-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix cookie handling #6638
Fix cookie handling #6638
Conversation
for more information, see https://pre-commit.ci
Co-authored-by: Sam Bull <[email protected]>
Codecov Report
@@ Coverage Diff @@
## master #6638 +/- ##
=======================================
Coverage 93.36% 93.36%
=======================================
Files 104 104
Lines 30624 30637 +13
Branches 3080 3080
=======================================
+ Hits 28592 28605 +13
Misses 1859 1859
Partials 173 173
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If no one else reviews, I'll merge it at the weekend.
Backport to 3.9: 💔 cherry-picking failed — conflicts found❌ Failed to cleanly apply 916b3ee on top of patchback/backports/3.9/916b3eecda825cd42415b6f8821c035647baf890/pr-6638 Backporting merged PR #6638 into master
🤖 @patchback |
If you could handle the backport to 3.9 (as per instructions above), that would be great. |
* Fix cookie handling * Fix cookie handling * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update aiohttp/cookiejar.py Co-authored-by: Sam Bull <[email protected]> Co-authored-by: Bruno Cabral <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <[email protected]>
* Fix cookie handling * Fix cookie handling * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update aiohttp/cookiejar.py Co-authored-by: Sam Bull <[email protected]> Co-authored-by: Bruno Cabral <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <[email protected]> (cherry picked from commit 916b3ee)
* Fix cookie handling * Fix cookie handling * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update aiohttp/cookiejar.py Co-authored-by: Sam Bull <[email protected]> Co-authored-by: Bruno Cabral <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <[email protected]> (cherry picked from commit 916b3ee)
* Fix cookie handling * Fix cookie handling * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update aiohttp/cookiejar.py Co-authored-by: Sam Bull <[email protected]> Co-authored-by: Bruno Cabral <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <[email protected]> (cherry picked from commit 916b3ee) <!-- Thank you for your contribution! --> ## What do these changes do? <!-- Please give a short brief about these changes. --> ## Are there changes in behavior for the user? <!-- Outline any notable behaviour for the end users. --> ## Related issue number <!-- Are there any issues opened that will be resolved by merging this change? --> ## Checklist - [ ] I think the code is well written - [ ] Unit tests for the changes exist - [ ] Documentation reflects the changes - [ ] If you provide code modification, please add yourself to `CONTRIBUTORS.txt` * The format is <Name> <Surname>. * Please keep alphabetical order, the file is sorted by names. - [ ] Add a new news fragment into the `CHANGES` folder * name it `<issue_id>.<type>` for example (588.bugfix) * if you don't have an `issue_id` change it to the pr id after creating the pr * ensure type is one of the following: * `.feature`: Signifying a new feature. * `.bugfix`: Signifying a bug fix. * `.doc`: Signifying a documentation improvement. * `.removal`: Signifying a deprecation or removal of public API. * `.misc`: A ticket has been closed, but it is not of interest to users. * Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files." Co-authored-by: Bruno Cabral <[email protected]>
* Fix cookie handling * Fix cookie handling * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update aiohttp/cookiejar.py Co-authored-by: Sam Bull <[email protected]> Co-authored-by: Bruno Cabral <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <[email protected]> (cherry picked from commit 916b3ee) <!-- Thank you for your contribution! --> ## What do these changes do? <!-- Please give a short brief about these changes. --> ## Are there changes in behavior for the user? <!-- Outline any notable behaviour for the end users. --> ## Related issue number <!-- Are there any issues opened that will be resolved by merging this change? --> ## Checklist - [ ] I think the code is well written - [ ] Unit tests for the changes exist - [ ] Documentation reflects the changes - [ ] If you provide code modification, please add yourself to `CONTRIBUTORS.txt` * The format is <Name> <Surname>. * Please keep alphabetical order, the file is sorted by names. - [ ] Add a new news fragment into the `CHANGES` folder * name it `<issue_id>.