 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -26,7 +26,7 @@ jinja2==3.1.6 # via # sphinx # towncrier -markupsafe==3.0.2 +markupsafe==3.0.3 # via jinja2 packaging==25.0 # via sphinx From e22eab60c99c0924fe82bbc8e92a72f163ee7a90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 10:41:44 +0000 Subject: [PATCH 126/148] Bump pip-tools from 7.5.0 to 7.5.1 (#11552) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 7.5.0 to 7.5.1.
Release notes

Sourced from pip-tools's releases.

v7.5.1

2025-09-26

Bug fixes

  • Fixed static parsing of pyproject.toml data when the pyproject.toml is supplied as a relative path -- by @​sirosen.

    PRs and issues: #2215, #2221, #2233

  • The "via" paths in pip-compile output for requirements discovered from pyproject.toml data are now written in POSIX format -- by @​sirosen.

    PRs and issues: #2221

  • Fixed a bug which removed slashes from URLs in -r and -c in the output of pip-compile -- by @​sirosen.

    PRs and issues: #2223

  • Fixed an incompatibility with click >= 8.3 which made pip-compile display incorrect options in the compile command in output headers -- by @​sirosen.

    PRs and issues: #2235

Features

  • pip-tools now officially supports pip version 25.2 -- by @​sirosen.

    PRs and issues: #2214

Improved documentation

  • ReadTheDocs builds for pip-tools no longer include htmlzip and pdf outputs -- by @​sirosen.

    PRs and issues: #2218

Contributor-facing changes

  • pip-tools now tests on pip version 25.2 -- by @​sirosen.

    PRs and issues: #2214

  • The changelog documentation for contributors now provides hyperlinks to the source of each example change note -- by @​jayaddison (for OpenCulinary).

    PRs and issues: #2217

  • The CPython versions tested in nightly CI runs are now separate from branch and PR CI, and don't include very old versions -- by @​sirosen.

    PRs and issues: #2226

Changelog

Sourced from pip-tools's changelog.

v7.5.1

2025-09-26

Bug fixes

  • Fixed static parsing of {file}pyproject.toml data when the {file}pyproject.toml is supplied as a relative path -- by {user}sirosen.

    PRs and issues: {issue}2215, {issue}2221, {issue}2233

  • The "via" paths in pip-compile output for requirements discovered from pyproject.toml data are now written in POSIX format -- by {user}sirosen.

    PRs and issues: {issue}2221

  • Fixed a bug which removed slashes from URLs in -r and -c in the output of pip-compile -- by {user}sirosen.

    PRs and issues: {issue}2223

  • Fixed an incompatibility with click >= 8.3 which made pip-compile display incorrect options in the compile command in output headers -- by {user}sirosen.

    PRs and issues: {issue}2235

Features

  • pip-tools now officially supports pip version 25.2 -- by {user}sirosen.

    PRs and issues: {issue}2214

Improved documentation

  • ReadTheDocs builds for pip-tools no longer include htmlzip and pdf outputs -- by {user}sirosen.

    PRs and issues: {issue}2218

Contributor-facing changes

  • pip-tools now tests on pip version 25.2 -- by {user}sirosen.

    PRs and issues: {issue}2214

  • The changelog documentation for contributors now provides hyperlinks to the source of each example change note -- by {user}jayaddison (for OpenCulinary).

    PRs and issues: {issue}2217

  • The CPython versions tested in nightly CI runs are now separate from branch and PR CI, and don't include very old versions -- by {user}sirosen.

... (truncated)

Commits
  • 1c2692b Merge pull request #2245 from sirosen/release-7.5.1
  • 6a863fd Various small fixes to the changelog
  • e8adc41 Update changelog for version 7.5.1
  • 9b4de7d Merge pull request #2242 from sirosen/bump-nightly-ci-job-to-310
  • cd233dd Separately control CPython versions in nightly CI
  • 78020b4 Merge pull request #2243 from openculinary/pr-2217-followup/add-changelog-entry
  • 2be5b1f Add changelog entry for #2217
  • 16c793b Merge pull request #2221 from sirosen/fix-relpath-static-pyproject-parse
  • 76bdc77 Merge pull request #2217 from openculinary/pr-2203-followup/reify-changenote-...
  • a5cf40c Link second resolved issue in changelog
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip-tools&package-manager=pip&previous-version=7.5.0&new-version=7.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 90dae9f4d9b..9b6aa1dbb3a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -134,7 +134,7 @@ packaging==25.0 # sphinx pathspec==0.12.1 # via mypy -pip-tools==7.5.0 +pip-tools==7.5.1 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test-common.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 4aca443026a..44473b52565 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -131,7 +131,7 @@ packaging==25.0 # sphinx pathspec==0.12.1 # via mypy -pip-tools==7.5.0 +pip-tools==7.5.1 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test-common.in From d8f0d03c7c15eb4c733e92ba78846f4c63bc9239 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 10:37:12 +0000 Subject: [PATCH 127/148] Bump identify from 2.6.14 to 2.6.15 (#11555) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.14 to 2.6.15.
Commits
  • 31f8d82 v2.6.15
  • 05b2674 Merge pull request #541 from wjt/piskel
  • d34fd8a Add .piskel extension
  • 729b41e Merge pull request #542 from Freso/pkgbuild-shell
  • 49356f3 fix: make PKGBUILD files a superset of .bash
  • 01a201f Merge pull request #540 from pre-commit/pre-commit-ci-update-config
  • 2aa9828 [pre-commit.ci] pre-commit autoupdate
  • 672764d Merge pull request #538 from pre-commit/pre-commit-ci-update-config
  • faf2281 [pre-commit.ci] pre-commit autoupdate
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.14&new-version=2.6.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 9b6aa1dbb3a..8949c6d936a 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -88,7 +88,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.14 +identify==2.6.15 # via pre-commit idna==3.3 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 44473b52565..f288c1428df 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -86,7 +86,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.14 +identify==2.6.15 # via pre-commit idna==3.4 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 78da6eb5356..7552660daba 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -33,7 +33,7 @@ forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 # via -r requirements/lint.in -identify==2.6.14 +identify==2.6.15 # via pre-commit idna==3.7 # via trustme From 7c9f70c0ae748058cddb64841bf6c17f27257d8f Mon Sep 17 00:00:00 2001 From: Cycloctane Date: Sun, 5 Oct 2025 01:49:26 +0800 Subject: [PATCH 128/148] [PR #11546/92dee75 backport][3.13] Refactor websocket frame compression tests in test_websocket_writer (#11556) (cherry picked from commit 92dee75c51badcceab2b6dc85ed36e028c08cd46) --- CHANGES/11546.contrib.rst | 2 ++ tests/test_websocket_writer.py | 33 +++++++++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 CHANGES/11546.contrib.rst diff --git a/CHANGES/11546.contrib.rst b/CHANGES/11546.contrib.rst new file mode 100644 index 00000000000..5fda1bdbb98 --- /dev/null +++ b/CHANGES/11546.contrib.rst @@ -0,0 +1,2 @@ +Fixed ``test_send_compress_text`` failing when alternative zlib implementation +is used. (``zlib-ng`` in python 3.14 windows build) -- by :user:`Cycloctane`. diff --git a/tests/test_websocket_writer.py b/tests/test_websocket_writer.py index f5125dde361..a985acfb7f6 100644 --- a/tests/test_websocket_writer.py +++ b/tests/test_websocket_writer.py @@ -7,6 +7,7 @@ from aiohttp import WSMsgType from aiohttp._websocket.reader import WebSocketDataQueue +from aiohttp.compression_utils import ZLibBackend from aiohttp.http import WebSocketReader, WebSocketWriter @@ -83,20 +84,44 @@ async def test_send_text_masked(protocol, transport) -> None: writer.transport.write.assert_called_with(b"\x81\x84\rg\xb3fy\x02\xcb\x12") # type: ignore[attr-defined] +@pytest.mark.usefixtures("parametrize_zlib_backend") async def test_send_compress_text(protocol, transport) -> None: + compress_obj = ZLibBackend.compressobj(level=ZLibBackend.Z_BEST_SPEED, wbits=-15) writer = WebSocketWriter(protocol, transport, compress=15) + + msg = ( + compress_obj.compress(b"text") + compress_obj.flush(ZLibBackend.Z_SYNC_FLUSH) + ).removesuffix(b"\x00\x00\xff\xff") await writer.send_frame(b"text", WSMsgType.TEXT) - writer.transport.write.assert_called_with(b"\xc1\x06*I\xad(\x01\x00") # type: ignore[attr-defined] + writer.transport.write.assert_called_with( # type: ignore[attr-defined] + b"\xc1" + len(msg).to_bytes(1, "big") + msg + ) + + msg = ( + compress_obj.compress(b"text") + compress_obj.flush(ZLibBackend.Z_SYNC_FLUSH) + ).removesuffix(b"\x00\x00\xff\xff") await writer.send_frame(b"text", WSMsgType.TEXT) - writer.transport.write.assert_called_with(b"\xc1\x05*\x01b\x00\x00") # type: ignore[attr-defined] + writer.transport.write.assert_called_with( # type: ignore[attr-defined] + b"\xc1" + len(msg).to_bytes(1, "big") + msg + ) +@pytest.mark.usefixtures("parametrize_zlib_backend") async def test_send_compress_text_notakeover(protocol, transport) -> None: + compress_obj = ZLibBackend.compressobj(level=ZLibBackend.Z_BEST_SPEED, wbits=-15) writer = WebSocketWriter(protocol, transport, compress=15, notakeover=True) + + msg = ( + compress_obj.compress(b"text") + compress_obj.flush(ZLibBackend.Z_FULL_FLUSH) + ).removesuffix(b"\x00\x00\xff\xff") await writer.send_frame(b"text", WSMsgType.TEXT) - writer.transport.write.assert_called_with(b"\xc1\x06*I\xad(\x01\x00") # type: ignore[attr-defined] + writer.transport.write.assert_called_with( # type: ignore[attr-defined] + b"\xc1" + len(msg).to_bytes(1, "big") + msg + ) await writer.send_frame(b"text", WSMsgType.TEXT) - writer.transport.write.assert_called_with(b"\xc1\x06*I\xad(\x01\x00") # type: ignore[attr-defined] + writer.transport.write.assert_called_with( # type: ignore[attr-defined] + b"\xc1" + len(msg).to_bytes(1, "big") + msg + ) async def test_send_compress_text_per_message(protocol, transport) -> None: From adff401d8a3b5cf51b008f5f32bc8c7153e9f14b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 19:56:25 +0000 Subject: [PATCH 129/148] Bump CodSpeedHQ/action from 3 to 4 (#11457) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [CodSpeedHQ/action](https://github.com/codspeedhq/action) from 3 to 4.
Release notes

