Commit b5bb5d6
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
⬆️ Bump aiohttp to v3.13.4 (#156)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [aiohttp](https://redirect.github.com/aio-libs/aiohttp) | `==3.13.3` →
`==3.13.4` |
|
|
---
### Release Notes
<details>
<summary>aio-libs/aiohttp (aiohttp)</summary>
###
[`v3.13.4`](https://redirect.github.com/aio-libs/aiohttp/releases/tag/v3.13.4):
3.13.4
[Compare
Source](https://redirect.github.com/aio-libs/aiohttp/compare/v3.13.3...v3.13.4)
## Features
- Added `max_headers` parameter to limit the number of headers that
should be read from a response -- by :user:`Dreamsorcerer`.
*Related issues and pull requests on GitHub:*
[#​11955](https://redirect.github.com/aio-libs/aiohttp/issues/11955).
- Added a `dns_cache_max_size` parameter to `TCPConnector` to limit the
size of the cache -- by :user:`Dreamsorcerer`.
*Related issues and pull requests on GitHub:*
[#​12106](https://redirect.github.com/aio-libs/aiohttp/issues/12106).
## Bug fixes
- Fixed server hanging indefinitely when chunked transfer encoding
chunk-size
does not match actual data length. The server now raises
`TransferEncodingError` instead of waiting forever for data that will
never arrive -- by :user:`Fridayai700`.
*Related issues and pull requests on GitHub:*
[#​10596](https://redirect.github.com/aio-libs/aiohttp/issues/10596).
- Fixed access log timestamps ignoring daylight saving time (DST)
changes. The
previous implementation used :py:data:`time.timezone` which is a
constant and
does not reflect DST transitions -- by :user:`nightcityblade`.
*Related issues and pull requests on GitHub:*
[#​11283](https://redirect.github.com/aio-libs/aiohttp/issues/11283).
- Fixed `RuntimeError: An event loop is running` error when using
`aiohttp.GunicornWebWorker`
or `aiohttp.GunicornUVLoopWebWorker` on Python >=3.14.
\-- by :user:`Tasssadar`.
*Related issues and pull requests on GitHub:*
[#​11701](https://redirect.github.com/aio-libs/aiohttp/issues/11701).
- Fixed :exc:`ValueError` when creating a TLS connection with
`ClientTimeout(total=0)` by converting `0` to `None` before passing to
`ssl_handshake_timeout` in :py:meth:`asyncio.loop.start_tls` -- by
:user:`veeceey`.
*Related issues and pull requests on GitHub:*
[#​11859](https://redirect.github.com/aio-libs/aiohttp/issues/11859).
- Restored :py:meth:`~aiohttp.BodyPartReader.decode` as a synchronous
method
for backward compatibility. The method was inadvertently changed to
async
in 3.13.3 as part of the decompression bomb security fix. A new
:py:meth:`~aiohttp.BodyPartReader.decode_iter` method is now available
for non-blocking decompression of large payloads using an async
generator.
Internal aiohttp code uses the async variant to maintain security
protections.
Changed multipart processing chunk sizes from 64 KiB to 256KiB, to
better
match aiohttp internals
\-- by :user:`bdraco` and :user:`Dreamsorcerer`.
*Related issues and pull requests on GitHub:*
[#​11898](https://redirect.github.com/aio-libs/aiohttp/issues/11898).
- Fixed false-positive :py:class:`DeprecationWarning` for passing
`enable_cleanup_closed=True` to :py:class:`~aiohttp.TCPConnector`
specifically on Python 3.12.7.
\-- by :user:`Robsdedude`.
*Related issues and pull requests on GitHub:*
[#​11972](https://redirect.github.com/aio-libs/aiohttp/issues/11972).
- Fixed \_sendfile\_fallback over-reading beyond requested count -- by
:user:`bysiber`.
*Related issues and pull requests on GitHub:*
[#​12096](https://redirect.github.com/aio-libs/aiohttp/issues/12096).
- Fixed digest auth dropping challenge fields with empty string values
-- by :user:`bysiber`.
*Related issues and pull requests on GitHub:*
[#​12097](https://redirect.github.com/aio-libs/aiohttp/issues/12097).
- `ClientConnectorCertificateError.os_error` no longer raises
:exc:`AttributeError`
\-- by :user:`themylogin`.
*Related issues and pull requests on GitHub:*
[#​12136](https://redirect.github.com/aio-libs/aiohttp/issues/12136).
- Adjusted pure-Python request header value validation to align with RFC
9110 control-character handling, while preserving lax response parser
behavior, and added regression tests for Host/header control-character
cases.
\-- by :user:`rodrigobnogueira`.
*Related issues and pull requests on GitHub:*
[#​12231](https://redirect.github.com/aio-libs/aiohttp/issues/12231).
- Rejected duplicate singleton headers (`Host`, `Content-Type`,
`Content-Length`, etc.) in the C extension HTTP parser to match
the pure Python parser behaviour, preventing potential host-based
access control bypasses via parser differentials
\-- by :user:`rodrigobnogueira`.
*Related issues and pull requests on GitHub:*
[#​12240](https://redirect.github.com/aio-libs/aiohttp/issues/12240).
- Aligned the pure-Python HTTP request parser with the C parser by
splitting
comma-separated and repeated `Connection` header values for keep-alive,
close, and upgrade handling -- by :user:`rodrigobnogueira`.
*Related issues and pull requests on GitHub:*
[#​12249](https://redirect.github.com/aio-libs/aiohttp/issues/12249).
## Improved documentation
- Documented :exc:`asyncio.TimeoutError` for
`WebSocketResponse.receive()`
and related methods -- by :user:`veeceey`.
*Related issues and pull requests on GitHub:*
[#​12042](https://redirect.github.com/aio-libs/aiohttp/issues/12042).
## Packaging updates and notes for downstreams
- Upgraded llhttp to 3.9.1 -- by :user:`Dreamsorcerer`.
*Related issues and pull requests on GitHub:*
[#​12069](https://redirect.github.com/aio-libs/aiohttp/issues/12069).
## Contributor-facing changes
- The benchmark CI job now runs only in the upstream repository -- by
:user:`Cycloctane`.
It used to always fail in forks, which this change fixed.
*Related issues and pull requests on GitHub:*
[#​11737](https://redirect.github.com/aio-libs/aiohttp/issues/11737).
- Fixed flaky performance tests by using appropriate fixed thresholds
that account for CI variability -- by :user:`rodrigobnogueira`.
*Related issues and pull requests on GitHub:*
[#​11992](https://redirect.github.com/aio-libs/aiohttp/issues/11992).
## Miscellaneous internal changes
- Fixed `test_invalid_idna` to work with `idna` 3.11 by using an invalid
character (`\u0080`) that is rejected by `yarl` during URL construction
-- by :user:`rodrigobnogueira`.
*Related issues and pull requests on GitHub:*
[#​12027](https://redirect.github.com/aio-libs/aiohttp/issues/12027).
- Fixed race condition in `test_data_file` on Python 3.14 free-threaded
builds -- by :user:`rodrigobnogueira`.
*Related issues and pull requests on GitHub:*
[#​12170](https://redirect.github.com/aio-libs/aiohttp/issues/12170).
***
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/tr4nt0r/pythonkuma).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45NC4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiOnJlY3ljbGU6IGRlcGVuZGVuY2llcyIsIjpzbmFrZTogcHl0aG9uIl19-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent f4a739f commit b5bb5d6
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | | - | |
| 46 | + | |
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| |||
0 commit comments