<type>` for example (588.bugfix) * if you don't have an `issue_id` change it to the pr id after creating the pr * ensure type is one of the following: * `.feature`: Signifying a new feature. * `.bugfix`: Signifying a bug fix. * `.doc`: Signifying a documentation improvement. * `.removal`: Signifying a deprecation or removal of public API. * `.misc`: A ticket has been closed, but it is not of interest to users. * Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files." Co-authored-by: Bruno Cabral <[email protected]>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [aiohttp](https://togithub.com/aio-libs/aiohttp) | `==3.8.3` -> `==3.8.4` | [![age](https://badges.renovateapi.com/packages/pypi/aiohttp/3.8.4/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/aiohttp/3.8.4/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/aiohttp/3.8.4/compatibility-slim/3.8.3)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/aiohttp/3.8.4/confidence-slim/3.8.3)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>aio-libs/aiohttp</summary> ### [`v3.8.4`](https://togithub.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#​384-2023-02-12) [Compare Source](https://togithub.com/aio-libs/aiohttp/compare/v3.8.3...v3.8.4) \================== ## Bugfixes - Fixed incorrectly overwriting cookies with the same name and domain, but different path. `#​6638 <https://github.com/aio-libs/aiohttp/issues/6638>`\_ - Fixed `ConnectionResetError` not being raised after client disconnection in SSL environments. `#​7180 <https://github.com/aio-libs/aiohttp/issues/7180>`\_ *** </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/allenporter/pyrainbird). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xMzMuMCIsInVwZGF0ZWRJblZlciI6IjM0LjEzMy4wIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [aiohttp[speedups]](https://github.com/aio-libs/aiohttp) from 3.7.4 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp[speedups]'s releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6950">#6950</a>)</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <p>.. note::</p> <p>This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.</p> <p>.. caution::</p> <p>This release has been yanked from PyPI. Modern pip will not pick it up automatically. The reason is that is has <code>multidict < 6</code> set in the distribution package metadata (see :pr:<code>6950</code>). Please, use <code>aiohttp ~= 3.8.3, != 3.8.1</code> instead, if you can.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp[speedups]'s changelog</a>.</em></p> <blockquote> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <hr /> <h1>3.8.3 (2022-09-21)</h1> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. <code>[#6950](aio-libs/aiohttp#6950) <https://github.com/aio-libs/aiohttp/issues/6950></code>_</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <h2>Bugfixes</h2> <ul> <li>Support registering OPTIONS HTTP method handlers via RouteTableDef. <code>[#4663](aio-libs/aiohttp#4663) <https://github.com/aio-libs/aiohttp/issues/4663></code>_</li> <li>Started supporting <code>authority-form</code> and <code>absolute-form</code> URLs on the server-side. <code>[#6227](aio-libs/aiohttp#6227) <https://github.com/aio-libs/aiohttp/issues/6227></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/33953f110e97eecc707e1402daa8d543f38a189b"><code>33953f1</code></a> Release v3.8.4 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7207">#7207</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/28854a4743cb367351397bd0a8b38469f28f369a"><code>28854a4</code></a> Fix ConnectionResetError not being raised when the transport is close… (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7199">#7199</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/565cc2132a4c3667e0601f055cff913526226352"><code>565cc21</code></a> Raise upper bound of charset-normalizer</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ba573e267c0601e97b7caafb7ac9ad4ec7c7d52d"><code>ba573e2</code></a> [3.8] Fix CI (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7143">#7143</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7200">#7200</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9cde3b47e10b04b9db3bf86611d01132d852c0c7"><code>9cde3b4</code></a> Update .pre-commit-config.yaml</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ed04b4da2e0fbb504728064335fc0cdcd52773c6"><code>ed04b4d</code></a> [PR <a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7154">#7154</a>/283861dd backport][3.8] fixed error in ContentDisposition doc (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7155">#7155</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8cf01adc8c8dbf706e4cd33bf89fd5195f638715"><code>8cf01ad</code></a> [3.8] Fix cookie handling (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6974">#6974</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6d4ec02dcbfaa849aa6756dec9f2314bf8665ff5"><code>6d4ec02</code></a> Merge branch 'release/v3.8.3' into 3.8</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e4bce667f6bef14d34cfc32276cfdaf95de4c033"><code>e4bce66</code></a> Bump the hardcoded version to v3.8.3.post0.dev0</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/0f8d39ff7bacfef6e4dad00e1b20895cd50b8396"><code>0f8d39f</code></a> Revert "Stop including an empty changelog draft in Sphinx"</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4...v3.