-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase the upper boundary of the multidict dependency allowing v6 #6950
Conversation
Codecov Report
@@ Coverage Diff @@
## 3.8 #6950 +/- ##
=======================================
Coverage 97.39% 97.39%
=======================================
Files 107 107
Lines 30970 30970
Branches 3922 3922
=======================================
+ Hits 30162 30164 +2
+ Misses 604 602 -2
Partials 204 204
Flags with carried forward coverage won't be shown. Click here to find out more.
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Facing exactly the same issue See also I think this can be merged quickly since A new version (maybe v3.8.2.post0?) should be quickly released after merging or it may be a wide impact. |
The CI passes on my fork: https://github.com/hugovk/aiohttp/actions/runs/3095913542 (I had to add a workaround to allow it to run on feature branches) ✅ |
Unfortunately, the process isn't quick. So I've just yanked the release and will make a new ".3" with this instead. |
So I verified that the constraints files can't be updated. Besides that, it seems like a few cosmetic improvements are needed here and it'll be good to go. |
Bumps [aiohttp[speedups]](https://github.com/aio-libs/aiohttp) from 3.7.4 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp[speedups]'s releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6950">#6950</a>)</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <p>.. note::</p> <p>This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.</p> <p>.. caution::</p> <p>This release has been yanked from PyPI. Modern pip will not pick it up automatically. The reason is that is has <code>multidict < 6</code> set in the distribution package metadata (see :pr:<code>6950</code>). Please, use <code>aiohttp ~= 3.8.3, != 3.8.1</code> instead, if you can.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp[speedups]'s changelog</a>.</em></p> <blockquote> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <hr /> <h1>3.8.3 (2022-09-21)</h1> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. <code>[#6950](aio-libs/aiohttp#6950) <https://github.com/aio-libs/aiohttp/issues/6950></code>_</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <h2>Bugfixes</h2> <ul> <li>Support registering OPTIONS HTTP method handlers via RouteTableDef. <code>[#4663](aio-libs/aiohttp#4663) <https://github.com/aio-libs/aiohttp/issues/4663></code>_</li> <li>Started supporting <code>authority-form</code> and <code>absolute-form</code> URLs on the server-side. <code>[#6227](aio-libs/aiohttp#6227) <https://github.com/aio-libs/aiohttp/issues/6227></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/33953f110e97eecc707e1402daa8d543f38a189b"><code>33953f1</code></a> Release v3.8.4 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7207">#7207</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/28854a4743cb367351397bd0a8b38469f28f369a"><code>28854a4</code></a> Fix ConnectionResetError not being raised when the transport is close… (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7199">#7199</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/565cc2132a4c3667e0601f055cff913526226352"><code>565cc21</code></a> Raise upper bound of charset-normalizer</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ba573e267c0601e97b7caafb7ac9ad4ec7c7d52d"><code>ba573e2</code></a> [3.8] Fix CI (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7143">#7143</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7200">#7200</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9cde3b47e10b04b9db3bf86611d01132d852c0c7"><code>9cde3b4</code></a> Update .pre-commit-config.yaml</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ed04b4da2e0fbb504728064335fc0cdcd52773c6"><code>ed04b4d</code></a> [PR <a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7154">#7154</a>/283861dd backport][3.8] fixed error in ContentDisposition doc (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7155">#7155</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8cf01adc8c8dbf706e4cd33bf89fd5195f638715"><code>8cf01ad</code></a> [3.8] Fix cookie handling (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6974">#6974</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6d4ec02dcbfaa849aa6756dec9f2314bf8665ff5"><code>6d4ec02</code></a> Merge branch 'release/v3.8.3' into 3.8</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e4bce667f6bef14d34cfc32276cfdaf95de4c033"><code>e4bce66</code></a> Bump the hardcoded version to v3.8.3.post0.dev0</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/0f8d39ff7bacfef6e4dad00e1b20895cd50b8396"><code>0f8d39f</code></a> Revert "Stop including an empty changelog draft in Sphinx"</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4...v3.