Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data
part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.
Fixed "Unclosed client session" when initialization of
:py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.
Related issues and pull requests on GitHub:
:issue:8253.
Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data
part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.
Related issues and pull requests on GitHub:
:issue:8332.
Added default Content-Disposition in multipart/form-data responses to avoid broken
form-data responses -- by :user:Dreamsorcerer.
Related issues and pull requests on GitHub:
:issue:8335.
3.9.4 (2024-04-11)
Bug fixes
The asynchronous internals now set the underlying causes
when assigning exceptions to the future objects
-- by :user:webknjaz.
Related issues and pull requests on GitHub:
:issue:8089.
Replaced the packaging is replaced from an old-fashioned :file:setup.py to an
in-tree :pep:517 build backend -- by :user:webknjaz.
Whenever the end-users or downstream packagers need to build frozenlist
from source (a Git checkout or an sdist), they may pass a config_settings
flag pure-python. If this flag is not set, a C-extension will be built
and included into the distribution.
Declared Python 3.12 and PyPy 3.8-3.10 supported officially
in the distribution package metadata.
Related issues and pull requests on GitHub:
:issue:553.
Replaced the packaging is replaced from an old-fashioned :file:setup.py to an
in-tree :pep:517 build backend -- by :user:webknjaz.
Whenever the end-users or downstream packagers need to build frozenlist
from source (a Git checkout or an sdist), they may pass a config_settings
flag pure-python. If this flag is not set, a C-extension will be built
and included into the distribution.
Upgraded the C-API macros that have been deprecated in Python 3.9 and later removed in 3.13 -- by @iemelyanov💰.
Related issues and pull requests on GitHub:#862, #864, #868, #898.
Reverted to using the public argument parsing API PyArg_ParseTupleAndKeywords() under Python 3.12 -- by @charles-dyfis-net💰 and @webknjaz💰.
The effect is that this change prevents build failures with clang 16.9.6 and gcc-14 reported in #926. It also fixes a segmentation fault crash caused by passing keyword arguments to MultiDict.getall() discovered by @jonaslb💰 and @hroncok💰 while examining the problem.
Related issues and pull requests on GitHub:#862, #909, #926, #929.
Fixed a SystemError: null argument to internal routine error on a MultiDict.items().isdisjoint() call when using C Extensions.
Upgraded the C-API macros that have been deprecated in Python 3.9
and later removed in 3.13 -- by :user:iemelyanov.
Related issues and pull requests on GitHub:
:issue:862, :issue:864, :issue:868, :issue:898.
Reverted to using the public argument parsing API
:c:func:PyArg_ParseTupleAndKeywords under Python 3.12
-- by :user:charles-dyfis-net and :user:webknjaz.
The effect is that this change prevents build failures with
clang 16.9.6 and gcc-14 reported in :issue:926. It also
fixes a segmentation fault crash caused by passing keyword
arguments to :py:meth:MultiDict.getall() <multidict.MultiDict.getall> discovered by :user:jonaslb
and :user:hroncok while examining the problem.
Related issues and pull requests on GitHub:
:issue:862, :issue:909, :issue:926, :issue:929.
Fixed a SystemError: null argument to internal routine error on
a MultiDict.items().isdisjoint() call when using C Extensions.
Related issues and pull requests on GitHub:
:issue:927.
Improved documentation
On the Contributing docs <https://github.com/aio-libs/multidict/blob/master/CHANGES/README.rst>_ page,
a link to the Towncrier philosophy has been fixed.
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
Emit a warning when [tools.setuptools] is present in pyproject.toml and will be ignored. -- by :user:SnoopJ (#4150)
Improved AttributeError error message if pkg_resources.EntryPoint.require is called without extras or distribution
Gracefully "do nothing" when trying to activate a pkg_resources.Distribution with a None location, rather than raising a TypeError
-- by :user:Avasam (#4262)
Typed the dynamically defined variables from pkg_resources -- by :user:Avasam (#4267)
Modernized and refactored VCS handling in package_index. (#4332)
Bugfixes
In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
Fix finder template for lenient editable installs of implicit nested namespaces
constructed by using package_dir to reorganise directory structure. (#4278)
Fix an error with UnicodeDecodeError handling in pkg_resources when trying to read files in UTF-8 with a fallback -- by :user:Avasam (#4348)
Improved Documentation
Uses RST substitution to put badges in 1 line. (#4312)
Deprecations and Removals
Further adoption of UTF-8 in setuptools.
