Bump aiohttp from 3.8.1 to 3.8.5

[dependabot[bot]]

Bumps aiohttp from 3.8.1 to 3.8.5.

Release notes

Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:webknjaz and :user:Dreamsorcerer.

  Thanks to :user:sethmlarson for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w.

  .. _llhttp: https://llhttp.org

  (#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer

  (#7366)

Bugfixes

• Fixed a transport is :data:None error -- by :user:Dreamsorcerer.

  (#3355)

---

3.8.4

Bugfixes

• Fixed incorrectly overwriting cookies with the same name and domain, but different path. (#6638)
• Fixed ConnectionResetError not being raised after client disconnection in SSL environments. (#7180)

---

3.8.3

.. attention::

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:webknjaz and :user:Dreamsorcerer.

  Thanks to :user:sethmlarson for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w.

  .. _llhttp: https://llhttp.org

  [#7346](https://github.com/aio-libs/aiohttp/issues/7346) <https://github.com/aio-libs/aiohttp/issues/7346>_

Features

• Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer

  [#7366](https://github.com/aio-libs/aiohttp/issues/7366) <https://github.com/aio-libs/aiohttp/issues/7366>_

Bugfixes

• Fixed a transport is :data:None error -- by :user:Dreamsorcerer.

  [#3355](https://github.com/aio-libs/aiohttp/issues/3355) <https://github.com/aio-libs/aiohttp/issues/3355>_

---

3.8.4 (2023-02-12)

Bugfixes

• Fixed incorrectly overwriting cookies with the same name and domain, but different path. [#6638](https://github.com/aio-libs/aiohttp/issues/6638) <https://github.com/aio-libs/aiohttp/issues/6638>_
• Fixed ConnectionResetError not being raised after client disconnection in SSL environments. [#7180](https://github.com/aio-libs/aiohttp/issues/7180) <https://github.com/aio-libs/aiohttp/issues/7180>_

... (truncated)

Commits

• 9c13a52 Bump aiohttp to v3.8.5 a security release
• 7c02129  Bump pypa/cibuildwheel to v2.14.1
• 135a45e Improve error messages from C parser (#7366) (#7380)
• 9337fb3 Fix bump llhttp to v8.1.1 (#7367) (#7377)
• f07e9b4 [PR #7373/66e261a5 backport][3.8] Drop azure mention (#7374)
• 01d9b70 [PR #7370/22c264ce backport][3.8] fix: Spelling error fixed (#7371)
• 3577b1e [PR #7359/7911f1e9 backport][3.8]  Set up secretless publishing to PyPI (#7360)
• 8d45f9c [PR #7333/3a54d378 backport][3.8] Fix TLS transport is None error (#7357)
• dd8e24e [PR #7343/18057581 backport][3.8] Mention encoding in yarl.URL (#7355)
• 4087410 [PR #7346/346fd202 backport][3.8]  Bump vendored llhttp to v8.1.1 (#7352)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

Merging #179 (b5d6495) into 0.9.X (4ca9c49) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##            0.9.X     #179   +/-   ##
=======================================
  Coverage   90.14%   90.14%           
=======================================
  Files          22       22           
  Lines        2507     2507           
  Branches      389      389           
=======================================
  Hits         2260     2260           
  Misses        154      154           
  Partials       93       93           

Flag	Coverage Δ
unittests	90.14% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more