diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6ac64362454..fddd531da59 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -25,7 +25,7 @@ updates: directory: "/" labels: - dependencies - target-branch: "3.14" + target-branch: "3.15" schedule: interval: "daily" open-pull-requests-limit: 10 @@ -37,7 +37,7 @@ updates: - dependency-type: "all" labels: - dependencies - target-branch: "3.14" + target-branch: "3.15" schedule: interval: "daily" open-pull-requests-limit: 10 @@ -53,6 +53,6 @@ updates: directory: "/tests/autobahn/" labels: - dependencies - target-branch: "3.14" + target-branch: "3.15" schedule: interval: "monthly" diff --git a/CHANGES.rst b/CHANGES.rst index 6082065d8de..97689f035a0 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,6 +10,698 @@ .. towncrier release notes start +3.14.0 (2026-06-01) +=================== + +We have a new website! https://aio-libs.org +Subscribe to the news feed to find out more about what we're working on in future. + +Features +-------- + +- Added ``RequestKey`` and ``ResponseKey`` classes, + which enable static type checking for request & response + context storages in the same way that ``AppKey`` does for ``Application`` + -- by :user:`gsoldatov`. + + + *Related issues and pull requests on GitHub:* + :issue:`11766`. + + + +- Added :func:`~aiohttp.encode_basic_auth` for encoding HTTP Basic + Authentication credentials. Replaces the now-deprecated + ``aiohttp.BasicAuth`` -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12499`. + + + +- Started accepting :term:`asynchronous context managers ` for cleanup contexts. + Legacy single-yield :term:`asynchronous generator` cleanup contexts continue to be + supported; async context managers are adapted internally so they are + entered at startup and exited during cleanup. + + -- by :user:`MannXo`. + + + *Related issues and pull requests on GitHub:* + :issue:`11681`. + + + +- Added :py:attr:`~aiohttp.CookieJar.cookies` and :py:attr:`~aiohttp.CookieJar.host_only_cookies` read-only properties to :py:class:`~aiohttp.CookieJar` exposing the stored cookies with their full attributes -- by :user:`Br1an67`. + + + *Related issues and pull requests on GitHub:* + :issue:`3951`. + + + +- Added :py:attr:`~aiohttp.web.TCPSite.port` accessor for dynamic port allocations in :class:`~aiohttp.web.TCPSite` -- by :user:`twhittock-disguise` and :user:`rodrigobnogueira`. + + + *Related issues and pull requests on GitHub:* + :issue:`10665`. + + + +- Added ``decode_text`` parameter to :meth:`~aiohttp.ClientSession.ws_connect` and :class:`~aiohttp.web.WebSocketResponse` to receive WebSocket TEXT messages as raw bytes instead of decoded strings, enabling direct use with high-performance JSON parsers like ``orjson`` -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`11763`, :issue:`11764`. + + + +- Large overhaul of parser/decompression code. + + The zip bomb security fix in 3.13 stopped highly compressed payloads + from being decompressed, regardless of validity. Now aiohttp will + decompress such payloads in chunks of 256+ KiB, allowing safe decompression + of such payloads. + + -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`11966`. + + + +- Added explicit APIs for bytes-returning JSON serializer: + ``JSONBytesEncoder`` type, ``JsonBytesPayload``, + :func:`~aiohttp.web.json_bytes_response`, + :meth:`~aiohttp.web.WebSocketResponse.send_json_bytes` and + :meth:`~aiohttp.ClientWebSocketResponse.send_json_bytes` methods, and + ``json_serialize_bytes`` parameter for :class:`~aiohttp.ClientSession` + -- by :user:`kevinpark1217`. + + + *Related issues and pull requests on GitHub:* + :issue:`11989`. + + + +- Added :attr:`~aiohttp.ClientResponse.output_size` and + :attr:`~aiohttp.ClientResponse.upload_complete` -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12452`. + + +Bug fixes +--------- + +- Fixed ``ZLibDecompressor`` silently dropping data past the first + member when decompressing concatenated gzip/deflate streams. Each subsequent + member is now handed to a fresh decompressor, matching the behaviour already + implemented for ZSTD multi-frame streams. + + -- by :user:`Ashutosh-177` + + + *Related issues and pull requests on GitHub:* + :issue:`7157`. + + + +- Improved the parser error message shown when TLS handshake bytes are received on an HTTP port -- by :user:`puneetdixit200`. + + + *Related issues and pull requests on GitHub:* + :issue:`10142`. + + + +- Fixed the C parser failing to reject a response with a body when none was expected -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`10587`. + + + +- Fixed http parser not rejecting HTTP/1.1 requests that do not have valid Host header. + -- by :user:`Cycloctane`. + + + *Related issues and pull requests on GitHub:* + :issue:`10600`. + + + +- Fixed misleading TLS-in-TLS warning being emitted when sending HTTPS requests through an HTTP proxy. The warning now only fires when the proxy itself uses HTTPS, which is the only case where TLS-in-TLS actually applies -- by :user:`wavebyrd`. + + + *Related issues and pull requests on GitHub:* + :issue:`10683`. + + + +- Fixed ``AssertionError`` when the transport is ``None`` during WebSocket + preparation or file response sending (e.g. when a client disconnects + immediately after connecting). A ``ConnectionResetError`` is now raised + instead -- by :user:`agners`. + + + *Related issues and pull requests on GitHub:* + :issue:`11761`. + + + +- Fixed ad-hoc cookies passed to individual requests not being sent when the session's cookie jar has ``unsafe=True`` and the target URL uses an IP address, by copying the ``unsafe`` setting from the session's cookie jar to the temporary cookie jar -- by :user:`Krishnachaitanyakc`. + + + *Related issues and pull requests on GitHub:* + :issue:`12011`. + + + +- Reset the WebSocket heartbeat timer on inbound data to avoid false ping/pong timeouts while receiving large frames + -- by :user:`hoffmang9`. + + + *Related issues and pull requests on GitHub:* + :issue:`12030`. + + + +- Switched :py:meth:`~aiohttp.CookieJar.save` to use JSON format and + :py:meth:`~aiohttp.CookieJar.load` to try JSON first with a fallback to + a restricted pickle unpickler -- by :user:`YuvalElbar6`. + + + *Related