This change regards mostly files produced and consumed during the build process
(e.g. metadata files, script wrappers, automatically updated config files, etc..)
Although precautions were taken to minimize disruptions, some edge cases might
be subject to backwards incompatibility.
Support for "locale" encoding is now deprecated. (#4309)
Remove setuptools.convert_path after long deprecation period.
This function was never defined by setuptools itself, but rather a
side-effect of an import for internal usage. (#4322)
Remove fallback for customisations of distutils' build.sub_command after long
deprecated period.
Users are advised to import build directly from setuptools.command.build. (#4322)
Removed typing_extensions from vendored dependencies -- by :user:Avasam (#4324)
Remove deprecated setuptools.dep_util.
The provided alternative is setuptools.modified. (#4360)
This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).
Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.
There is a single change since 4.12.0rc1:
Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and
3.9 that meant that
isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a
different result in some situations depending on whether or not a profiling
function had been set using sys.setprofile. Patch by Alex Waygood.
Changes included in 4.12.0rc1:
Improve the implementation of type parameter defaults (PEP 696)
Backport the typing.NoDefault sentinel object from Python 3.13.
TypeVars, ParamSpecs and TypeVarTuples without default values now have
their __default__ attribute set to this sentinel value.
TypeVars, ParamSpecs and TypeVarTuples now have a has_default()
method, matching typing.TypeVar, typing.ParamSpec and
typing.TypeVarTuple on Python 3.13+.
TypeVars, ParamSpecs and TypeVarTuples with default=None passed to
their constructors now have their __default__ attribute set to None
at runtime rather than types.NoneType.
Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python
3.13.0b1 and newer.
Backport CPython PR #118774,
allowing type parameters without default values to follow those with
default values in some type parameter lists. Patch by Alex Waygood,
backporting a CPython PR by Jelle Zijlstra.
It is now disallowed to use a TypeVar with a default value after a
TypeVarTuple in a type parameter list. This matches the CPython
implementation of PEP 696 on Python 3.13+.
Fix bug in PEP-696 implementation where a default value for a ParamSpec
would be cast to a tuple if a list was provided.
Patch by Alex Waygood.
Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
__static_attributes__ attribute to all classes in Python,
which broke some assumptions made by the implementation of
typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new
__firstlineno__ attribute to all classes.
Fix AttributeError when using typing_extensions.runtime_checkable
in combination with typing.Protocol on Python 3.12.2 or newer.
Patch by Alex Waygood.
At runtime, assert_never now includes the repr of the argument
This release is mostly the same as 4.12.0rc1 but fixes one more
longstanding bug.
Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and
3.9 that meant that
isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a
different result in some situations depending on whether or not a profiling
function had been set using sys.setprofile. Patch by Alex Waygood.
Release 4.12.0rc1 (May 16, 2024)
This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).
Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.
Full changelog:
Improve the implementation of type parameter defaults (PEP 696)
Backport the typing.NoDefault sentinel object from Python 3.13.
TypeVars, ParamSpecs and TypeVarTuples without default values now have
their __default__ attribute set to this sentinel value.
TypeVars, ParamSpecs and TypeVarTuples now have a has_default()
method, matching typing.TypeVar, typing.ParamSpec and
typing.TypeVarTuple on Python 3.13+.
TypeVars, ParamSpecs and TypeVarTuples with default=None passed to
their constructors now have their __default__ attribute set to None
at runtime rather than types.NoneType.
Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python
3.13.0b1 and newer.
Backport CPython PR #118774,
allowing type parameters without default values to follow those with
default values in some type parameter lists. Patch by Alex Waygood,
backporting a CPython PR by Jelle Zijlstra.
It is now disallowed to use a TypeVar with a default value after a
TypeVarTuple in a type parameter list. This matches the CPython
implementation of PEP 696 on Python 3.13+.