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp[speedups]&package-manager=pip&previous-version=3.7.4&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.4 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6950">#6950</a>)</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <p>.. note::</p> <p>This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.</p> <p>.. caution::</p> <p>This release has been yanked from PyPI. Modern pip will not pick it up automatically. The reason is that is has <code>multidict < 6</code> set in the distribution package metadata (see :pr:<code>6950</code>). Please, use <code>aiohttp ~= 3.8.3, != 3.8.1</code> instead, if you can.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <hr /> <h1>3.8.3 (2022-09-21)</h1> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. <code>[#6950](aio-libs/aiohttp#6950) <https://github.com/aio-libs/aiohttp/issues/6950></code>_</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <h2>Bugfixes</h2> <ul> <li>Support registering OPTIONS HTTP method handlers via RouteTableDef. <code>[#4663](aio-libs/aiohttp#4663) <https://github.com/aio-libs/aiohttp/issues/4663></code>_</li> <li>Started supporting <code>authority-form</code> and <code>absolute-form</code> URLs on the server-side. <code>[#6227](aio-libs/aiohttp#6227) <https://github.com/aio-libs/aiohttp/issues/6227></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/33953f110e97eecc707e1402daa8d543f38a189b"><code>33953f1</code></a> Release v3.8.4 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7207">#7207</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/28854a4743cb367351397bd0a8b38469f28f369a"><code>28854a4</code></a> Fix ConnectionResetError not being raised when the transport is close… (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7199">#7199</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/565cc2132a4c3667e0601f055cff913526226352"><code>565cc21</code></a> Raise upper bound of charset-normalizer</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ba573e267c0601e97b7caafb7ac9ad4ec7c7d52d"><code>ba573e2</code></a> [3.8] Fix CI (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7143">#7143</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7200">#7200</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9cde3b47e10b04b9db3bf86611d01132d852c0c7"><code>9cde3b4</code></a> Update .pre-commit-config.yaml</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ed04b4da2e0fbb504728064335fc0cdcd52773c6"><code>ed04b4d</code></a> [PR <a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7154">#7154</a>/283861dd backport][3.8] fixed error in ContentDisposition doc (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7155">#7155</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8cf01adc8c8dbf706e4cd33bf89fd5195f638715"><code>8cf01ad</code></a> [3.8] Fix cookie handling (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6974">#6974</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6d4ec02dcbfaa849aa6756dec9f2314bf8665ff5"><code>6d4ec02</code></a> Merge branch 'release/v3.8.3' into 3.8</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e4bce667f6bef14d34cfc32276cfdaf95de4c033"><code>e4bce66</code></a> Bump the hardcoded version to v3.8.3.post0.dev0</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/0f8d39ff7bacfef6e4dad00e1b20895cd50b8396"><code>0f8d39f</code></a> Revert "Stop including an empty changelog draft in Sphinx"</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4...v3.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.7.4&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…2602) Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.3 to 3.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.8.5</h2> <h2>Security bugfixes</h2> <ul> <li> <p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:<code>webknjaz</code> and :user:<code>Dreamsorcerer</code>.</p> <p>Thanks to :user:<code>sethmlarson</code> for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w</a>.</p> <p>.. _llhttp: <a href="https://llhttp.org">https://llhttp.org</a></p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7346">#7346</a>)</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added information to C parser exceptions to show which character caused the error. -- by :user:<code>Dreamsorcerer</code></p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7366">#7366</a>)</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li> <p>Fixed a transport is :data:<code>None</code> error -- by :user:<code>Dreamsorcerer</code>.</p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/3355">#3355</a>)</p> </li> </ul> <hr /> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.8.5 (2023-07-19)</h1> <h2>Security bugfixes</h2> <ul> <li> <p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:<code>webknjaz</code> and :user:<code>Dreamsorcerer</code>.</p> <p>Thanks to :user:<code>sethmlarson</code> for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w</a>.