Sourced from CodSpeedHQ/action's releases.

v4.0.0

💥 BREAKING

It's now required to explicitly set the runner mode to instrumentation or walltime using either:

  • the mode argument
  • or the CODSPEED_RUNNER_MODE environment variable

[!TIP] Before, this variable was automatically set to instrumentation on every runner except for CodSpeed macro runners where it was set to walltime by default.

Find more details in the instruments documentation.

Details

🚀 Features

🐛 Bug Fixes

🏗️ Refactor

Full Runner Changelog: https://github.com/CodSpeedHQ/runner/blob/main/CHANGELOG.md

v3.8.1

What's Changed

🐛 Bug Fixes

🏗️ Refactor

  • Improve conditional compilation in get_pipe_open_options by @​art049 in #100

⚙️ Internals

Full Changelog: https://github.com/CodSpeedHQ/action/compare/v3.8.0...v3.8.1 Full Runner Changelog: https://github.com/CodSpeedHQ/runner/blob/main/CHANGELOG.md

v3.8.0

What's Changed

... (truncated)

Commits
  • 6eeb021 Release v4.0.0 🚀
  • 74312da chore: improve the release script
  • 8a17a35 ci: add modes to the matrix
  • 8e3f02a feat: make the mode argument required
  • 97c7a6f chore: bump runner version to 4.0.0
  • 8a4cadd chore: point the changelog to the runner
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=CodSpeedHQ/action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: J. Nick Koston Co-authored-by: J. Nick Koston --- .github/workflows/ci-cd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 959e481e995..042136f7834 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -279,8 +279,9 @@ jobs: - name: Install self run: python -m pip install -e . - name: Run benchmarks - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@v4 with: + mode: instrumentation token: ${{ secrets.CODSPEED_TOKEN }} run: python -Im pytest --no-cov --numprocesses=0 -vvvvv --codspeed From 16975c0cc3eb2fd87fa6e43172796f91d59906d1 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Sun, 5 Oct 2025 21:14:30 +0100 Subject: [PATCH 130/148] Re-generated pickled cookie for python 3.14 compatibility (#11533) (#11558) (cherry picked from commit 281479aac518304751c7a608993615df7c505549) --------- Co-authored-by: Kirill --- .github/workflows/ci-cd.yml | 9 +++------ CONTRIBUTORS.txt | 1 + tests/test_connector.py | 6 ++++-- tests/test_cookiejar.py | 7 ++++++- tests/test_web_functional.py | 4 ++++ 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 042136f7834..ed9e1719c7f 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -122,7 +122,7 @@ jobs: needs: gen_llhttp strategy: matrix: - pyver: [3.9, '3.10', '3.11', '3.12', '3.13'] + pyver: [3.9, '3.10', '3.11', '3.12', '3.13', '3.14'] no-extensions: ['', 'Y'] os: [ubuntu, macos, windows] experimental: [false] @@ -136,13 +136,10 @@ jobs: no-extensions: 'Y' os: ubuntu experimental: false - - os: ubuntu - pyver: "3.14" - experimental: true - no-extensions: 'Y' - os: ubuntu pyver: "3.14t" - experimental: true + no-extensions: '' + experimental: false fail-fast: true runs-on: ${{ matrix.os }}-latest continue-on-error: ${{ matrix.experimental }} diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 2798810de41..2771eb8bbcf 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -216,6 +216,7 @@ Kilian Guillaume Kimmo Parviainen-Jalanko Kirill Klenov Kirill Malovitsa +Kirill Potapenko Konstantin Shutkin Konstantin Valetov Krzysztof Blazewicz diff --git a/tests/test_connector.py b/tests/test_connector.py index 90a32140191..9048bf61e2f 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -492,10 +492,11 @@ async def test_release(loop, key) -> None: conn._acquired_per_host[key].add(proto) conn._release(key, proto) + loop_time = loop.time() assert conn._release_waiter.called assert conn._cleanup_handle is not None assert conn._conns[key][0][0] == proto - assert conn._conns[key][0][1] == pytest.approx(loop.time(), abs=0.1) + assert conn._conns[key][0][1] == pytest.approx(loop_time, abs=0.1) assert not conn._cleanup_closed_transports await conn.close() @@ -1604,10 +1605,11 @@ async def test_release_not_started(loop) -> None: key = 1 conn._acquired.add(proto) conn._release(key, proto) + loop_time = loop.time() # assert conn._conns == {1: [(proto, 10)]} rec = conn._conns[1] assert rec[0][0] == proto - assert rec[0][1] == pytest.approx(loop.time(), abs=0.05) + assert rec[0][1] == pytest.approx(loop_time, abs=0.05) assert not proto.close.called await conn.close() diff --git a/tests/test_cookiejar.py b/tests/test_cookiejar.py index 11bf9bd5b4e..17e27e8f7ae 100644 --- a/tests/test_cookiejar.py +++ b/tests/test_cookiejar.py @@ -5,6 +5,7 @@ import logging import pathlib import pickle +import sys import unittest from http.cookies import BaseCookie, Morsel, SimpleCookie from operator import not_ @@ -1107,7 +1108,11 @@ async def test_pickle_format(cookies_to_send) -> None: with file_path.open("wb") as f: pickle.dump(cookies, f, pickle.HIGHEST_PROTOCOL) """ - pickled = b"\x80\x04\x95\xc8\x0b\x00\x00\x00\x00\x00\x00\x8c\x0bcollections\x94\x8c\x0bdefaultdict\x94\x93\x94\x8c\x0chttp.cookies\x94\x8c\x0cSimpleCookie\x94\x93\x94\x85\x94R\x94(\x8c\x00\x94h\x08\x86\x94h\x05)\x81\x94\x8c\rshared-cookie\x94h\x03\x8c\x06Morsel\x94\x93\x94)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94\x8c\x01/\x94\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x08\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(\x8c\x03key\x94h\x0b\x8c\x05value\x94\x8c\x05first\x94\x8c\x0bcoded_value\x94h\x1cubs\x8c\x0bexample.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\rdomain-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x1e\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah!h\x1b\x8c\x06second\x94h\x1dh-ub\x8c\x14dotted-domain-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x0bexample.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah.h\x1b\x8c\x05fifth\x94h\x1dh;ubu\x8c\x11test1.example.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x11subdomain1-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h<\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah?h\x1b\x8c\x05third\x94h\x1dhKubs\x8c\x11test2.example.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x11subdomain2-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94hL\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ahOh\x1b\x8c\x06fourth\x94h\x1dh[ubs\x8c\rdifferent.org\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x17different-domain-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\\\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah_h\x1b\x8c\x05sixth\x94h\x1dhkubs\x8c\nsecure.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\rsecure-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94hl\x8c\x07max-age\x94h\x08\x8c\x06secure\x94\x88\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ahoh\x1b\x8c\x07seventh\x94h\x1dh{ubs\x8c\x0cpathtest.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\x0eno-path-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h|\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\x7fh\x1b\x8c\x06eighth\x94h\x1dh\x8bub\x8c\x0cpath1-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x0cpathtest.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\x8ch\x1b\x8c\x05ninth\x94h\x1dh\x99ubu\x8c\x0cpathtest.com\x94\x8c\x04/one\x94\x86\x94h\x05)\x81\x94\x8c\x0cpath2-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x9b\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x9a\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\x9eh\x1b\x8c\x05tenth\x94h\x1dh\xaaubs\x8c\x0cpathtest.com\x94\x8c\x08/one/two\x94\x86\x94h\x05)\x81\x94(\x8c\x0cpath3-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\xac\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xab\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xafh\x1b\x8c\x08eleventh\x94h\x1dh\xbbub\x8c\x0cpath4-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94\x8c\t/one/two/\x94\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x0cpathtest.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xbch\x1b\x8c\x07twelfth\x94h\x1dh\xcaubu\x8c\x0fexpirestest.