issues and pull requests on GitHub:* + :issue:`12091`. + + + +- Fixed redirects with consumed non-rewindable request bodies to raise + :class:`aiohttp.ClientPayloadError` instead of silently sending an empty body. + + + *Related issues and pull requests on GitHub:* + :issue:`12195`. + + + +- Fixed zstd decompression failing with ``ClientPayloadError`` when the server + sends a response as multiple zstd frames -- by :user:`josu-moreno`. + + + *Related issues and pull requests on GitHub:* + :issue:`12234`. + + + +- Fixed spurious ``Future exception was never retrieved`` warning on disconnect during back-pressure -- by :user:`availov`. + + + *Related issues and pull requests on GitHub:* + :issue:`12281`. + + + +- ``Cookiejar.save()`` now uses ``0x600`` permissions to better protect them from being read by other users -- by :user:`digiscrypt`. + + + *Related issues and pull requests on GitHub:* + :issue:`12312`. + + + +- Fixed a crash (:external+python:exc:`~http.cookies.CookieError`) in the cookie parser when receiving cookies + containing ASCII control characters on CPython builds with the :cve:`2026-3644` + patch. The parser now gracefully skips cookies whose value contains control + characters instead of letting the exception propagate -- by :user:`rodrigobnogueira`. + + + *Related issues and pull requests on GitHub:* + :issue:`12395`. + + + +- Fixed digest authentication failing for requests whose path or query string contains percent-encoded reserved characters; the digest signature now uses the encoded request-target that is sent on the wire instead of the decoded form -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12436`. + + + +- Fixed :func:`aiohttp.web.run_app` losing inner traceback frames when an + exception is raised during application startup (e.g. inside + ``cleanup_ctx`` or ``on_startup``). Regression since 3.10.6. + + + *Related issues and pull requests on GitHub:* + :issue:`12493`. + + + +- Fixed per-request ``cookies`` not being dropped on cross-origin redirects -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12550`. + + + +- Fixed invalid bytes being allowed in multipart/payload headers -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12719`. + + + +- Fixed :py:meth:`~aiohttp.FormData.add_field` accepting invalid bytes in ``name`` and ``filename`` -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12721`. + + + +- Fixed websocket upgrade occurring when header contained a value like `notupgrade` -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12723`. + + + + +Deprecations (removal in next major release) +-------------------------------------------- + +- Deprecated ``aiohttp.BasicAuth`` and the ``auth`` / ``proxy_auth`` + parameters. They will be removed in aiohttp 4.0. Use the new + :func:`~aiohttp.encode_basic_auth` helper together with + ``headers={"Authorization": ...}`` (or + ``proxy_headers={"Proxy-Authorization": ...}`` for proxies) instead. + Note that ``encode_basic_auth()`` defaults to `utf-8`, not `latin1` + -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12499`. + + + +- Added deprecation warning to ``aiohttp.pytest_plugin``, please switch to ``pytest-aiohttp`` -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`10785`. + + + +Removals and backward incompatible breaking changes +--------------------------------------------------- + +- Stopped calling :func:`socket.getfqdn` as the fallback for + :attr:`aiohttp.web.BaseRequest.host`. :func:`socket.getfqdn` + performs blocking reverse DNS resolution on the event loop + thread and can stall a worker for many seconds when the system + resolver is slow, and could be triggered remotely by an HTTP/1.0 + request that omits the ``Host`` header. The fallback when no + ``Host`` header is present is now the local socket address the + request arrived on (transport ``sockname``), or an empty string + if no transport information is available. Code that relied on + the FQDN being returned must now read it from + :func:`socket.getfqdn` directly, off the event loop + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`9308`, :issue:`12597`. + + + +- Dropped support for Python 3.9 -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`11601`. + + + +- Tightened outbound header serialization to reject all ASCII control + characters forbidden by :rfc:`9110#section-5.5` and :rfc:`9112#section-4` + (``0x00``\-``0x08``, ``0x0A``\-``0x1F``, ``0x7F``) in status lines, + header field-names, and field-values. Previously only CR, LF and NUL were + rejected. HTAB (``0x09``) remains permitted in field values. Applications + that placed bare control characters in outbound headers will now raise + :exc:`ValueError` instead of emitting non-RFC-compliant bytes -- by :user:`rodrigobnogueira`. + + + *Related issues and pull requests on GitHub:* + :issue:`12689`. + + + + +Improved documentation +---------------------- + +- Replaced the deprecated ``ujson`` library with ``orjson`` in the + client quickstart documentation. ``ujson`` has been put into + maintenance-only mode; ``orjson`` is the recommended alternative. + -- by :user:`indoor47` + + + *Related issues and pull requests on GitHub:* + :issue:`10795`. + + + +- Added the :doc:`threat_model` to the Sphinx documentation -- by :user:`omkar-334`. + + + *Related issues and pull requests on GitHub:* + :issue:`12549`. + + + +- Removed archived and deprecated repositories from third party list -- by :user:`Polandia94`. + + + *Related issues and pull requests on GitHub:* + :issue:`12726`. + + + +- Added ``aiointercept`` to list of third-party libraries -- by :user:`Polandia94`. + + + *Related issues and pull requests on GitHub:* + :issue:`12727`. + + + + +Packaging updates and notes for downstreams +------------------------------------------- + +- Added wheels for Android and iOS platforms -- by :user:`timrid`. + + + *Related issues and pull requests on GitHub:* + :issue:`11750`. + + + +- Parallelized the Cython extension compilation by defaulting + ``build_ext.parallel`` to ``os.cpu_count()``, so each module's + ``gcc`` invocation now runs concurrently instead of one at a time + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12576`. + + + +- Submitted