</p> <p>.. _llhttp: <a href="https://llhttp.org">https://llhttp.org</a></p> <p><code>[#7346](aio-libs/aiohttp#7346) <https://github.com/aio-libs/aiohttp/issues/7346></code>_</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added information to C parser exceptions to show which character caused the error. -- by :user:<code>Dreamsorcerer</code></p> <p><code>[#7366](aio-libs/aiohttp#7366) <https://github.com/aio-libs/aiohttp/issues/7366></code>_</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li> <p>Fixed a transport is :data:<code>None</code> error -- by :user:<code>Dreamsorcerer</code>.</p> <p><code>[#3355](aio-libs/aiohttp#3355) <https://github.com/aio-libs/aiohttp/issues/3355></code>_</p> </li> </ul> <hr /> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681"><code>9c13a52</code></a> Bump aiohttp to v3.8.5 a security release</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/7c02129567bc4ec59be467b70fc937c82920948c"><code>7c02129</code></a> Bump pypa/cibuildwheel to v2.14.1</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/135a45e9d655d56e4ebad78abe84f1cb7b5c62dc"><code>135a45e</code></a> Improve error messages from C parser (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7366">#7366</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7380">#7380</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"><code>9337fb3</code></a> Fix bump llhttp to v8.1.1 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7367">#7367</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7377">#7377</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/f07e9b44b5cb909054a697c8dd447b30dbf8073e"><code>f07e9b4</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7373">#7373</a>/66e261a5 backport][3.8] Drop azure mention (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7374">#7374</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/01d9b70e5477cd746561b52225992d8a2ebde953"><code>01d9b70</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7370">#7370</a>/22c264ce backport][3.8] fix: Spelling error fixed (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7371">#7371</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/3577b1e3719d4648fa973dbdec927f78f9df34dd"><code>3577b1e</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7359">#7359</a>/7911f1e9 backport][3.8] Set up secretless publishing to PyPI (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7360">#7360</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8d45f9c99511cd80140d6658bd9c11002c697f1c"><code>8d45f9c</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7333">#7333</a>/3a54d378 backport][3.8] Fix TLS transport is <code>None</code> error (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7357">#7357</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/dd8e24e77351df9c0f029be49d3c6d7862706e79"><code>dd8e24e</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7343">#7343</a>/18057581 backport][3.8] Mention encoding in <code>yarl.URL</code> (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7355">#7355</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/40874103ebfaa1007d47c25ecc4288af873a07cf"><code>4087410</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7346">#7346</a>/346fd202 backport][3.8] Bump vendored llhttp to v8.1.1 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7352">#7352</a>)</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.8.3...v3.8.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.8.3&new-version=3.8.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grafana/oncall/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…sources/psychonautwiki-tripsit (#402) Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.4.post0 to 3.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.8.5</h2> <h2>Security bugfixes</h2> <ul> <li> <p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:<code>webknjaz</code> and :user:<code>Dreamsorcerer</code>.</p> <p>Thanks to :user:<code>sethmlarson</code> for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w</a>.</p> <p>.. _llhttp: <a href="https://llhttp.org">https://llhttp.org</a></p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7346">#7346</a>)</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added information to C parser exceptions to show which character caused the error. -- by :user:<code>Dreamsorcerer</code></p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7366">#7366</a>)</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li> <p>Fixed a transport is :data:<code>None</code> error -- by :user:<code>Dreamsorcerer</code>.</p> <p>(<a href="https://redirect.github.com/aio-libs/aiohttp/issues/3355">#3355</a>)</p> </li> </ul> <hr /> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.8.5 (2023-07-19)</h1> <h2>Security bugfixes</h2> <ul> <li> <p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:<code>webknjaz</code> and :user:<code>Dreamsorcerer</code>.