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x0eexpires-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94\x8c\x1cTue, 1 Jan 2999 12:00:00 GMT\x94\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xcb\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xceh\x1b\x8c\nthirteenth\x94h\x1dh\xdbubs\x8c\x0emaxagetest.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x0emax-age-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xdc\x8c\x07max-age\x94\x8c\x0260\x94\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xdfh\x1b\x8c\nfourteenth\x94h\x1dh\xecubs\x8c\x12invalid-values.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\x16invalid-max-age-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xed\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xf0h\x1b\x8c\tfifteenth\x94h\x1dh\xfcub\x8c\x16invalid-expires-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x12invalid-values.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xfdh\x1b\x8c\tsixteenth\x94h\x1dj\n\x01\x00\x00ubuu." + if sys.version_info < (3, 14): + pickled = b"\x80\x04\x95\xc8\x0b\x00\x00\x00\x00\x00\x00\x8c\x0bcollections\x94\x8c\x0bdefaultdict\x94\x93\x94\x8c\x0chttp.cookies\x94\x8c\x0cSimpleCookie\x94\x93\x94\x85\x94R\x94(\x8c\x00\x94h\x08\x86\x94h\x05)\x81\x94\x8c\rshared-cookie\x94h\x03\x8c\x06Morsel\x94\x93\x94)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94\x8c\x01/\x94\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x08\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(\x8c\x03key\x94h\x0b\x8c\x05value\x94\x8c\x05first\x94\x8c\x0bcoded_value\x94h\x1cubs\x8c\x0bexample.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\rdomain-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x1e\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah!h\x1b\x8c\x06second\x94h\x1dh-ub\x8c\x14dotted-domain-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x0bexample.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah.h\x1b\x8c\x05fifth\x94h\x1dh;ubu\x8c\x11test1.example.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x11subdomain1-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h<\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah?h\x1b\x8c\x05third\x94h\x1dhKubs\x8c\x11test2.example.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x11subdomain2-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94hL\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ahOh\x1b\x8c\x06fourth\x94h\x1dh[ubs\x8c\rdifferent.org\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x17different-domain-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\\\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah_h\x1b\x8c\x05sixth\x94h\x1dhkubs\x8c\nsecure.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\rsecure-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94hl\x8c\x07max-age\x94h\x08\x8c\x06secure\x94\x88\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ahoh\x1b\x8c\x07seventh\x94h\x1dh{ubs\x8c\x0cpathtest.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\x0eno-path-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h|\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\x7fh\x1b\x8c\x06eighth\x94h\x1dh\x8bub\x8c\x0cpath1-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x0cpathtest.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\x8ch\x1b\x8c\x05ninth\x94h\x1dh\x99ubu\x8c\x0cpathtest.com\x94\x8c\x04/one\x94\x86\x94h\x05)\x81\x94\x8c\x0cpath2-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x9b\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x9a\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\x9eh\x1b\x8c\x05tenth\x94h\x1dh\xaaubs\x8c\x0cpathtest.com\x94\x8c\x08/one/two\x94\x86\x94h\x05)\x81\x94(\x8c\x0cpath3-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\xac\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xab\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xafh\x1b\x8c\x08eleventh\x94h\x1dh\xbbub\x8c\x0cpath4-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94\x8c\t/one/two/\x94\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x0cpathtest.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xbch\x1b\x8c\x07twelfth\x94h\x1dh\xcaubu\x8c\x0fexpirestest.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x0eexpires-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94\x8c\x1cTue, 1 Jan 2999 12:00:00 GMT\x94\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xcb\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xceh\x1b\x8c\nthirteenth\x94h\x1dh\xdbubs\x8c\x0emaxagetest.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x0emax-age-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xdc\x8c\x07max-age\x94\x8c\x0260\x94\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xdfh\x1b\x8c\nfourteenth\x94h\x1dh\xecubs\x8c\x12invalid-values.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\x16invalid-max-age-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\xed\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xf0h\x1b\x8c\tfifteenth\x94h\x1dh\xfcub\x8c\x16invalid-expires-cookie\x94h\r)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94h\x11\x8c\x07comment\x94h\x08\x8c\x06domain\x94\x8c\x12invalid-values.com\x94\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08u}\x94(h\x1ah\xfdh\x1b\x8c\tsixteenth\x94h\x1dj\n\x01\x00\x00ubuu." + else: + pickled = b'\x80\x05\x95\x06\x08\x00\x00\x00\x00\x00\x00\x8c\x0bcollections\x94\x8c\x0bdefaultdict\x94\x93\x94\x8c\x0chttp.cookies\x94\x8c\x0cSimpleCookie\x94\x93\x94\x85\x94R\x94(\x8c\x00\x94h\x08\x86\x94h\x05)\x81\x94\x8c\rshared-cookie\x94h\x03\x8c\x06Morsel\x94\x93\x94)\x81\x94(\x8c\x07expires\x94h\x08\x8c\x04path\x94\x8c\x01/\x94\x8c\x07comment\x94h\x08\x8c\x06domain\x94h\x08\x8c\x07max-age\x94h\x08\x8c\x06secure\x94h\x08\x8c\x08httponly\x94h\x08\x8c\x07version\x94h\x08\x8c\x08samesite\x94h\x08\x8c\x0bpartitioned\x94h\x08u}\x94(\x8c\x03key\x94h\x0b\x8c\x05value\x94\x8c\x05first\x94\x8c\x0bcoded_value\x94h\x1dubs\x8c\x0bexample.com\x94h\x08\x86\x94h\x05)\x81\x94(\x8c\rdomain-cookie\x94h\r)\x81\x94(h\x0fh\x08h\x10h\x11h\x12h\x08h\x13h\x1fh\x14h\x08h\x15h\x08h\x16h\x08h\x17h\x08h\x18h\x08h\x19h\x08u}\x94(h\x1bh"h\x1c\x8c\x06second\x94h\x1eh%ub\x8c\x14dotted-domain-cookie\x94h\r)\x81\x94(h\x0fh\x08h\x10h\x11h\x12h\x08h\x13\x8c\x0bexample.com\x94h\x14h\x08h\x15h\x08h\x16h\x08h\x17h\x08h\x18h\x08h\x19h\x08u}\x94(h\x1bh&h\x1c\x8c\x05fifth\x94h\x1eh*ubu\x8c\x11test1.example.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x11subdomain1-cookie\x94h\r)\x81\x94(h\x0fh\x08h\x10h\x11h\x12h\x08h\x13h+h\x14h\x08h\x15h\x08h\x16h\x08h\x17h\x08h\x18h\x08h\x19h\x08u}\x94(h\x1bh.h\x1c\x8c\x05third\x94h\x1eh1ubs\x8c\x11test2.example.com\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x11subdomain2-cookie\x94h\r)\x81\x94(h\x0fh\x08h\x10h\x11h\x12h\x08h\x13h2h\x14h\x08h\x15h\x08h\x16h\x08h\x17h\x08h\x18h\x08h\x19h\x08u}\x94(h\x1bh5h\x1c\x8c\x06fourth\x94h\x1eh8ubs\x8c\rdifferent.org\x94h\x08\x86\x94h\x05)\x81\x94\x8c\x17different-domain-cookie\x94h\r)\x81\x94(h\x0fh\x08h\x10h\x11h\x12h\x08h\x13h9h\x14h\x08h\x15h\x08h\x16h\x08h\x17h\x08h\x18h\x08h\x19h\x08u}\x94(h\x1bh None: async def handler(request): return web.HTTPForbidden() From cce820884155d3ba06adae6eb7216813ceba363f Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 23:15:54 +0100 Subject: [PATCH 131/148] [PR #11559/b0690d7b backport][3.13] Add Python 3.14 to metadata (#11560) **This is a backport of PR #11559 as merged into master (b0690d7b863b67ca247e4557207dc2c1fd98b6f3).** Co-authored-by: Sam Bull --- setup.cfg | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.cfg b/setup.cfg index 6f066901d36..5117eccc043 100644 --- a/setup.cfg +++ b/setup.cfg @@ -38,6 +38,7 @@ classifiers = Programming Language :: Python :: 3.11 Programming Language :: Python :: 3.12 Programming Language :: Python :: 3.13 + Programming Language :: Python :: 3.14 Topic :: Internet :: WWW/HTTP From bfe3d461db099fe692698149e57024073e67751b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 22:40:36 +0000 Subject: [PATCH 132/148] Bump cryptography from 46.0.1 to 46.0.2 (#11549) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.1 to 46.0.2.
Changelog

Sourced from cryptography's changelog.