vendored `llhttp` to Github's SBOM -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12678`. + + + +- Updated ``llhttp`` to v9.4.1 -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12681`. + + + + +Contributor-facing changes +-------------------------- + +- The coverage tool is now configured using the new native + auto-discovered :file:`.coveragerc.toml` file + -- by :user:`webknjaz`. + + It is also set up to use the ``ctrace`` core that works + around the performance issues in the ``sysmon`` tracer + which is default under Python 3.14. + + + *Related issues and pull requests on GitHub:* + :issue:`11826`. + + + +- Fixed and reworked ``autobahn`` tests -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12173`. + + + +- Added a CI job to measure Cython coverage -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12349`. + + + +- Disabled ``coverage`` and ``xdist`` by default to ease local development -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12364`. + + + +- Avoid installation of backports.zstd on Python 3.14 in linting dependency set + -- by :user:`seifertm`. + + + *Related issues and pull requests on GitHub:* + :issue:`12406`. + + + +- Added ``--durations=30`` to the benchmark CI run so the slowest tests are reported when the job hits its timeout -- by :user:`aiolibsbot`. + + + *Related issues and pull requests on GitHub:* + :issue:`12562`. + + + +- Fixed two flakey ``test_middleware_uses_session_avoids_recursion_with_*`` tests + that hard coded ``localhost`` in the inner middleware request; they now target + the bound server URL so happy eyeballs cannot pick an unbound address on + Windows runners -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12571`. + + + +- Restricted the ``isal`` test dependency to CPython, since + ``isal`` 1.8.0 stopped publishing PyPy wheels and the source + build requires ``nasm``, which is not available on the CI + runners. The ``parametrize_zlib_backend`` fixture already + calls ``pytest.importorskip``, so PyPy continues to exercise + the ``zlib`` and ``zlib_ng`` backends with no further + changes -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12589`. + + + +- Fixed a flakey ``test_tcp_connector_fingerprint_ok`` by aborting + the SSL shutdown on the test's TCP connector before returning. + The graceful TLS close was occasionally outliving the test event + loop on one of the CI jobs, and the teardown ``gc.collect()`` + then surfaced the still-open transport as a + ``PytestUnraisableExceptionWarning`` -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12592`. + + + +- Switched the ``cibuildwheel`` build frontend to ``build[uv]`` so + that ``uv`` provisions every build-isolation virtual environment + in the wheel matrix, replacing the per-ABI ``pip`` resolve with a + roughly sub-second ``uv`` resolve + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12595`. + + + +- Fixed flaky ``test_handler_returns_not_response`` and + ``test_handler_returns_none`` by routing ``loop.set_debug(True)`` + through a new ``loop_debug_mode`` fixture that disables debug + mode before the ``aiohttp_client`` fixture finalizes. Leaving + debug on through teardown let PyPy 3.11's asyncio slow-callback + logger walk into ``Task.__repr__`` during connector close, + surfacing a spurious ``RuntimeWarning: coroutine was never + awaited`` -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12603`. + + + +- Reduced runtime of several of the slowest unit tests + (decompress size-limit payloads from 64 MiB to 2 MiB, + ``test_chunk_splits_after_pause`` chunk count from 50000 + to 20000, and ``test_set_cookies_max_age`` sleep from 2 + seconds to 1.1 seconds) without changing what they + exercise -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12606`. + + + +- Added a default 120-second per-test timeout via ``pytest-timeout`` so a + hung test surfaces by name in CI output instead of getting hidden behind + the job-level timeout added in :pr:`12619`. The ``autobahn`` and + benchmark jobs opt out with ``--timeout=0`` -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12624`. + + + +- Switched the CI ``test`` and ``autobahn`` jobs from + ``actions/setup-python`` to ``astral-sh/setup-uv`` for installing + interpreters, cutting the ``Setup Python`` step from 40-58s to a + few seconds on ``macos-latest`` and ``windows-latest`` runners for + variants not in the hosted tool-cache (notably the free-threaded + ``3.14t``) + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12629`. + + + +- Made the ``pip`` command used by the :file:`Makefile` configurable via a + ``PIP`` variable; downstream consumers can now run, for example, + ``make .develop PIP="uv pip"`` to install via ``uv`` without us + maintaining a parallel target + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12641`. + + + +- Allowed re-running the ``deploy`` job in ``.github/workflows/ci-cd.yml`` + after a partial release failure: the ``Make Release`` step now skips + when the GitHub Release already exists, and the PyPI publish step uses + ``skip-existing`` so dists that were already uploaded on a prior + attempt do not break the retry -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12651`. + + + +- Switched the armv7l wheel builds onto GitHub's hosted ARM runners. The + 32-bit ARM build still runs under QEMU, but the host is now aarch64 + rather than x86_64, so the emulation overhead drops sharply + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12655`. + + + + +Miscellaneous internal changes +------------------------------ + +- Added win_arm64 to the wheels that gets pushed to PyPI + -- by :user:`AraHaan`. + + + *Related issues and pull requests on GitHub:* + :issue:`11937`. + + + +- Added ``cdef`` type declarations and inlined the upgrade check in the HTTP parser + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12321`. + + + +- Changed ``zlib_executor_size`` default so compressed payloads are async by default -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12358`. + + + +- Added ``THREAT_MODEL.md`` detailing our security stance -- by :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12512`. + + + +- Reduced payload sizes and request counts in the slowest client and URL + dispatcher benchmarks so they no longer dominate CI runtime + -- by :user:`bdraco`. + + + *Related issues and pull requests on GitHub:* + :issue:`12569`. + + + +- Improved ``ContentLengthError`` exception messages to include both expected and received byte counts. This enhancement provides better diagnostics when debugging response body size mismatches + -- by :user:`bdraco` and :user:`Dreamsorcerer`. + + + *Related issues and pull requests on GitHub:* + :issue:`12753`. + + + + +---- + + 3.13.5 (2026-03-31) =================== diff --git a/CHANGES/10142.bugfix.rst b/CHANGES/10142.bugfix.rst deleted file mode 100644 index 821db59818d..00000000000 --- a/CHANGES/10142.