Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-aiohttp for openSUSE:Factory checked in at 2026-04-01 19:50:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-aiohttp (Old) and /work/SRC/openSUSE:Factory/.python-aiohttp.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-aiohttp" Wed Apr 1 19:50:23 2026 rev:64 rq:1344074 version:3.13.5 Changes: -------- --- /work/SRC/openSUSE:Factory/python-aiohttp/python-aiohttp.changes 2026-01-09 17:03:43.656535023 +0100 +++ /work/SRC/openSUSE:Factory/.python-aiohttp.new.21863/python-aiohttp.changes 2026-04-01 19:50:39.661196187 +0200 @@ -1,0 +2,105 @@ +Wed Apr 1 08:56:47 UTC 2026 - Markéta Machová <[email protected]> + +- update to 3.13.5 + * Skipped the duplicate singleton header check in lax mode (the default for response + parsing). In strict mode (request parsing, or -X dev), all RFC 9110 singletons + are still enforced +- Skip tests failing with python/cpython#145600, they were meant to disappear in 4.0 + +------------------------------------------------------------------- +Tue Mar 31 20:09:12 UTC 2026 - Dirk Müller <[email protected]> + +- update to 3.13.4: + * Added max_headers parameter to limit the number of headers + that should be read from a response -- by + :user:`Dreamsorcerer`. Related issues and pull requests on + GitHub: :issue:`11955`. + * Added a dns_cache_max_size parameter to TCPConnector to limit + the size of the cache -- by :user:`Dreamsorcerer`. Related + issues and pull requests on GitHub: :issue:`12106`. + * Fixed server hanging indefinitely when chunked transfer + encoding chunk-size does not match actual data length. The + server now raises TransferEncodingError instead of waiting + forever for data that will never arrive -- by + :user:`Fridayai700`. Related issues and pull requests on + GitHub: :issue:`10596`. + * Fixed access log timestamps ignoring daylight saving time + (DST) changes. The previous implementation used + :py:data:`time.timezone` which is a constant and does not + reflect DST transitions -- by :user:`nightcityblade`. Related + issues and pull requests on GitHub: :issue:`11283`. + * Fixed RuntimeError: An event loop is running error when using + aiohttp.GunicornWebWorker or aiohttp.GunicornUVLoopWebWorker + on Python >=3.14. -- by :user:`Tasssadar`. Related issues and + pull requests on GitHub: :issue:`11701`. + * Fixed :exc:`ValueError` when creating a TLS connection with + ClientTimeout(total=0) by converting 0 to None before passing + to ssl_handshake_timeout in :py:meth:`asyncio.loop.start_tls` + -- by :user:`veeceey`. Related issues and pull requests on + GitHub: :issue:`11859`. + * Restored :py:meth:`~aiohttp.BodyPartReader.decode` as a + synchronous method for backward compatibility. The method was + inadvertently changed to async in 3.13.3 as part of the + decompression bomb security fix. A new + :py:meth:`~aiohttp.BodyPartReader.decode_iter` method is now + available for non-blocking decompression of large payloads + using an async generator. Internal aiohttp code uses the + async variant to maintain security protections. Changed + multipart processing chunk sizes from 64 KiB to 256KiB, to + better match aiohttp internals -- by :user:`bdraco` and + :user:`Dreamsorcerer`. Related issues and pull requests on + GitHub: :issue:`11898`. + * Fixed false-positive :py:class:`DeprecationWarning` for + passing enable_cleanup_closed=True to + :py:class:`~aiohttp.TCPConnector` specifically on Python + 3.12.7. -- by :user:`Robsdedude`. Related issues and pull + requests on GitHub: :issue:`11972`. + * Fixed _sendfile_fallback over-reading beyond requested count + -- by :user:`bysiber`. Related issues and pull requests on + GitHub: :issue:`12096`. + * Fixed