46.0.2 - 2025-09-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.4.

.. _v46-0-1:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=46.0.1&new-version=46.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test-common.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 8949c6d936a..56dd1dc2505 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -58,7 +58,7 @@ coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov -cryptography==46.0.1 +cryptography==46.0.2 # via # pyjwt # trustme diff --git a/requirements/dev.txt b/requirements/dev.txt index f288c1428df..112816129e2 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -58,7 +58,7 @@ coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov -cryptography==46.0.1 +cryptography==46.0.2 # via # pyjwt # trustme diff --git a/requirements/lint.txt b/requirements/lint.txt index 7552660daba..9c15ba10cdd 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -21,7 +21,7 @@ cfgv==3.4.0 # via pre-commit click==8.1.8 # via slotscheck -cryptography==46.0.1 +cryptography==46.0.2 # via trustme distlib==0.4.0 # via virtualenv diff --git a/requirements/test-common.txt b/requirements/test-common.txt index 4f4c277256f..9b148f04de9 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -18,7 +18,7 @@ coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov -cryptography==46.0.1 +cryptography==46.0.2 # via trustme exceptiongroup==1.3.0 # via pytest diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 2efcc9f8d58..6e58b0fda2f 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -31,7 +31,7 @@ coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov -cryptography==46.0.1 +cryptography==46.0.2 # via trustme exceptiongroup==1.3.0 # via pytest diff --git a/requirements/test.txt b/requirements/test.txt index d3dd2278aac..26d07cad1c9 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -31,7 +31,7 @@ coverage==7.10.7 # via # -r requirements/test-common.in # pytest-cov -cryptography==46.0.1 +cryptography==46.0.2 # via trustme exceptiongroup==1.3.0 # via pytest From af2612eeab40a0088abbe362539241e083d87add Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 22:45:50 +0000 Subject: [PATCH 133/148] Bump mypy from 1.17.1 to 1.18.2 (#11527) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [mypy](https://github.com/python/mypy) from 1.17.1 to 1.18.2.
Changelog

Sourced from mypy's changelog.

Mypy 1.18.2

  • Fix crash on recursive alias (Ivan Levkivskyi, PR 19845)
  • Add additional guidance for stubtest errors when runtime is object.__init__ (Stephen Morton, PR 19733)
  • Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR 19846)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • Ali Hamdan
  • Anthony Sottile
  • BobTheBuidler
  • Brian Schubert
  • Chainfire
  • Charlie Denton
  • Christoph Tyralla
  • CoolCat467
  • Daniel Hnyk
  • Emily
  • Emma Smith
  • Ethan Sarp
  • Ivan Levkivskyi
  • Jahongir Qurbonov
  • Jelle Zijlstra
  • Joren Hammudoglu
  • Jukka Lehtosalo
  • Marc Mueller
  • Omer Hadari
  • Piotr Sawicki
  • PrinceNaroliya
  • Randolf Scholz
  • Robsdedude
  • Saul Shanabrook
  • Shantanu
  • Stanislav Terliakov
  • Stephen Morton
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.17

We’ve just uploaded mypy 1.17 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

... (truncated)

Commits
  • df05f05 remove +dev from version
  • 01a7a12 Update changelog for 1.18.2 (#19873)
  • ca5abf0 Typeshed cherry-pick: Make type of unitest.mock.Any a subclass of Any (#1...
  • 9d794b5 [mypyc] fix: inappropriate Nones in f-strings (#19846)
  • 2c0510c stubtest: additional guidance on errors when runtime is object.init (#19733)
  • 2f3f03c Bump version to 1.18.2+dev for point release
  • 7669841 Fix crash on recursive alias in indirection.py (#19845)
  • 03fbaa9 bump version to 1.18.1 due to wheels failure
  • b44a1fb removed +dev from version
  • 7197a99 Removed Unreleased in the Changelog for Release 1.18 (#19827)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy&package-manager=pip&previous-version=1.17.1&new-version=1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull --- aiohttp/client_reqrep.py | 5 +++-- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test-common.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 9 insertions(+), 8 deletions(-) diff --git a/aiohttp/client_reqrep.py b/aiohttp/client_reqrep.py index c75e0dd6fb8..4f5bed9b9c9 100644 --- a/aiohttp/client_reqrep.py +++ b/aiohttp/client_reqrep.py @@ -57,6 +57,7 @@ netrc_from_env, noop, reify, + sentinel, set_exception, set_result, ) @@ -136,14 +137,14 @@ def __new__( url: URL, method: str, headers: "CIMultiDictProxy[str]", - real_url: URL = _SENTINEL, # type: ignore[assignment] + real_url: Union[URL, _SENTINEL] = sentinel, ) -> "RequestInfo": """Create a new RequestInfo instance. For backwards compatibility, the real_url parameter is optional. """ return tuple.__new__( - cls, (url, method, headers, url if real_url is _SENTINEL else real_url) + cls, (url, method, headers, url if real_url is sentinel else real_url) ) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 56dd1dc2505..89ea78ef9f0 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -118,7 +118,7 @@ multidict==6.6.4 # -r requirements/multidict.in # -r requirements/runtime-deps.in # yarl -mypy==1.17.1 ; implementation_name == "cpython" +mypy==1.18.2 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/test-common.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 112816129e2..1c02780bd5f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -115,7 +115,7 @@ multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl -mypy==1.17.1 ; implementation_name == "cpython" +mypy==1.18.2 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/test-common.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 9c15ba10cdd..432b0d87992 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -45,7 +45,7 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -mypy==1.17.1 ; implementation_name == "cpython" +mypy==1.18.2 ; implementation_name == "cpython" # via -r requirements/lint.in mypy-extensions==1.1.0 # via mypy diff --git a/requirements/test-common.txt b/requirements/test-common.txt index 9b148f04de9..bb12cec27e3 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -38,7 +38,7 @@ markdown-it-py==4.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -mypy==1.18.1 ; implementation_name == "cpython" +mypy==1.18.2 ; implementation_name == "cpython" # via -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 6e58b0fda2f..a3ee1b46f67 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -63,7 +63,7 @@ multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl -mypy==1.18.1 ; implementation_name == "cpython" +mypy==1.18.2 ; implementation_name == "cpython" # via -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy diff --git a/requirements/test.txt b/requirements/test.txt index 26d07cad1c9..ed222122611 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -63,7 +63,7 @@ multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl -mypy==1.17.1 ; implementation_name == "cpython" +mypy==1.18.2 ; implementation_name == "cpython" # via -r requirements/test-common.in mypy-extensions==1.1.0 # via mypy From 99858d734776d09e41ce5e0ddfa4f91dcb396be2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 23:47:22 +0100 Subject: [PATCH 134/148] Bump typing-inspection from 0.4.1 to 0.4.2 (#11550) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [typing-inspection](https://github.com/pydantic/typing-inspection) from 0.4.1 to 0.4.2.
Release notes

Sourced from typing-inspection's releases.

v0.4.2 2025-10-01

What's Changed

Full Changelog: https://github.com/pydantic/typing-inspection/compare/v0.4.1...v0.4.2

Changelog

Sourced from typing-inspection's changelog.

v0.4.2 (2025-10-01)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typing-inspection&package-manager=pip&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test-common.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 89ea78ef9f0..602cc22bb7e 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -278,7 +278,7 @@ typing-extensions==4.15.0 # python-on-whales # typing-inspection # virtualenv -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic uritemplate==4.2.0 # via gidgethub diff --git a/requirements/dev.txt b/requirements/dev.txt index 1c02780bd5f..e3e412838d0 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -269,7 +269,7 @@ typing-extensions==4.15.0 # python-on-whales # typing-inspection # virtualenv -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic uritemplate==4.2.0 # via gidgethub diff --git a/requirements/lint.txt b/requirements/lint.txt index 432b0d87992..8de4c8642d5 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -111,7 +111,7 @@ typing-extensions==4.15.0 # python-on-whales # typing-inspection # virtualenv -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in diff --git a/requirements/test-common.txt b/requirements/test-common.txt index bb12cec27e3..8e073988a37 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -109,7 +109,7 @@ typing-extensions==4.15.0 # pydantic-core # python-on-whales # typing-inspection -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic wait-for-it==2.3.0 # via -r requirements/test-common.in diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index a3ee1b46f67..16b14256612 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -144,7 +144,7 @@ typing-extensions==4.15.0 # pydantic-core # python-on-whales # typing-inspection -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic wait-for-it==2.3.0 # via -r requirements/test-common.in diff --git a/requirements/test.txt b/requirements/test.txt index ed222122611..474570fc62a 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -144,7 +144,7 @@ typing-extensions==4.15.0 # pydantic-core # python-on-whales # typing-inspection -typing-inspection==0.4.1 +typing-inspection==0.4.2 # via pydantic uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" # via -r requirements/base.in From 93a7532e47b0ab64d0099f31c97c84dbf3052443 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 23:20:57 +0000 Subject: [PATCH 135/148] Bump actions/stale from 9 to 10 (#11473) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: https://github.com/actions/stale/compare/v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/stale/compare/v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

What Else Changed

  1. Performance optimization that removes unnecessary API calls by @​dsame in #1033; fixes #792
  2. Logs displaying current GitHub API rate limit by @​dsame in #1032; addresses #1029

For more information, please read the action documentation and its section about statefulness

[4.1.1]

In scope of this release we updated actions/core to 1.10.0 for v4 and fixed issues operation count.