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Improved the parser error message shown when TLS handshake bytes are received on an HTTP port -- by :user:`puneetdixit200`. diff --git a/CHANGES/10587.bugfix.rst b/CHANGES/10587.bugfix.rst deleted file mode 100644 index f60e1d17c5f..00000000000 --- a/CHANGES/10587.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed the C parser failing to reject a response with a body when none was expected -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/10600.bugfix.rst b/CHANGES/10600.bugfix.rst deleted file mode 100644 index eba47bf56e6..00000000000 --- a/CHANGES/10600.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fixed http parser not rejecting HTTP/1.1 requests that do not have valid Host header. --- by :user:`Cycloctane`. diff --git a/CHANGES/10665.feature.rst b/CHANGES/10665.feature.rst deleted file mode 100644 index afb4768c7cf..00000000000 --- a/CHANGES/10665.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Added :py:attr:`~aiohttp.web.TCPSite.port` accessor for dynamic port allocations in :class:`~aiohttp.web.TCPSite` -- by :user:`twhittock-disguise` and :user:`rodrigobnogueira`. diff --git a/CHANGES/10683.bugfix.rst b/CHANGES/10683.bugfix.rst deleted file mode 100644 index 9631cc5fa05..00000000000 --- a/CHANGES/10683.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed misleading TLS-in-TLS warning being emitted when sending HTTPS requests through an HTTP proxy. The warning now only fires when the proxy itself uses HTTPS, which is the only case where TLS-in-TLS actually applies -- by :user:`wavebyrd`. diff --git a/CHANGES/10753.bugfix.rst b/CHANGES/10753.bugfix.rst deleted file mode 100644 index e0f4cfd0dd1..00000000000 --- a/CHANGES/10753.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Widened ``trace_request_ctx`` parameter type from ``Mapping[str, Any] | None`` to ``object`` to allow passing instances of user-defined classes as trace context -- by :user:`nightcityblade`. diff --git a/CHANGES/10795.doc.rst b/CHANGES/10795.doc.rst deleted file mode 100644 index 91094f70c13..00000000000 --- a/CHANGES/10795.doc.rst +++ /dev/null @@ -1,4 +0,0 @@ -Replaced the deprecated ``ujson`` library with ``orjson`` in the -client quickstart documentation. ``ujson`` has been put into -maintenance-only mode; ``orjson`` is the recommended alternative. --- by :user:`indoor47` diff --git a/CHANGES/11601.breaking.rst b/CHANGES/11601.breaking.rst deleted file mode 100644 index c2eccbd9e1c..00000000000 --- a/CHANGES/11601.breaking.rst +++ /dev/null @@ -1 +0,0 @@ -Dropped support for Python 3.9 -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/11681.feature.rst b/CHANGES/11681.feature.rst deleted file mode 100644 index 21b0ab1f7c7..00000000000 --- a/CHANGES/11681.feature.rst +++ /dev/null @@ -1,6 +0,0 @@ -Started accepting :term:`asynchronous context managers ` for cleanup contexts. -Legacy single-yield :term:`asynchronous generator` cleanup contexts continue to be -supported; async context managers are adapted internally so they are -entered at startup and exited during cleanup. - --- by :user:`MannXo`. diff --git a/CHANGES/11750.packaging.rst b/CHANGES/11750.packaging.rst deleted file mode 100644 index 2af5e11cf45..00000000000 --- a/CHANGES/11750.packaging.rst +++ /dev/null @@ -1 +0,0 @@ -Added wheels for Android and iOS platforms -- by :user:`timrid`. diff --git a/CHANGES/11761.bugfix.rst b/CHANGES/11761.bugfix.rst deleted file mode 100644 index d4661c6d4a1..00000000000 --- a/CHANGES/11761.bugfix.rst +++ /dev/null @@ -1,4 +0,0 @@ -Fixed ``AssertionError`` when the transport is ``None`` during WebSocket -preparation or file response sending (e.g. when a client disconnects -immediately after connecting). A ``ConnectionResetError`` is now raised -instead -- by :user:`agners`. diff --git a/CHANGES/11763.feature.rst b/CHANGES/11763.feature.rst deleted file mode 100644 index b34bfafaca8..00000000000 --- a/CHANGES/11763.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Added ``decode_text`` parameter to :meth:`~aiohttp.ClientSession.ws_connect` and :class:`~aiohttp.web.WebSocketResponse` to receive WebSocket TEXT messages as raw bytes instead of decoded strings, enabling direct use with high-performance JSON parsers like ``orjson`` -- by :user:`bdraco`. diff --git a/CHANGES/11764.feature.rst b/CHANGES/11764.feature.rst deleted file mode 120000 index 0860becd808..00000000000 --- a/CHANGES/11764.feature.rst +++ /dev/null @@ -1 +0,0 @@ -11763.feature.rst \ No newline at end of file diff --git a/CHANGES/11766.feature.rst b/CHANGES/11766.feature.rst deleted file mode 100644 index de57ca44543..00000000000 --- a/CHANGES/11766.feature.rst +++ /dev/null @@ -1,4 +0,0 @@ -Added ``RequestKey`` and ``ResponseKey`` classes, -which enable static type checking for request & response -context storages in the same way that ``AppKey`` does for ``Application`` --- by :user:`gsoldatov`. diff --git a/CHANGES/11826.contrib.rst b/CHANGES/11826.contrib.rst deleted file mode 100644 index 134eda601c2..00000000000 --- a/CHANGES/11826.contrib.rst +++ /dev/null @@ -1,7 +0,0 @@ -The coverage tool is now configured using the new native -auto-discovered :file:`.coveragerc.toml` file --- by :user:`webknjaz`. - -It is also set up to use the ``ctrace`` core that works -around the performance issues in the ``sysmon`` tracer -which is default under Python 3.14. diff --git a/CHANGES/11937.misc.rst b/CHANGES/11937.misc.rst deleted file mode 100644 index e8435d14618..00000000000 --- a/CHANGES/11937.misc.rst +++ /dev/null @@ -1,2 +0,0 @@ -Added win_arm64 to the wheels that gets pushed to PyPI --- by :user:`AraHaan`. diff --git a/CHANGES/11966.feature.rst b/CHANGES/11966.feature.rst deleted file mode 100644 index 9f298f98e12..00000000000 --- a/CHANGES/11966.feature.rst +++ /dev/null @@ -1,8 +0,0 @@ -Large overhaul of parser/decompression code. - -The zip bomb security fix in 3.13 stopped highly compressed payloads -from being decompressed, regardless of validity. Now aiohttp will -decompress such payloads in chunks of 256+ KiB, allowing safe decompression -of such payloads. - --- by :user:`Dreamsorcerer`. diff --git a/CHANGES/11989.feature.rst b/CHANGES/11989.feature.rst deleted file mode 100644 index ced05b5e100..00000000000 --- a/CHANGES/11989.feature.rst +++ /dev/null @@ -1,7 +0,0 @@ -Added explicit APIs for bytes-returning JSON serializer: -``JSONBytesEncoder`` type, ``JsonBytesPayload``, -:func:`~aiohttp.web.json_bytes_response`, -:meth:`~aiohttp.web.WebSocketResponse.send_json_bytes` and -:meth:`~aiohttp.ClientWebSocketResponse.send_json_bytes` methods, and -``json_serialize_bytes`` parameter for :class:`~aiohttp.ClientSession` --- by :user:`kevinpark1217`. diff --git a/CHANGES/12011.bugfix.rst b/CHANGES/12011.bugfix.rst deleted file mode 100644 index 701a2ed01e3..00000000000 --- a/CHANGES/12011.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed ad-hoc cookies passed to individual requests not being sent when the session's cookie jar has ``unsafe=True`` and the target URL uses an IP address, by copying the ``unsafe`` setting from the session's cookie jar to the temporary cookie jar -- by :user:`Krishnachaitanyakc`. diff --git a/CHANGES/12030.bugfix.rst b/CHANGES/12030.bugfix.rst deleted file mode 100644 index 5f2f8ba5c3c..00000000000 --- a/CHANGES/12030.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Reset the WebSocket heartbeat timer on inbound data to avoid false ping/pong timeouts while receiving large frames --- by :user:`hoffmang9`. diff --git a/CHANGES/12173.contrib.rst b/CHANGES/12173.contrib.rst deleted file mode 100644 index 7c1bd3d1c1b..00000000000 --- a/CHANGES/12173.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed and reworked ``autobahn`` tests -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12195.bugfix.rst b/CHANGES/12195.bugfix.rst deleted file mode 100644 index 34729b52f0d..00000000000 --- a/CHANGES/12195.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fixed redirects with consumed non-rewindable request bodies to raise -:class:`aiohttp.ClientPayloadError` instead of silently sending an empty body. diff --git a/CHANGES/12234.bugfix.rst b/CHANGES/12234.bugfix.rst deleted file mode 100644 index 64bcfa24f69..00000000000 --- a/CHANGES/12234.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fixed zstd decompression failing with ``ClientPayloadError`` when the server -sends a response as multiple zstd frames -- by :user:`josu-moreno`. diff --git a/CHANGES/12281.bugfix.rst b/CHANGES/12281.bugfix.rst deleted file mode 100644 index 63521a73b1c..00000000000 --- a/CHANGES/12281.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed spurious ``Future exception was never retrieved`` warning on disconnect during back-pressure -- by :user:`availov`. diff --git a/CHANGES/12312.bugfix.rst b/CHANGES/12312.bugfix.rst deleted file mode 100644 index a7d240ad79c..00000000000 --- a/CHANGES/12312.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -``Cookiejar.save()`` now uses ``0x600`` permissions to better protect them from being read by other users -- by :user:`digiscrypt`. diff --git a/CHANGES/12321.misc.rst b/CHANGES/12321.misc.rst deleted file mode 100644 index 71f9db77675..00000000000 --- a/CHANGES/12321.misc.rst +++ /dev/null @@ -1,2 +0,0 @@ -Added ``cdef`` type declarations and inlined the upgrade check in the HTTP parser --- by :user:`bdraco`. diff --git a/CHANGES/12349.contrib.rst b/CHANGES/12349.contrib.rst deleted file mode 100644 index 12aeb069354..00000000000 --- a/CHANGES/12349.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Added a CI job to measure Cython coverage -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12358.misc.rst b/CHANGES/12358.misc.rst deleted file mode 100644 index 7b035023500..00000000000 --- a/CHANGES/12358.misc.rst +++ /dev/null @@ -1 +0,0 @@ -Changed ``zlib_executor_size`` default so compressed payloads are async by default -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12364.contrib.rst b/CHANGES/12364.contrib.rst deleted file mode 100644 index 21b9eb1b271..00000000000 --- a/CHANGES/12364.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Disabled ``coverage`` and ``xdist`` by default to ease local development -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12395.bugfix.rst b/CHANGES/12395.bugfix.rst deleted file mode 100644 index e3c67bfa7aa..00000000000 --- a/CHANGES/12395.bugfix.rst +++ /dev/null @@ -1,4 +0,0 @@ -Fixed a crash (:external+python:exc:`~http.cookies.CookieError`) in the cookie parser when receiving cookies -containing ASCII control characters on CPython builds with the :cve:`2026-3644` -patch. The parser now gracefully skips cookies whose value contains control -characters instead of letting the exception propagate -- by :user:`rodrigobnogueira`. diff --git a/CHANGES/12406.contrib.rst b/CHANGES/12406.contrib.rst deleted file mode 100644 index 9bcbee91e09..00000000000 --- a/CHANGES/12406.contrib.rst +++ /dev/null @@ -1,2 +0,0 @@ -Avoid installation of backports.zstd on Python 3.14 in linting dependency set --- by :user:`seifertm`. diff --git a/CHANGES/12436.bugfix.rst b/CHANGES/12436.bugfix.rst deleted file mode 100644 index d6f7e160697..00000000000 --- a/CHANGES/12436.