search

bcgov / traction

Traction is designed with an API-first architecture layered on top of Hyperledger Aries Cloud Agent Python (ACA-Py) and streamlines the process of sending and receiving digital credentials for governments and organizations.
https://digital.gov.bc.ca/digital-trust/tools/traction/
Apache License 2.0
52 stars 48 forks source link

chore(deps): Update aiohttp requirement from ~=3.9.5 to ~=3.10.3 in /services/endorser #1316

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Updates the requirements on aiohttp to permit the latest version.

Release notes

Sourced from aiohttp's releases.

3.10.3

Bug fixes

  • Fixed multipart reading when stream buffer splits the boundary over several read() calls -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: #8653.

  • Fixed :py:class:aiohttp.TCPConnector doing blocking I/O in the event loop to create the SSLContext -- by :user:bdraco.

    The blocking I/O would only happen once per verify mode. However, it could cause the event loop to block for a long time if the SSLContext creation is slow, which is more likely during startup when the disk cache is not yet present.

    Related issues and pull requests on GitHub: #8672.

Miscellaneous internal changes

  • Improved performance of :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive when there is no timeout. -- by :user:bdraco.

    The timeout context manager is now avoided when there is no timeout as it accounted for up to 50% of the time spent in the :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive methods.

    Related issues and pull requests on GitHub: #8660.

  • Improved performance of starting request handlers with Python 3.12+ -- by :user:bdraco.

    Related issues and pull requests on GitHub: #8661.

  • Improved performance of HTTP keep-alive checks -- by :user:bdraco.

    Previously, when processing a request for a keep-alive connection, the keep-alive check would happen every second; the check is now rescheduled if it fires too early instead.

    Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.3 (2024-08-10)

Bug fixes

  • Fixed multipart reading when stream buffer splits the boundary over several read() calls -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:8653.

  • Fixed :py:class:aiohttp.TCPConnector doing blocking I/O in the event loop to create the SSLContext -- by :user:bdraco.

    The blocking I/O would only happen once per verify mode. However, it could cause the event loop to block for a long time if the SSLContext creation is slow, which is more likely during startup when the disk cache is not yet present.

    Related issues and pull requests on GitHub: :issue:8672.

Miscellaneous internal changes

  • Improved performance of :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive when there is no timeout. -- by :user:bdraco.

    The timeout context manager is now avoided when there is no timeout as it accounted for up to 50% of the time spent in the :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive methods.

    Related issues and pull requests on GitHub: :issue:8660.

  • Improved performance of starting request handlers with Python 3.12+ -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:8661.

  • Improved performance of HTTP keep-alive checks -- by :user:bdraco.

    Previously, when processing a request for a keep-alive connection, the keep-alive check would happen every second; the check is now rescheduled if it fires too early instead.

... (truncated)

Commits
  • ef20502 Release 3.10.3 (#8675)
  • 73d17d4 [PR #8676/2915102 backport][3.10] Fix type ignore in SSLContext creation conn...
  • f3fcba4 [PR #8672/c3219bf backport][3.10] Fix TCPConnector doing blocking I/O in the ...
  • f96182a [PR #8662/be23d16f backport][3.10] Improve performance of keepalive reschedul...
  • dbcdb16 [PR #8667/406cd2c7 backport][3.10] Improve performance of generating random W...
  • b4ad882 [PR #8661/4d604ea backport][3.10] Improve performance of starting request han...
  • 3a9de0c [PR #8660/14d5295 backport][3.10] Improve performance of WebSockets when ther...
  • 1bc8d53 [PR #8657/6c6ecfaf backport][3.10] Fix multipart reading with split boundary ...
  • 491106e Release 3.10.2 (#8655)
  • ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 month ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.