[8.0.0]

:warning: This version contains breaking changes :warning:

[7.0.0]

:warning: Breaking change :warning:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/stale&package-manager=github_actions&previous-version=9&new-version=10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ef1b86cfa69..8a56a2b7b80 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -10,7 +10,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: days-before-stale: 30 any-of-labels: needs-info From 1b4bf8ed071b34c74ee22e85fe5718a4ca841f43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 23:33:23 +0000 Subject: [PATCH 136/148] Bump actions/setup-python from 5 to 6 (#11474) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: https://github.com/actions/setup-python/compare/v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • e797f83 Upgrade to node 24 (#1164)
  • 3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
  • 65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
  • 5b668cf Bump actions/checkout from 4 to 5 (#1181)
  • f62a0e2 Change missing cache directory error to warning (#1182)
  • 9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
  • fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
  • 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
  • 36da51d Add version parsing from Pipfile (#1067)
  • 3c6f142 update documentation (#1156)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index ed9e1719c7f..05653d9c028 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -43,7 +43,7 @@ jobs: make sync-direct-runtime-deps git diff --exit-code -- requirements/runtime-deps.in - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.11 - name: Cache PyPI @@ -150,7 +150,7 @@ jobs: submodules: true - name: Setup Python ${{ matrix.pyver }} id: python-install - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: allow-prereleases: true python-version: ${{ matrix.pyver }} @@ -254,7 +254,7 @@ jobs: submodules: true - name: Setup Python 3.13.2 id: python-install - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.13.2 cache: pip @@ -319,7 +319,7 @@ jobs: with: submodules: true - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 - name: Update pip, wheel, setuptools, build, twine run: | python -m pip install -U pip wheel setuptools build twine @@ -407,7 +407,7 @@ jobs: fi shell: bash - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.x - name: Update pip, wheel, setuptools, build, twine From f305ddf72b7a1ae12393214a323e47b13749debd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 11:23:53 +0000 Subject: [PATCH 137/148] Bump certifi from 2025.8.3 to 2025.10.5 (#11565) Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.8.3 to 2025.10.5.
Commits
  • fb14ac4 2025.10.05 (#371)
  • 2c7c7ee Add Python 3.14 classifier in setup.py
  • 1a5cb7b Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)
  • dea5960 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)
  • 83566b7 Bump actions/checkout from 4.2.2 to 5.0.0
  • ca2e121 Bump actions/download-artifact from 4.3.0 to 5.0.0
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2025.8.3&new-version=2025.10.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 602cc22bb7e..d21197ef2ef 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -34,7 +34,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.3.0 # via pip-tools -certifi==2025.8.3 +certifi==2025.10.5 # via requests cffi==2.0.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index e3e412838d0..46f3d1c5059 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -34,7 +34,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in build==1.3.0 # via pip-tools -certifi==2025.8.3 +certifi==2025.10.5 # via requests cffi==2.0.0 # via diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 4bdb156e3a7..55c618df961 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -10,7 +10,7 @@ alabaster==1.0.0 # via sphinx babel==2.17.0 # via sphinx -certifi==2025.8.3 +certifi==2025.10.5 # via requests charset-normalizer==3.4.3 # via requests diff --git a/requirements/doc.txt b/requirements/doc.txt index ec7004e6054..7aa95aee161 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -10,7 +10,7 @@ alabaster==1.0.0 # via sphinx babel==2.17.0 # via sphinx -certifi==2025.8.3 +certifi==2025.10.5 # via requests charset-normalizer==3.4.3 # via requests From a8dc4e69c12501adc971e0419f631c20dcf8966b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 11:41:44 +0000 Subject: [PATCH 138/148] Bump yarl from 1.20.1 to 1.21.0 (#11566) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=yarl&package-manager=pip&previous-version=1.20.1&new-version=1.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base-ft.txt | 4 +++- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 9 insertions(+), 7 deletions(-) diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt index 15c562571be..7c3216ad305 100644 --- a/requirements/base-ft.txt +++ b/requirements/base-ft.txt @@ -12,6 +12,8 @@ aiosignal==1.4.0 # via -r requirements/runtime-deps.in async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in +attrs==25.3.0 + # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in cffi==2.0.0 @@ -42,7 +44,7 @@ typing-extensions==4.15.0 # via # aiosignal # multidict -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/base.txt b/requirements/base.txt index 70c160e7322..fc39536eb13 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -46,7 +46,7 @@ typing-extensions==4.15.0 # multidict uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython" # via -r requirements/base.in -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d21197ef2ef..f55009a12fe 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -296,7 +296,7 @@ wait-for-it==2.3.0 # via -r requirements/test-common.in wheel==0.45.1 # via pip-tools -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zlib-ng==1.0.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 46f3d1c5059..dd23012462d 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -287,7 +287,7 @@ wait-for-it==2.3.0 # via -r requirements/test-common.in wheel==0.45.1 # via pip-tools -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zlib-ng==1.0.0 # via diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index f3c98e7e88a..46c7defd9a9 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -40,7 +40,7 @@ typing-extensions==4.15.0 # via # aiosignal # multidict -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14" # via -r requirements/runtime-deps.in diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 16b14256612..3ce0dca5897 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -148,7 +148,7 @@ typing-inspection==0.4.2 # via pydantic wait-for-it==2.3.0 # via -r requirements/test-common.in -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zlib-ng==1.0.0 # via -r requirements/test-common.in diff --git a/requirements/test.txt b/requirements/test.txt index 474570fc62a..fee35af44bc 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -150,7 +150,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # via -r requirements/base.in wait-for-it==2.3.0 # via -r requirements/test-common.in -yarl==1.20.1 +yarl==1.21.0 # via -r requirements/runtime-deps.in zlib-ng==1.0.0 # via -r requirements/test-common.in From 3aa059474f75b59ab9da7828adba72aa02d53ae5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 12:03:44 +0000 Subject: [PATCH 139/148] Bump frozenlist from 1.7.0 to 1.8.0 (#11569) Bumps [frozenlist](https://github.com/aio-libs/frozenlist) from 1.7.0 to 1.8.0.
Release notes

Sourced from frozenlist's releases.

1.8.0

Contributor-facing changes

  • The :file:reusable-cibuildwheel.yml workflow has been refactored to be more generic and :file:ci-cd.yml now holds all the configuration toggles -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #668.

  • When building wheels, the source distribution is now passed directly to the cibuildwheel invocation -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #669.

  • Builds and tests have been added to ci-cd.yml for arm64 Windows wheels -- by :user:finnagin.

    Related issues and pull requests on GitHub: #677.

  • Started building wheels for CPython 3.14 -- by :user:kumaraditya303.

    Related issues and pull requests on GitHub: #681, #682.

  • Removed --config-settings=pure-python=false from :file:requirements/dev.txt. Developers on CPython still get accelerated builds by default. To explicitly build a pure Python wheel, use pip install -e . --config-settings=pure-python=true -- by :user:bdraco.

    Related issues and pull requests on GitHub: #687.

Changelog

Sourced from frozenlist's changelog.

v1.8.0

(2025-10-05)

Contributor-facing changes

  • The :file:reusable-cibuildwheel.yml workflow has been refactored to be more generic and :file:ci-cd.yml now holds all the configuration toggles -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:668.

  • When building wheels, the source distribution is now passed directly to the cibuildwheel invocation -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:669.

  • Builds and tests have been added to ci-cd.yml for arm64 Windows wheels -- by :user:finnagin.

    Related issues and pull requests on GitHub: :issue:677.

  • Started building wheels for CPython 3.14 -- by :user:kumaraditya303.

    Related issues and pull requests on GitHub: :issue:681, :issue:682.

  • Removed --config-settings=pure-python=false from :file:requirements/dev.txt. Developers on CPython still get accelerated builds by default. To explicitly build a pure Python wheel, use pip install -e . --config-settings=pure-python=true -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:687.