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed digest authentication failing for requests whose path or query string contains percent-encoded reserved characters; the digest signature now uses the encoded request-target that is sent on the wire instead of the decoded form -- by :user:`bdraco`. diff --git a/CHANGES/12452.feature.rst b/CHANGES/12452.feature.rst deleted file mode 100644 index ad4936323da..00000000000 --- a/CHANGES/12452.feature.rst +++ /dev/null @@ -1,2 +0,0 @@ -Added :attr:`~aiohttp.ClientResponse.output_size` and -:attr:`~aiohttp.ClientResponse.upload_complete` -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12493.bugfix b/CHANGES/12493.bugfix deleted file mode 100644 index 7a68daec0ba..00000000000 --- a/CHANGES/12493.bugfix +++ /dev/null @@ -1,3 +0,0 @@ -Fixed :func:`aiohttp.web.run_app` losing inner traceback frames when an -exception is raised during application startup (e.g. inside -``cleanup_ctx`` or ``on_startup``). Regression since 3.10.6. diff --git a/CHANGES/12499.deprecation.rst b/CHANGES/12499.deprecation.rst deleted file mode 100644 index 7c437b4e998..00000000000 --- a/CHANGES/12499.deprecation.rst +++ /dev/null @@ -1,7 +0,0 @@ -Deprecated ``BasicAuth`` and the ``auth`` / ``proxy_auth`` -parameters. They will be removed in aiohttp 4.0. Use the new -:func:`~aiohttp.encode_basic_auth` helper together with -``headers={"Authorization": ...}`` (or -``proxy_headers={"Proxy-Authorization": ...}`` for proxies) instead. -Note that ``encode_basic_auth()`` defaults to `utf-8`, not `latin1` --- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12499.feature.rst b/CHANGES/12499.feature.rst deleted file mode 100644 index 0350649e07d..00000000000 --- a/CHANGES/12499.feature.rst +++ /dev/null @@ -1,3 +0,0 @@ -Added :func:`~aiohttp.encode_basic_auth` for encoding HTTP Basic -Authentication credentials. Replaces the now-deprecated -``BasicAuth`` -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12512.misc.rst b/CHANGES/12512.misc.rst deleted file mode 100644 index c3acbcce786..00000000000 --- a/CHANGES/12512.misc.rst +++ /dev/null @@ -1 +0,0 @@ -Added ``THREAT_MODEL.md`` detailing our security stance -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12549.doc.rst b/CHANGES/12549.doc.rst deleted file mode 100644 index 0288c33cba5..00000000000 --- a/CHANGES/12549.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Added the :doc:`threat_model` to the Sphinx documentation -- by :user:`omkar-334`. diff --git a/CHANGES/12562.contrib.rst b/CHANGES/12562.contrib.rst deleted file mode 100644 index 0d89212d365..00000000000 --- a/CHANGES/12562.contrib.rst +++ /dev/null @@ -1 +0,0 @@ -Added ``--durations=30`` to the benchmark CI run so the slowest tests are reported when the job hits its timeout -- by :user:`aiolibsbot`. diff --git a/CHANGES/12569.misc.rst b/CHANGES/12569.misc.rst deleted file mode 100644 index 32af3f259b4..00000000000 --- a/CHANGES/12569.misc.rst +++ /dev/null @@ -1,3 +0,0 @@ -Reduced payload sizes and request counts in the slowest client and URL -dispatcher benchmarks so they no longer dominate CI runtime --- by :user:`bdraco`. diff --git a/CHANGES/12571.contrib.rst b/CHANGES/12571.contrib.rst deleted file mode 100644 index 8fb1b309375..00000000000 --- a/CHANGES/12571.contrib.rst +++ /dev/null @@ -1,4 +0,0 @@ -Fixed two flakey ``test_middleware_uses_session_avoids_recursion_with_*`` tests -that hard coded ``localhost`` in the inner middleware request; they now target -the bound server URL so happy eyeballs cannot pick an unbound address on -Windows runners -- by :user:`bdraco`. diff --git a/CHANGES/12576.packaging.rst b/CHANGES/12576.packaging.rst deleted file mode 100644 index dc748bfe726..00000000000 --- a/CHANGES/12576.packaging.rst +++ /dev/null @@ -1,4 +0,0 @@ -Parallelized the Cython extension compilation by defaulting -``build_ext.parallel`` to ``os.cpu_count()``, so each module's -``gcc`` invocation now runs concurrently instead of one at a time --- by :user:`bdraco`. diff --git a/CHANGES/12589.contrib.rst b/CHANGES/12589.contrib.rst deleted file mode 100644 index dc7f6400d57..00000000000 --- a/CHANGES/12589.contrib.rst +++ /dev/null @@ -1,7 +0,0 @@ -Restricted the ``isal`` test dependency to CPython, since -``isal`` 1.8.0 stopped publishing PyPy wheels and the source -build requires ``nasm``, which is not available on the CI -runners. The ``parametrize_zlib_backend`` fixture already -calls ``pytest.importorskip``, so PyPy continues to exercise -the ``zlib`` and ``zlib_ng`` backends with no further -changes -- by :user:`bdraco`. diff --git a/CHANGES/12592.contrib.rst b/CHANGES/12592.contrib.rst deleted file mode 100644 index 76d2f8b7035..00000000000 --- a/CHANGES/12592.contrib.rst +++ /dev/null @@ -1,6 +0,0 @@ -Fixed a flakey ``test_tcp_connector_fingerprint_ok`` by aborting -the SSL shutdown on the test's TCP connector before returning. -The graceful TLS close was occasionally outliving the test event -loop on one of the CI jobs, and the teardown ``gc.collect()`` -then surfaced the still-open transport as a -``PytestUnraisableExceptionWarning`` -- by :user:`bdraco`. diff --git a/CHANGES/12595.contrib.rst b/CHANGES/12595.contrib.rst deleted file mode 100644 index 54af2262fb1..00000000000 --- a/CHANGES/12595.contrib.rst +++ /dev/null @@ -1,5 +0,0 @@ -Switched the ``cibuildwheel`` build frontend to ``build[uv]`` so -that ``uv`` provisions every build-isolation virtual environment -in the wheel matrix, replacing the per-ABI ``pip`` resolve with a -roughly sub-second ``uv`` resolve --- by :user:`bdraco`. diff --git a/CHANGES/12597.breaking.rst b/CHANGES/12597.breaking.rst deleted file mode 120000 index 651891d5065..00000000000 --- a/CHANGES/12597.breaking.rst +++ /dev/null @@ -1 +0,0 @@ -9308.breaking.rst \ No newline at end of file diff --git a/CHANGES/12603.contrib.rst b/CHANGES/12603.contrib.rst deleted file mode 100644 index 51574d02868..00000000000 --- a/CHANGES/12603.contrib.rst +++ /dev/null @@ -1,8 +0,0 @@ -Fixed flaky ``test_handler_returns_not_response`` and -``test_handler_returns_none`` by routing ``loop.set_debug(True)`` -through a new ``loop_debug_mode`` fixture that disables debug -mode before the ``aiohttp_client`` fixture finalizes. Leaving -debug on through teardown let PyPy 3.11's asyncio slow-callback -logger walk into ``Task.