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp[speedups]&package-manager=pip&previous-version=3.7.4&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.4 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6950">#6950</a>)</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <p>.. note::</p> <p>This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.</p> <p>.. caution::</p> <p>This release has been yanked from PyPI. Modern pip will not pick it up automatically. The reason is that is has <code>multidict < 6</code> set in the distribution package metadata (see :pr:<code>6950</code>). Please, use <code>aiohttp ~= 3.8.3, != 3.8.1</code> instead, if you can.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <hr /> <h1>3.8.3 (2022-09-21)</h1> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. <code>[#6950](aio-libs/aiohttp#6950) <https://github.com/aio-libs/aiohttp/issues/6950></code>_</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <h2>Bugfixes</h2> <ul> <li>Support registering OPTIONS HTTP method handlers via RouteTableDef. <code>[#4663](aio-libs/aiohttp#4663) <https://github.com/aio-libs/aiohttp/issues/4663></code>_</li> <li>Started supporting <code>authority-form</code> and <code>absolute-form</code> URLs on the server-side. <code>[#6227](aio-libs/aiohttp#6227) <https://github.com/aio-libs/aiohttp/issues/6227></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/33953f110e97eecc707e1402daa8d543f38a189b"><code>33953f1</code></a> Release v3.8.4 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7207">#7207</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/28854a4743cb367351397bd0a8b38469f28f369a"><code>28854a4</code></a> Fix ConnectionResetError not being raised when the transport is close… (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7199">#7199</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/565cc2132a4c3667e0601f055cff913526226352"><code>565cc21</code></a> Raise upper bound of charset-normalizer</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ba573e267c0601e97b7caafb7ac9ad4ec7c7d52d"><code>ba573e2</code></a> [3.8] Fix CI (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7143">#7143</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7200">#7200</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9cde3b47e10b04b9db3bf86611d01132d852c0c7"><code>9cde3b4</code></a> Update .pre-commit-config.yaml</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ed04b4da2e0fbb504728064335fc0cdcd52773c6"><code>ed04b4d</code></a> [PR <a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7154">#7154</a>/283861dd backport][3.8] fixed error in ContentDisposition doc (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7155">#7155</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8cf01adc8c8dbf706e4cd33bf89fd5195f638715"><code>8cf01ad</code></a> [3.8] Fix cookie handling (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6974">#6974</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6d4ec02dcbfaa849aa6756dec9f2314bf8665ff5"><code>6d4ec02</code></a> Merge branch 'release/v3.8.3' into 3.8</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e4bce667f6bef14d34cfc32276cfdaf95de4c033"><code>e4bce66</code></a> Bump the hardcoded version to v3.8.3.post0.dev0</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/0f8d39ff7bacfef6e4dad00e1b20895cd50b8396"><code>0f8d39f</code></a> Revert "Stop including an empty changelog draft in Sphinx"</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4...v3.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.7.4&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
What do these changes do?
The multidict dependency used to be
multidict >=4.5, < 7.0
in aiohttp 3.8.1, but was pinned down tomultidict >=4.5, < 6.0
in aiohttp 3.8.2 (#6550) in an attempt to help avoid new errors.However, https://github.com/python/bedevere/ uses
multidict==6.0.2
so the requirements resolution fails withaiohttp==3.8.2
:https://github.com/hugovk/bedevere/actions/runs/3095794573/jobs/5010600772
Are there changes in behavior for the user?
None that I know of, other than they can install multidict v6 as with aiohttp 3.8.1.
Related issue number
Partially related to closed #6600 and merged #6550.
Checklist
CONTRIBUTORS.txt
CHANGES
folder<issue_id>.<type>
for example (588.bugfix)issue_id
change it to the pr id after creating the pr.feature
: Signifying a new feature..bugfix
: Signifying a bug fix..doc
: Signifying a documentation improvement..removal
: Signifying a deprecation or removal of public API..misc
: A ticket has been closed, but it is not of interest to users.