Commits
  • 48324af Release 1.8.0 (#698)
  • 7e5eab0 Add windows arm64 support (#678)
  • a2c22c2 Build(deps): Bump sphinx from 7.2.6 to 7.4.7 (#691)
  • 752b80a Build(deps): Bump types-setuptools from 75.8.0.20250210 to 80.9.0.20250822 (#...
  • 6b9d557 Build(deps): Bump cython from 3.1.1 to 3.1.4 (#690)
  • 7c4ad20 Build(deps-dev): Bump tox from 4.11.4 to 4.30.3 (#693)
  • 65f35d6 Build(deps): Bump pre-commit from 3.5.0 to 4.3.0 (#697)
  • 1ad0263 Build(deps): Bump pytest from 7.4.3 to 8.4.2 (#694)
  • 884ee49 Build(deps): Bump aiohttp-theme from 0.1.6 to 0.1.7 (#689)
  • b2d6180 Fix dependabot updates (#687)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=frozenlist&package-manager=pip&previous-version=1.7.0&new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base-ft.txt | 2 +- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt index 7c3216ad305..85b08cf0505 100644 --- a/requirements/base-ft.txt +++ b/requirements/base-ft.txt @@ -18,7 +18,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in cffi==2.0.0 # via pycares -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal diff --git a/requirements/base.txt b/requirements/base.txt index fc39536eb13..0620c235af7 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -18,7 +18,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in cffi==2.0.0 # via pycares -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f55009a12fe..ac7cefbaba9 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -80,7 +80,7 @@ freezegun==1.5.5 # via # -r requirements/lint.in # -r requirements/test-common.in -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal diff --git a/requirements/dev.txt b/requirements/dev.txt index dd23012462d..8106a04f22c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -78,7 +78,7 @@ freezegun==1.5.5 # via # -r requirements/lint.in # -r requirements/test-common.in -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 46c7defd9a9..5cfe6e8c089 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -18,7 +18,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in cffi==2.0.0 # via pycares -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 3ce0dca5897..b33b76ce27d 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -41,7 +41,7 @@ forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 # via -r requirements/test-common.in -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal diff --git a/requirements/test.txt b/requirements/test.txt index fee35af44bc..bd55095e8af 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -41,7 +41,7 @@ forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.5 # via -r requirements/test-common.in -frozenlist==1.7.0 +frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal From bbf209d50cc7c8ebbf014974971a63476091edc4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 13:13:27 +0000 Subject: [PATCH 140/148] Bump propcache from 0.3.2 to 0.4.0 (#11571) Bumps [propcache](https://github.com/aio-libs/propcache) from 0.3.2 to 0.4.0.
Release notes

Sourced from propcache's releases.

0.4.0

Features

  • Optimized propcache by replacing sentinel :py:class:object for checking if the :py:class:object is NULL and changed :py:class:dict API for Python C-API -- by :user:Vizonex.

    Related issues and pull requests on GitHub: #121.

Contributor-facing changes

  • Builds have been added for arm64 Windows wheels and the reusable-build-wheel.yml workflow has been modified to allow for an OS value (windows-11-arm) which does not include the -latest postfix -- by :user:finnagin.

    Related issues and pull requests on GitHub: #133.

  • Added CI for CPython 3.14 -- by :user:kumaraditya303.

    Related issues and pull requests on GitHub: #140.

Changelog

Sourced from propcache's changelog.

0.4.0

(2025-10-04)

Features

  • Optimized propcache by replacing sentinel :py:class:object for checking if the :py:class:object is NULL and changed :py:class:dict API for Python C-API -- by :user:Vizonex.

    Related issues and pull requests on GitHub: :issue:121.

Contributor-facing changes

  • Builds have been added for arm64 Windows wheels and the reusable-build-wheel.yml workflow has been modified to allow for an OS value (windows-11-arm) which does not include the -latest postfix -- by :user:finnagin.

    Related issues and pull requests on GitHub: :issue:133.

  • Added CI for CPython 3.14 -- by :user:kumaraditya303.