__repr__`` during connector close, -surfacing a spurious ``RuntimeWarning: coroutine was never -awaited`` -- by :user:`bdraco`. diff --git a/CHANGES/12606.contrib.rst b/CHANGES/12606.contrib.rst deleted file mode 100644 index 72925114e8c..00000000000 --- a/CHANGES/12606.contrib.rst +++ /dev/null @@ -1,6 +0,0 @@ -Reduced runtime of several of the slowest unit tests -(decompress size-limit payloads from 64 MiB to 2 MiB, -``test_chunk_splits_after_pause`` chunk count from 50000 -to 20000, and ``test_set_cookies_max_age`` sleep from 2 -seconds to 1.1 seconds) without changing what they -exercise -- by :user:`bdraco`. diff --git a/CHANGES/12624.contrib.rst b/CHANGES/12624.contrib.rst deleted file mode 100644 index 0c7e2a0a548..00000000000 --- a/CHANGES/12624.contrib.rst +++ /dev/null @@ -1,4 +0,0 @@ -Added a default 120-second per-test timeout via ``pytest-timeout`` so a -hung test surfaces by name in CI output instead of getting hidden behind -the job-level timeout added in :pr:`12619`. The ``autobahn`` and -benchmark jobs opt out with ``--timeout=0`` -- by :user:`bdraco`. diff --git a/CHANGES/12629.contrib.rst b/CHANGES/12629.contrib.rst deleted file mode 100644 index 8c10b198425..00000000000 --- a/CHANGES/12629.contrib.rst +++ /dev/null @@ -1,7 +0,0 @@ -Switched the CI ``test`` and ``autobahn`` jobs from -``actions/setup-python`` to ``astral-sh/setup-uv`` for installing -interpreters, cutting the ``Setup Python`` step from 40-58s to a -few seconds on ``macos-latest`` and ``windows-latest`` runners for -variants not in the hosted tool-cache (notably the free-threaded -``3.14t``) --- by :user:`bdraco`. diff --git a/CHANGES/12641.contrib.rst b/CHANGES/12641.contrib.rst deleted file mode 100644 index 626500a41b3..00000000000 --- a/CHANGES/12641.contrib.rst +++ /dev/null @@ -1,5 +0,0 @@ -Made the ``pip`` command used by the ``Makefile`` configurable via a -``PIP`` variable; downstream consumers can now run, for example, -``make .develop PIP="uv pip"`` to install via ``uv`` without us -maintaining a parallel target --- by :user:`bdraco`. diff --git a/CHANGES/12651.contrib.rst b/CHANGES/12651.contrib.rst deleted file mode 100644 index 0318ed0d084..00000000000 --- a/CHANGES/12651.contrib.rst +++ /dev/null @@ -1,5 +0,0 @@ -Allowed re-running the ``deploy`` job in ``.github/workflows/ci-cd.yml`` -after a partial release failure: the ``Make Release`` step now skips -when the GitHub Release already exists, and the PyPI publish step uses -``skip-existing`` so dists that were already uploaded on a prior -attempt do not break the retry -- by :user:`bdraco`. diff --git a/CHANGES/12655.contrib.rst b/CHANGES/12655.contrib.rst deleted file mode 100644 index f5c76cd4105..00000000000 --- a/CHANGES/12655.contrib.rst +++ /dev/null @@ -1,4 +0,0 @@ -Switched the armv7l wheel builds onto GitHub's hosted ARM runners. The -32-bit ARM build still runs under QEMU, but the host is now aarch64 -rather than x86_64, so the emulation overhead drops sharply --- by :user:`bdraco`. diff --git a/CHANGES/12678.packaging.rst b/CHANGES/12678.packaging.rst deleted file mode 100644 index 7e459cf9ff5..00000000000 --- a/CHANGES/12678.packaging.rst +++ /dev/null @@ -1 +0,0 @@ -Submitted vendored `llhttp` to Github's SBOM -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12681.packaging.rst b/CHANGES/12681.packaging.rst deleted file mode 100644 index 1cd12837ecb..00000000000 --- a/CHANGES/12681.packaging.rst +++ /dev/null @@ -1 +0,0 @@ -Updated ``llhttp`` to v9.4.1 -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12689.breaking.rst b/CHANGES/12689.breaking.rst deleted file mode 100644 index 9d807e00769..00000000000 --- a/CHANGES/12689.breaking.rst +++ /dev/null @@ -1,7 +0,0 @@ -Tightened outbound header serialization to reject all ASCII control -characters forbidden by :rfc:`9110#section-5.5` and :rfc:`9112#section-4` -(``0x00``\-``0x08``, ``0x0A``\-``0x1F``, ``0x7F``) in status lines, -header field-names, and field-values. Previously only CR, LF and NUL were -rejected. HTAB (``0x09``) remains permitted in field values. Applications -that placed bare control characters in outbound headers will now raise -:exc:`ValueError` instead of emitting non-RFC-compliant bytes -- by :user:`rodrigobnogueira`. diff --git a/CHANGES/12726.doc.rst b/CHANGES/12726.doc.rst deleted file mode 100644 index 45e1212acd1..00000000000 --- a/CHANGES/12726.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Removed archived and deprecated repositories from third party list -- by :user:`Polandia94`. diff --git a/CHANGES/12727.bugfix.rst b/CHANGES/12727.bugfix.rst deleted file mode 100644 index d74b5eae2d3..00000000000 --- a/CHANGES/12727.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed websocket upgrade occurring when header contained a value like `notupgrade` -- by :user:`Dreamsorcerer`. diff --git a/CHANGES/12727.doc.rst b/CHANGES/12727.doc.rst deleted file mode 100644 index 61ffeb82274..00000000000 --- a/CHANGES/12727.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Added ``aiointercept`` to list of third-party libraries -- by :user:`Polandia94`. diff --git a/CHANGES/12753.misc.rst b/CHANGES/12753.misc.rst deleted file mode 100644 index 0b73044f46a..00000000000 --- a/CHANGES/12753.misc.rst +++ /dev/null @@ -1,2 +0,0 @@ -Improved ``ContentLengthError`` exception messages to include both expected and received byte counts. This enhancement provides better diagnostics when debugging response body size mismatches --- by :user:`bdraco` and :user:`Dreamsorcerer`. diff --git a/CHANGES/3951.feature.rst b/CHANGES/3951.feature.rst deleted file mode 100644 index ba127c20a83..00000000000 --- a/CHANGES/3951.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Added :py:attr:`~aiohttp.CookieJar.cookies` and :py:attr:`~aiohttp.CookieJar.host_only_cookies` read-only properties to :py:class:`~aiohttp.CookieJar` exposing the stored cookies with their full attributes -- by :user:`Br1an67`. diff --git a/CHANGES/7157.bugfix.rst b/CHANGES/7157.bugfix.rst deleted file mode 100644 index 60f06d8da9f..00000000000 --- a/CHANGES/7157.bugfix.rst +++ /dev/null @@ -1,6 +0,0 @@ -Fixed ``ZLibDecompressor`` silently dropping data past the first -member when decompressing concatenated gzip/deflate streams. Each subsequent -member is now handed to a fresh decompressor, matching the behaviour already -implemented for ZSTD multi-frame streams. - --- by :user:`Ashutosh-177` diff --git a/CHANGES/9308.breaking.rst b/CHANGES/9308.breaking.rst deleted file mode 100644 index afb3965ab8f..00000000000 --- a/CHANGES/9308.breaking.rst +++ /dev/null @@ -1,12 +0,0 @@ -Stopped