</p> <p>Thanks to :user:<code>sethmlarson</code> for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w</a>.</p> <p>.. _llhttp: <a href="https://llhttp.org">https://llhttp.org</a></p> <p><code>[#7346](aio-libs/aiohttp#7346) <https://github.com/aio-libs/aiohttp/issues/7346></code>_</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added information to C parser exceptions to show which character caused the error. -- by :user:<code>Dreamsorcerer</code></p> <p><code>[#7366](aio-libs/aiohttp#7366) <https://github.com/aio-libs/aiohttp/issues/7366></code>_</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li> <p>Fixed a transport is :data:<code>None</code> error -- by :user:<code>Dreamsorcerer</code>.</p> <p><code>[#3355](aio-libs/aiohttp#3355) <https://github.com/aio-libs/aiohttp/issues/3355></code>_</p> </li> </ul> <hr /> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681"><code>9c13a52</code></a> Bump aiohttp to v3.8.5 a security release</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/7c02129567bc4ec59be467b70fc937c82920948c"><code>7c02129</code></a> Bump pypa/cibuildwheel to v2.14.1</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/135a45e9d655d56e4ebad78abe84f1cb7b5c62dc"><code>135a45e</code></a> Improve error messages from C parser (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7366">#7366</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7380">#7380</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40"><code>9337fb3</code></a> Fix bump llhttp to v8.1.1 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7367">#7367</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7377">#7377</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/f07e9b44b5cb909054a697c8dd447b30dbf8073e"><code>f07e9b4</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7373">#7373</a>/66e261a5 backport][3.8] Drop azure mention (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7374">#7374</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/01d9b70e5477cd746561b52225992d8a2ebde953"><code>01d9b70</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7370">#7370</a>/22c264ce backport][3.8] fix: Spelling error fixed (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7371">#7371</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/3577b1e3719d4648fa973dbdec927f78f9df34dd"><code>3577b1e</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7359">#7359</a>/7911f1e9 backport][3.8] Set up secretless publishing to PyPI (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7360">#7360</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8d45f9c99511cd80140d6658bd9c11002c697f1c"><code>8d45f9c</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7333">#7333</a>/3a54d378 backport][3.8] Fix TLS transport is <code>None</code> error (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7357">#7357</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/dd8e24e77351df9c0f029be49d3c6d7862706e79"><code>dd8e24e</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7343">#7343</a>/18057581 backport][3.8] Mention encoding in <code>yarl.URL</code> (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7355">#7355</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/40874103ebfaa1007d47c25ecc4288af873a07cf"><code>4087410</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/7346">#7346</a>/346fd202 backport][3.8] Bump vendored llhttp to v8.1.1 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/7352">#7352</a>)</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4.post0...v3.8.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.7.4.post0&new-version=3.8.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/keinsell/neuronek/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
What do these changes do?
There is an error in cookie handling that override the existing cookie even if the path is different. This is a huge bug in aiohttp, as it makes requests to some sites impossible to work.
This is an updated PR as asked by @Dreamsorcerer
The RFC 6265 is clear on this point (https://datatracker.ietf.org/doc/html/rfc6265) , for example:
Actually aiohttp only consider domain and name. Pull request #3627 tried to fix this, but the code has been updated vastly since then.
Pay attention to another library, such as requests. It always consider the path as a key to the cookie jar.
https://github.com/psf/requests/blob/79f60274f7e461b8fd2f579e741f748438d7eadb/requests/cookies.py#L189
Are there changes in behavior for the user?
No
Related issue number
Checklist
CONTRIBUTORS.txt
CHANGES
folder<issue_id>.<type>
for example (588.bugfix)issue_id
change it to the pr id after creating the pr.feature
: Signifying a new feature..bugfix
: Signifying a bug fix..doc
: Signifying a documentation improvement..removal
: Signifying a deprecation or removal of public API..misc
: A ticket has been closed, but it is not of interest to users.