    Related issues and pull requests on GitHub: :issue:140.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=propcache&package-manager=pip&previous-version=0.3.2&new-version=0.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base-ft.txt | 2 +- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test-ft.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt index 85b08cf0505..08de9013dc4 100644 --- a/requirements/base-ft.txt +++ b/requirements/base-ft.txt @@ -32,7 +32,7 @@ multidict==6.6.4 # yarl packaging==25.0 # via gunicorn -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/base.txt b/requirements/base.txt index 0620c235af7..3b9af1959e8 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -32,7 +32,7 @@ multidict==6.6.4 # yarl packaging==25.0 # via gunicorn -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ac7cefbaba9..d74296e4dc5 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -146,7 +146,7 @@ pluggy==1.6.0 # pytest-cov pre-commit==4.3.0 # via -r requirements/lint.in -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/dev.txt b/requirements/dev.txt index 8106a04f22c..4f67db4f3e1 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -143,7 +143,7 @@ pluggy==1.6.0 # pytest-cov pre-commit==4.3.0 # via -r requirements/lint.in -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 5cfe6e8c089..727745a5617 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -28,7 +28,7 @@ multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index b33b76ce27d..3e2a7fa1d59 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -79,7 +79,7 @@ pluggy==1.6.0 # via # pytest # pytest-cov -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test.txt b/requirements/test.txt index bd55095e8af..3d356ab6c7f 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -79,7 +79,7 @@ pluggy==1.6.0 # via # pytest # pytest-cov -propcache==0.3.2 +propcache==0.4.0 # via # -r requirements/runtime-deps.in # yarl From 75a3b107dc8e4875b75dc3eccfb71251b480b790 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 6 Oct 2025 16:05:48 +0100 Subject: [PATCH 141/148] Add Linux Foundation Health Score badge to README (#11538) (#11572) (cherry picked from commit 6ae7c55c9577a2a7f964a2466d438bc5c7c6446b) Co-authored-by: Jonathan Reimer <41432658+jonathimer@users.noreply.github.com> --- README.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.rst b/README.rst index 554627a42e7..c2732f0412e 100644 --- a/README.rst +++ b/README.rst @@ -25,6 +25,14 @@ Async http client/server framework :target: https://pypi.org/project/aiohttp :alt: Latest PyPI package version +.. image:: https://img.shields.io/pypi/dm/aiohttp + :target: https://pypistats.org/packages/aiohttp + :alt: Downloads count + +.. image:: https://insights.linuxfoundation.org/api/badge/health-score?project=aiohttp + :target: https://insights.linuxfoundation.org/project/aiohttp + :alt: LFX Health Score + .. image:: https://readthedocs.org/projects/aiohttp/badge/?version=latest :target: https://docs.aiohttp.org/ :alt: Latest Read The Docs From f3cd943bc2a0a3e5f8a6ce7cef157c06236b4e51 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 17:22:53 +0100 Subject: [PATCH 142/148] [PR #11573/3fc1ead0 backport][3.13] Move some badges to the bottom of the page (#11575) **This is a backport of PR #11573 as merged into master (3fc1ead04551db5616ead6f0526403b75ff0acdc).** Co-authored-by: Sam Bull --- README.rst | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/README.rst b/README.rst index c2732f0412e..e6f428640da 100644 --- a/README.rst +++ b/README.rst @@ -17,10 +17,6 @@ Async http client/server framework :target: https://codecov.io/gh/aio-libs/aiohttp :alt: codecov.io status for master branch -.. image:: https://img.shields.io/endpoint?url=https://codspeed.io/badge.json - :target: https://codspeed.io/aio-libs/aiohttp - :alt: Codspeed.io status for aiohttp - .. image:: https://badge.fury.io/py/aiohttp.svg :target: https://pypi.org/project/aiohttp :alt: Latest PyPI package version @@ -29,21 +25,13 @@ Async http client/server framework :target: https://pypistats.org/packages/aiohttp :alt: Downloads count -.. image:: https://insights.linuxfoundation.org/api/badge/health-score?project=aiohttp - :target: https://insights.linuxfoundation.org/project/aiohttp - :alt: LFX Health Score - .. image:: https://readthedocs.org/projects/aiohttp/badge/?version=latest :target: https://docs.aiohttp.org/ :alt: Latest Read The Docs -.. image:: https://img.shields.io/matrix/aio-libs:matrix.org?label=Discuss%20on%20Matrix%20at%20%23aio-libs%3Amatrix.org&logo=matrix&server_fqdn=matrix.org&style=flat - :target: https://matrix.to/#/%23aio-libs:matrix.org - :alt: Matrix Room — #aio-libs:matrix.org - -.. image:: https://img.shields.io/matrix/aio-libs-space:matrix.org?label=Discuss%20on%20Matrix%20at%20%23aio-libs-space%3Amatrix.org&logo=matrix&server_fqdn=matrix.org&style=flat - :target: https://matrix.to/#/%23aio-libs-space:matrix.org - :alt: Matrix Space — #aio-libs-space:matrix.org +.. image:: https://img.shields.io/endpoint?url=https://codspeed.io/badge.json + :target: https://codspeed.io/aio-libs/aiohttp + :alt: Codspeed.io status for aiohttp Key Features @@ -209,3 +197,17 @@ Benchmarks If you are interested in efficiency, the AsyncIO community maintains a list of benchmarks on the official wiki: https://github.com/python/asyncio/wiki/Benchmarks + +-------- + +.. image:: https://img.shields.io/matrix/aio-libs:matrix.org?label=Discuss%20on%20Matrix%20at%20%23aio-libs%3Amatrix.org&logo=matrix&server_fqdn=matrix.org&style=flat + :target: https://matrix.to/#/%23aio-libs:matrix.org + :alt: Matrix Room — #aio-libs:matrix.org + +.. image:: https://img.shields.io/matrix/aio-libs-space:matrix.org?label=Discuss%20on%20Matrix%20at%20%23aio-libs-space%3Amatrix.org&logo=matrix&server_fqdn=matrix.org&style=flat + :target: https://matrix.to/#/%23aio-libs-space:matrix.org + :alt: Matrix Space — #aio-libs-space:matrix.org + +.. image:: https://insights.linuxfoundation.org/api/badge/health-score?project=aiohttp + :target: https://insights.linuxfoundation.org/project/aiohttp + :alt: LFX Health Score From ce38e4387d7b04b8d151f575ca7b42d6749f73c1 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 6 Oct 2025 17:26:38 +0100 Subject: [PATCH 143/148] Add StreamReader.total_raw_bytes to report the download progress (#11483) (#11576) (cherry picked from commit 2c9dbad0542b928619109aba6e59dfa86d1457c4) Co-authored-by: robpats <127686110+robpats@users.noreply.github.com> --- CHANGES/11483.feature.rst | 2 ++ CONTRIBUTORS.txt | 1 + aiohttp/http_parser.py | 2 ++ aiohttp/streams.py | 8 ++++++ docs/streams.rst | 11 +++++++-- tests/test_client_functional.py | 43 +++++++++++++++++++++++++++++++++ 6 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 CHANGES/11483.feature.rst diff --git a/CHANGES/11483.feature.rst b/CHANGES/11483.feature.rst new file mode 100644 index 00000000000..a8ef8b62c44 --- /dev/null +++ b/CHANGES/11483.feature.rst @@ -0,0 +1,2 @@ +Added ``StreamReader.total_raw_bytes`` to check the number of bytes downloaded +-- by :user:`robpats`. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 2771eb8bbcf..38b888c6545 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -279,6 +279,7 @@ Pahaz Blinov Panagiotis Kolokotronis Pankaj Pandey Parag Jain +Patrick Lee Pau Freixes Paul Colomiets Paul J. Dorn diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py index 0ec5cfb920f..f862088850f 100644 --- a/aiohttp/http_parser.py +++ b/aiohttp/http_parser.py @@ -964,6 +964,7 @@ class DeflateBuffer: def __init__(self, out: StreamReader, encoding: Optional[str]) -> None: self.out = out self.size = 0 + out.total_compressed_bytes = self.size self.encoding = encoding self._started_decoding = False @@ -997,6 +998,7 @@ def feed_data(self, chunk: bytes, size: int) -> None: return self.size += size + self.out.total_compressed_bytes = self.size # RFC1950 # bits 0..3 = CM = 0b1000 = 8 = "deflate" diff --git a/aiohttp/streams.py b/aiohttp/streams.py index 7a3f64d1289..e2bc04dd99c 100644 --- a/aiohttp/streams.py +++ b/aiohttp/streams.py @@ -130,6 +130,7 @@ class StreamReader(AsyncStreamReaderMixin): "_eof_callbacks", "_eof_counter", "total_bytes", + "total_compressed_bytes", ) def __init__( @@ -159,6 +160,7 @@ def __init__( self._eof_callbacks: List[Callable[[], None]] = [] self._eof_counter = 0 self.total_bytes = 0 + self.total_compressed_bytes: Optional[int] = None def __repr__(self) -> str: info = [self.__class__.__name__] @@ -250,6 +252,12 @@ async def wait_eof(self) -> None: finally: self._eof_waiter = None + @property + def total_raw_bytes(self) -> int: + if self.total_compressed_bytes is None: + return self.total_bytes + return self.total_compressed_bytes + def unread_data(self, data: bytes) -> None: """rollback reading some data from stream, inserting it to buffer head.""" warnings.warn( diff --git a/docs/streams.rst b/docs/streams.rst index 8e4be9d5343..415ded37e64 100644 --- a/docs/streams.rst +++ b/docs/streams.rst @@ -20,8 +20,8 @@ Streaming API :attr:`aiohttp.ClientResponse.content` properties for accessing raw BODY data. -Reading Methods ---------------- +Reading Attributes and Methods +------------------------------ .. method:: StreamReader.read(n=-1) :async: @@ -109,6 +109,13 @@ Reading Methods to the end of a HTTP chunk. +.. attribute:: StreamReader.total_raw_bytes + + The number of bytes of raw data downloaded (before decompression). + + Readonly :class:`int` property. + + Asynchronous Iteration Support ------------------------------ diff --git a/tests/test_client_functional.py b/tests/test_client_functional.py index eb0c822a4be..6ebfd01c6ca 100644 --- a/tests/test_client_functional.py +++ b/tests/test_client_functional.py @@ -5515,3 +5515,46 @@ async def handler(request: web.Request) -> web.Response: finally: await asyncio.to_thread(f.close) + + +async def test_stream_reader_total_raw_bytes(aiohttp_client: AiohttpClient) -> None: + """Test whether StreamReader.total_raw_bytes returns the number of bytes downloaded""" + source_data = b"@dKal^pH>1h|YW1:c2J$" * 4096 + + async def handler(request: web.Request) -> web.Response: + response = web.Response(body=source_data) + response.enable_compression() + return response + + app = web.Application() + app.router.add_get("/", handler) + + client = await aiohttp_client(app) + + # Check for decompressed data + async with client.get( + "/", headers={"Accept-Encoding": "gzip"}, auto_decompress=True + ) as resp: + assert resp.headers["Content-Encoding"] == "gzip" + assert int(resp.headers["Content-Length"]) < len(source_data) + data = await resp.content.read() + assert len(data) == len(source_data) + assert resp.content.total_raw_bytes == int(resp.headers["Content-Length"]) + + # Check for compressed data + async with client.get( + "/", headers={"Accept-Encoding": "gzip"}, auto_decompress=False + ) as resp: + assert