digest auth dropping challenge fields with empty string + values -- by :user:`bysiber`. Related issues and pull + requests on GitHub: :issue:`12097`. + * ClientConnectorCertificateError.os_error no longer raises + :exc:`AttributeError` -- by :user:`themylogin`. Related + issues and pull requests on GitHub: :issue:`12136`. + * Adjusted pure-Python request header value validation to align + with RFC 9110 control-character handling, while preserving + lax response parser behavior, and added regression tests for + Host/header control-character cases. -- by + :user:`rodrigobnogueira`. Related issues and pull requests on + GitHub: :issue:`12231`. + * Rejected duplicate singleton headers (Host, Content-Type, + Content-Length, etc.) in the C extension HTTP parser to match + the pure Python parser behaviour, preventing potential host- + based access control bypasses via parser differentials -- by + :user:`rodrigobnogueira`. Related issues and pull requests on + GitHub: :issue:`12240`. + * Aligned the pure-Python HTTP request parser with the C parser + by splitting comma-separated and repeated Connection header + values for keep-alive, close, and upgrade handling -- by + :user:`rodrigobnogueira`. Related issues and pull requests on + GitHub: :issue:`12249`. + * Documented :exc:`asyncio.TimeoutError` for + WebSocketResponse.receive() and related methods -- by + :user:`veeceey`. Related issues and pull requests on GitHub: + :issue:`12042`. + * Upgraded llhttp to 3.9.1 -- by :user:`Dreamsorcerer`. Related + issues and pull requests on GitHub: :issue:`12069`. + * The benchmark CI job now runs only in the upstream repository + -- by :user:`Cycloctane`. It used to always fail in forks, + which this change fixed. Related issues and pull requests on + GitHub: :issue:`11737`. + * Fixed flaky performance tests by using appropriate fixed + thresholds that account for CI variability -- by + :user:`rodrigobnogueira`. Related issues and pull requests on + GitHub: :issue:`11992`. + * Fixed test_invalid_idna to work with idna 3.11 by using an + invalid character () that is rejected by yarl during + URL construction -- by :user:`rodrigobnogueira`. Related + issues and pull requests on GitHub: :issue:`12027`. + * Fixed race condition in test_data_file on Python 3.14 free- + threaded builds -- by :user:`rodrigobnogueira`. Related + issues and pull requests on GitHub: :issue:`12170`. + +------------------------------------------------------------------- Old: ---- aiohttp-3.13.3.tar.gz New: ---- aiohttp-3.13.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-aiohttp.spec ++++++ --- /var/tmp/diff_new_pack.bPEZt2/_old 2026-04-01 19:50:41.605277190 +0200 +++ /var/tmp/diff_new_pack.bPEZt2/_new 2026-04-01 19:50:41.613277523 +0200 @@ -19,7 +19,7 @@ %bcond_with docs %{?sle15_python_module_pythons} Name: python-aiohttp -Version: 3.13.3 +Version: 3.13.5 Release: 0 Summary: Asynchronous HTTP client/server framework License: Apache-2.0 @@ -153,6 +153,8 @@ rm -v tests/test_proxy_functional.py # Requires python-pytest-codspeed rm -v tests/test_benchmarks_* +# Helpers, now obsolete: https://github.com/aio-libs/aiohttp/issues/11400 +rm -v tests/test_cookie_helpers.py # randomly fails on xdist splits single_runs="(test_run_app or test_web_runner)" ++++++ aiohttp-3.13.3.tar.gz -> aiohttp-3.13.5.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-aiohttp/aiohttp-3.13.3.tar.gz /work/SRC/openSUSE:Factory/.python-aiohttp.new.21863/aiohttp-3.13.5.tar.gz differ: char 5, line 1 ++++++ vendor-llhttp.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-aiohttp/vendor-llhttp.tar.gz /work/SRC/openSUSE:Factory/.python-aiohttp.new.21863/vendor-llhttp.tar.gz differ: char 9, line 1