calling :func:`socket.getfqdn` as the fallback for -:attr:`aiohttp.web.BaseRequest.host`. :func:`socket.getfqdn` -performs blocking reverse DNS resolution on the event loop -thread and can stall a worker for many seconds when the system -resolver is slow, and could be triggered remotely by an HTTP/1.0 -request that omits the ``Host`` header. The fallback when no -``Host`` header is present is now the local socket address the -request arrived on (transport ``sockname``), or an empty string -if no transport information is available. Code that relied on -the FQDN being returned must now read it from -:func:`socket.getfqdn` directly, off the event loop --- by :user:`bdraco`. diff --git a/CHANGES/9705.contrib.rst b/CHANGES/9705.contrib.rst deleted file mode 100644 index 5eaef0c4398..00000000000 --- a/CHANGES/9705.contrib.rst +++ /dev/null @@ -1,2 +0,0 @@ -Reduced the runtime of a client timeout regression test by shortening its artificial response delay. --- by :user:`nightcityblade`. diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt index 1eeed867279..eddfe0ba674 100644 --- a/requirements/base-ft.txt +++ b/requirements/base-ft.txt @@ -24,7 +24,7 @@ frozenlist==1.8.0 # aiosignal gunicorn==26.0.0 # via -r requirements/base-ft.in -idna==3.17 +idna==3.18 # via yarl multidict==6.7.1 # via diff --git a/requirements/base.txt b/requirements/base.txt index 159c65a0ce2..863268a60c8 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -24,7 +24,7 @@ frozenlist==1.8.0 # aiosignal gunicorn==26.0.0 # via -r requirements/base.in -idna==3.17 +idna==3.18 # via yarl multidict==6.7.1 # via diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 01204e1ff22..0e1600af659 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -71,7 +71,7 @@ cryptography==48.0.0 # via trustme cython==3.2.5 # via -r requirements/cython.in -distlib==0.4.0 +distlib==0.4.1 # via virtualenv docutils==0.21.2 # via @@ -100,7 +100,7 @@ gunicorn==26.0.0 # via -r requirements/base.in identify==2.6.19 # via pre-commit -idna==3.17 +idna==3.18 # via # requests # trustme diff --git a/requirements/dev.txt b/requirements/dev.txt index bb5cab60d3f..8a34e18868e 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -69,7 +69,7 @@ coverage==7.14.1 # pytest-cov cryptography==48.0.0 # via trustme -distlib==0.4.0 +distlib==0.4.1 # via virtualenv docutils==0.21.2 # via @@ -98,7 +98,7 @@ gunicorn==26.0.0 # via -r requirements/base.in identify==2.6.19 # via pre-commit -idna==3.17 +idna==3.18 # via # requests # trustme diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 2878edd94f6..e5c3306697f 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -20,7 +20,7 @@ docutils==0.21.2 # via # myst-parser # sphinx -idna==3.17 +idna==3.18 # via requests imagesize==2.0.0 # via sphinx diff --git a/requirements/doc.txt b/requirements/doc.txt index 55d30f206cb..1a68ba65c49 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -20,7 +20,7 @@ docutils==0.21.2 # via # myst-parser # sphinx -idna==3.17 +idna==3.18 # via requests imagesize==2.0.0 # via sphinx diff --git a/requirements/lint.txt b/requirements/lint.txt index 198f532bfa7..b76fb26d65f 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -36,7 +36,7 @@ click==8.4.1 # via slotscheck cryptography==48.0.0 # via trustme -distlib==0.4.0 +distlib==0.4.1 # via virtualenv exceptiongroup==1.3.1 # via pytest @@ -54,7 +54,7 @@ frozenlist==1.8.0 # aiosignal identify==2.6.19 # via pre-commit -idna==3.17 +idna==3.18 # via # trustme # yarl diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index f7080a0e341..859820baf29 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -22,7 +22,7 @@ frozenlist==1.8.0 # via # -r requirements/runtime-deps.in # aiosignal -idna==3.17 +idna==3.18 # via yarl multidict==6.7.1 # via diff --git a/requirements/test-common-base.txt b/requirements/test-common-base.txt index ae3ed0da85e..8624b473f95 100644 --- a/requirements/test-common-base.txt +++ b/requirements/test-common-base.txt @@ -14,7 +14,7 @@ attrs==26.1.0 # via aiohttp backports-asyncio-runner==1.2.0 # via pytest-asyncio -click==8.3.1 +click==8.4.1 # via wait-for-it coverage==7.14.1 # via pytest-cov @@ -26,7 +26,7 @@ frozenlist==1.8.0 # via # aiohttp # aiosignal -idna==3.17 +idna==3.18 # via yarl iniconfig==2.3.0 # via pytest @@ -60,9 +60,9 @@ pytest==9.0.3 # pytest-timeout pytest-aiohttp==1.1.0 # via -r requirements/test-common-base.in -pytest-asyncio==1.3.0 +pytest-asyncio==1.4.0 # via pytest-aiohttp -pytest-cov==7.0.0 +pytest-cov==7.1.0 # via -r requirements/test-common-base.in pytest-mock==3.15.1 # via -r requirements/test-common-base.in diff --git a/requirements/test-common.txt b/requirements/test-common.txt index 205bf161ec0..cd305172d11 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -42,7 +42,7 @@ frozenlist==1.8.0 # via # aiohttp # aiosignal -idna==3.17 +idna==3.18 # via # trustme # yarl diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index 97aff3e0cd5..77c73738dee 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -59,7 +59,7 @@ frozenlist==1.8.0 # aiosignal gunicorn==26.0.0 # via -r requirements/base-ft.in -idna==3.17 +idna==3.18 # via # trustme # yarl diff --git a/requirements/test-mobile.txt b/requirements/test-mobile.txt index 2cfbd3ec357..f5c66fce657 100644 --- a/requirements/test-mobile.txt +++ b/requirements/test-mobile.txt @@ -32,7 +32,7 @@ cffi==2.0.0 ; sys_platform != "android" and sys_platform != "ios" # via # -r requirements/test-mobile.in # pycares -click==8.4.0 +click==8.4.1 # via wait-for-it coverage==7.14.1 # via pytest-cov @@ -47,7 +47,7 @@ frozenlist==1.8.0 # aiosignal gunicorn==26.0.0 # via -r requirements/base-ft.in -idna==3.17 +idna==3.18 # via yarl iniconfig==2.3.0 # via pytest @@ -91,7 +91,7 @@ pytest==9.0.3 # pytest-timeout pytest-aiohttp==1.1.0 # via -r requirements/test-common-base.in -pytest-asyncio==1.4.0a2 +pytest-asyncio==1.4.0 # via pytest-aiohttp pytest-cov==7.1.0 # via -r requirements/test-common-base.in diff --git a/requirements/test.txt b/requirements/test.txt index 3f524555daa..66deab1b0e6 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -59,7 +59,7 @@ frozenlist==1.8.0 # aiosignal gunicorn==26.0.0 # via -r requirements/base.in -idna==3.17 +idna==3.18 # via # trustme # yarl