resp.headers["Content-Encoding"] == "gzip" + data = await resp.content.read() + assert resp.content.total_raw_bytes == len(data) + assert resp.content.total_raw_bytes == int(resp.headers["Content-Length"]) + + # Check for non-compressed data + async with client.get( + "/", headers={"Accept-Encoding": "identity"}, auto_decompress=True + ) as resp: + assert "Content-Encoding" not in resp.headers + data = await resp.content.read() + assert resp.content.total_raw_bytes == len(data) + assert resp.content.total_raw_bytes == int(resp.headers["Content-Length"]) From f43b458a4e2e47b81bb8487adbf359049116eb13 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 6 Oct 2025 18:48:36 +0100 Subject: [PATCH 144/148] Release v3.13.0 (#11578) --- CHANGES.rst | 121 ++++++++++++++++++++++++++++++++++++ CHANGES/10851.bugfix.rst | 1 - CHANGES/10851.contrib.rst | 2 - CHANGES/10872.contrib.rst | 1 - CHANGES/11161.feature.rst | 2 - CHANGES/11233.doc.rst | 1 - CHANGES/11243.bugfix | 2 - CHANGES/11363.packaging | 2 - CHANGES/11425.packaging.rst | 1 - CHANGES/11464.feature.rst | 1 - CHANGES/11466.contrib.rst | 1 - CHANGES/11483.feature.rst | 2 - CHANGES/11523.bugfix.rst | 2 - CHANGES/11546.contrib.rst | 2 - aiohttp/__init__.py | 2 +- 15 files changed, 122 insertions(+), 21 deletions(-) delete mode 100644 CHANGES/10851.bugfix.rst delete mode 100644 CHANGES/10851.contrib.rst delete mode 100644 CHANGES/10872.contrib.rst delete mode 100644 CHANGES/11161.feature.rst delete mode 100644 CHANGES/11233.doc.rst delete mode 100644 CHANGES/11243.bugfix delete mode 100644 CHANGES/11363.packaging delete mode 100644 CHANGES/11425.packaging.rst delete mode 100644 CHANGES/11464.feature.rst delete mode 100644 CHANGES/11466.contrib.rst delete mode 100644 CHANGES/11483.feature.rst delete mode 100644 CHANGES/11523.bugfix.rst delete mode 100644 CHANGES/11546.contrib.rst diff --git a/CHANGES.rst b/CHANGES.rst index 88826347584..e536efd2fa0 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,6 +10,127 @@ .. towncrier release notes start +3.12.13 (2025-10-06) +==================== + +Features +-------- + +- Added support for Python 3.14. + + + *Related issues and pull requests on GitHub:* + :issue:`10851`, :issue:`10872`. + + + +- Added support for free-threading in Python 3.14+ -- by :user:`kumaraditya303`. + + + *Related issues and pull requests on GitHub:* + :issue:`11466`, :issue:`11464`. + + + +- Added support for Zstandard (aka Zstd) compression + -- by :user:`KGuillaume-chaps`. + + + *Related issues and pull requests on GitHub:* + :issue:`11161`. + + + +- Added ``StreamReader.total_raw_bytes`` to check the number of bytes downloaded + -- by :user:`robpats`. + + + *Related issues and pull requests on GitHub:* + :issue:`11483`. + + + +Bug fixes +--------- + +- Fixed pytest plugin to not use deprecated :py:mod:`asyncio` policy APIs. + + + *Related issues and pull requests on GitHub:* + :issue:`10851`. + + + +- Updated `Content-Disposition` header parsing to handle trailing semicolons and empty parts + -- by :user:`PLPeeters`. + + + *Related issues and pull requests on GitHub:* + :issue:`11243`. + + + +- Fixed saved ``CookieJar`` failing to be loaded if cookies have ``partitioned`` flag when + ``http.cookie`` does not have partitioned cookies supports. -- by :user:`Cycloctane`. + + + *Related issues and pull requests on GitHub:* + :issue:`11523`. + + + + +Improved documentation +---------------------- + +- Added ``Wireup`` to third-party libraries -- by :user:`maldoinc`. + + + *Related issues and pull requests on GitHub:* + :issue:`11233`. + + + + +Packaging updates and notes for downstreams +------------------------------------------- + +- The `blockbuster` test dependency is now optional; the corresponding test fixture is disabled when it is unavailable + -- by :user:`musicinybrain`. + + + *Related issues and pull requests on GitHub:* + :issue:`11363`. + + + +- Added ``riscv64`` build to releases -- by :user:`eshattow`. + + + *Related issues and pull requests on GitHub:* + :issue:`11425`. + + + + +Contributor-facing changes +-------------------------- + + + +- Fixed ``test_send_compress_text`` failing when alternative zlib implementation + is used. (``zlib-ng`` in python 3.14 windows build) -- by :user:`Cycloctane`. + + + *Related issues and pull requests on GitHub:* + :issue:`11546`. + + + + +---- + + 3.12.15 (2025-07-28) ==================== diff --git a/CHANGES/10851.bugfix.rst b/CHANGES/10851.bugfix.rst deleted file mode 100644 index 9c47cc95905..00000000000 --- a/CHANGES/10851.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed pytest plugin to not use deprecated :py:mod:`asyncio` policy APIs. diff --git a/CHANGES/10851.contrib.rst b/CHANGES/10851.contrib.rst deleted file mode 100644 index 623f96bc227..00000000000 --- a/CHANGES/10851.contrib.rst +++ /dev/null @@ -1,2 +0,0 @@ -Updated tests to avoid using deprecated :py:mod:`asyncio` policy APIs and -make it compatible with Python 3.14. diff --git a/CHANGES/10872.contrib.rst b/CHANGES/10872.contrib.rst deleted file mode 100644 index 6a95cd3e64a..00000000000 --- a/CHANGES/10872.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Updated dependencies to allow testing on Python 3.14. diff --git a/CHANGES/11161.feature.rst b/CHANGES/11161.feature.rst deleted file mode 100644 index 617c4147a38..00000000000 --- a/CHANGES/11161.feature.rst +++ /dev/null @@ -1,2 +0,0 @@ -Add support for Zstandard (aka Zstd) compression --- by :user:`KGuillaume-chaps`. diff --git a/CHANGES/11233.doc.rst b/CHANGES/11233.doc.rst deleted file mode 100644 index 4d63afa7d88..00000000000 --- a/CHANGES/11233.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Added ``Wireup`` to third-party libraries -- by :user:`maldoinc`. diff --git a/CHANGES/11243.bugfix b/CHANGES/11243.bugfix deleted file mode 100644 index 98ae195bb16..00000000000 --- a/CHANGES/11243.bugfix +++ /dev/null @@ -1,2 +0,0 @@ -Updated `Content-Disposition` header parsing to handle trailing semicolons and empty parts --- by :user:`PLPeeters`. diff --git a/CHANGES/11363.packaging b/CHANGES/11363.packaging deleted file mode 100644 index 65d54bf48c0..00000000000 --- a/CHANGES/11363.packaging +++ /dev/null @@ -1,2 +0,0 @@ -The `blockbuster` test dependency is now optional; the corresponding test fixture is disabled when it is unavailable --- by :user:`musicinybrain`. diff --git a/CHANGES/11425.packaging.rst b/CHANGES/11425.packaging.rst deleted file mode 100644 index a3cad5f6d96..00000000000 --- a/CHANGES/11425.packaging.rst +++ /dev/null @@ -1 +0,0 @@ -Added ``riscv64`` build to releases -- by :user:`eshattow`. diff --git a/CHANGES/11464.feature.rst b/CHANGES/11464.feature.rst deleted file mode 100644 index 12ebf117883..00000000000 --- a/CHANGES/11464.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Implemented support for free-threading builds of CPython -- by :user:`kumaraditya303`. diff --git a/CHANGES/11466.contrib.rst b/CHANGES/11466.contrib.rst deleted file mode 100644 index 07c5f40c82e..00000000000 --- a/CHANGES/11466.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Added free-threading CI job for CPython 3.14 -- by :user:`kumaraditya303`. diff --git a/CHANGES/11483.feature.rst b/CHANGES/11483.feature.rst deleted file mode 100644 index a8ef8b62c44..00000000000 --- a/CHANGES/11483.feature.rst +++ /dev/null @@ -1,2 +0,0 @@ -Added ``StreamReader.total_raw_bytes`` to check the number of bytes downloaded --- by :user:`robpats`. diff --git a/CHANGES/11523.bugfix.rst b/CHANGES/11523.bugfix.rst deleted file mode 100644 index 7b70bcf6e76..00000000000 --- a/CHANGES/11523.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix saved ``CookieJar`` fail to be loaded if cookies have ``partitioned`` flag when -``http.cookie`` does not have partitioned cookies supports. -- by :user:`Cycloctane`. diff --git a/CHANGES/11546.contrib.rst b/CHANGES/11546.contrib.rst deleted file mode 100644 index 5fda1bdbb98..00000000000 --- a/CHANGES/11546.contrib.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fixed ``test_send_compress_text`` failing when alternative zlib implementation -is used. (``zlib-ng`` in python 3.14 windows build) -- by :user:`Cycloctane`. diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py index 5ef03daa84e..92a7adc59cb 100644 --- a/aiohttp/__init__.py +++ b/aiohttp/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.13.0.dev0" +__version__ = "3.13.0" from typing import TYPE_CHECKING, Tuple From 6ae79d57ab20170944357932ddf4ae40818a7280 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Mon, 6 Oct 2025 13:55:22 -0500 Subject: [PATCH 145/148] Correct version number in changelog --- CHANGES.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index e536efd2fa0..5fdccd5ca45 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,8 +10,8 @@ .. towncrier release notes start -3.12.13 (2025-10-06) -==================== +3.13.0 (2025-10-06) +=================== Features -------- From 371373e7f6b3a6cc4c75cee079eaa77dbe37ba9f Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 6 Oct 2025 20:07:29 +0100 Subject: [PATCH 146/148] Fix changenote version (#11579) From dad23994127e2c3c1f7acd25701b528b4d5dfd39 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 6 Oct 2025 23:26:24 +0100 Subject: [PATCH 147/148] Fix flaky tests on 3.14 (#11584) --- tests/test_helpers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_helpers.py b/tests/test_helpers.py index 21c25ec38c7..e36b376bd73 100644 --- a/tests/test_helpers.py +++ b/tests/test_helpers.py @@ -294,9 +294,9 @@ def test_timeout_handle(loop: asyncio.AbstractEventLoop) -> None: def test_when_timeout_smaller_second(loop: asyncio.AbstractEventLoop) -> None: timeout = 0.1 - timer = loop.time() + timeout handle = helpers.TimeoutHandle(loop, timeout) + timer = loop.time() + timeout start_handle = handle.start() assert start_handle is not None when = start_handle.when() @@ -310,9 +310,9 @@ def test_when_timeout_smaller_second_with_low_threshold( loop: asyncio.AbstractEventLoop, ) -> None: timeout = 0.1 - timer = loop.time() + timeout handle = helpers.TimeoutHandle(loop, timeout, 0.01) + timer = loop.time() + timeout start_handle = handle.start() assert start_handle is not None when = start_handle.when() From 76e54a32dc03d37ccb6ce3a6438ea8aca6798867 Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 6 Oct 2025 23:50:53 +0100 Subject: [PATCH 148/148] Move Dependabot to 3.14 (#11585) --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 39cde1e004a..8b56354f345 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -25,7 +25,7 @@ updates: directory: "/" labels: - dependencies - target-branch: "3.13" + target-branch: "3.14" schedule: interval: "daily" open-pull-requests-limit: 10 @@ -37,7 +37,7 @@ updates: - dependency-type: "all" labels: - dependencies - target-branch: "3.13" + target-branch: "3.14" schedule: interval: "daily" open-pull-requests-limit: 10