Fix bug in PEP-696 implementation where a default value for a ParamSpec
would be cast to a tuple if a list was provided.
Patch by Alex Waygood.
Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
__static_attributes__ attribute to all classes in Python,
which broke some assumptions made by the implementation of
typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new
__firstlineno__ attribute to all classes.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all group with 8 updates:
3.9.1
3.9.5
1.4.0
1.4.1
6.0.4
6.0.5
0.6.0
0.7.0
8.6.1
8.6.2
2.32.0
2.32.2
69.5.1
70.0.0
4.11.0
4.12.0
Updates
aiohttp
from 3.9.1 to 3.9.5Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
b844d42
Release v3.9.5 (#8340)0415a4c
Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)f21c6f2
[PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)7eecdff
[PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)82fbe64
[PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)01df7ec
Bump version7917ae2
Merge 3.1b3397c7
Release v3.9.4 (#8201)a7e240a
[PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...2833552
Escape filenames and paths in HTML when generating index pages (#8317) (#8319)Updates
frozenlist
from 1.4.0 to 1.4.1Release notes
Sourced from frozenlist's releases.
... (truncated)
Changelog
Sourced from frozenlist's changelog.
... (truncated)
Commits
457b28e
⇪📦 Bump to v1.4.14998859
📝 Mark "dev" as a known word3d740da
⇪📦 Bump to v1.4.1.dev0d92751c
🧪 Cache pre-commit.com virtualenvs @ CI7394415
🧪🐛 List explicit MyPy coverage.xml paths @ CIa26ba84
🧪 Update codecov action input to pluralfiles
e12ecf6
🧪 Upload MyPy coverage to Codecov59b9a74
🐛🧪 Fix the operator intest_lt
01720b2
🧪 Keep building macosx_x86_64 wheels for testsd9f5e0c
🧪💅 Add a reusable project name var to CI/CDUpdates
multidict
from 6.0.4 to 6.0.5Release notes
Sourced from multidict's releases.
... (truncated)
Changelog
Sourced from multidict's changelog.
... (truncated)
Commits
a9b281b
⇪ 📦 Release v6.0.5ed825c8
🧪 Download artifacts todist/
@ release job7b04a64
🧪 Normalize issue refs @ release action74840e8
🧪 Pass Codecov token to reusable linters job41c133e
🧪 Bump Codecov action to v4adb1976
📝 Fix return type @ Sphinx config99e435f
📝 Mention bylines in the changelog guidelines736169e
📝 Clarify need to only ref PR @ change note name887846f
📝 Highlight the RST term @ changelog guide8f57f8a
📝 Add a missing comma @ changelog guideUpdates
annotated-types
from 0.6.0 to 0.7.0Release notes
Sourced from annotated-types's releases.
Commits
0735cd3
Prepare for 0.7.0 release (#70)0757d41
Improve handling of GroupedMetadata (First try) (#69)99dbac8
AddUnit
type (#65)89e3d2e
Fix IsDigit -> IsDigits (#63)59a50d1
Correct misstatement in README (#62)6693037
suggested fix on typo (#60)195e340
add URLs topyproject.toml
(#58)657ded9
Allowtzinfo
objects forTimezone
(#56)Updates
jupyter-client
from 8.6.1 to 8.6.2Release notes
Sourced from jupyter-client's releases.
Changelog
Sourced from jupyter-client's changelog.
Commits
8ca76ea
Publish 8.6.2474093f
Use non-blocking zmq Poller (#1023)0236973
use https url (#1021)Updates
requests
from 2.32.0 to 2.32.2Release notes
Sourced from requests's releases.
Changelog
Sourced from requests's changelog.
Commits
88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_context970e8ce
v2.32.1Updates
setuptools
from 69.5.1 to 70.0.0Changelog
Sourced from setuptools's changelog.
... (truncated)
Commits
5cbf12a
Workaround for release error in v709c1bcc3
Bump version: 69.5.1 → 70.0.04dc0c31
Remove deprecatedsetuptools.dep_util
(#4360)6c1ef57
Remove xfail now that test passes. Ref #4371.d14fa01
Add all site-packages dirs when creating simulated environment for test_edita...6b7f7a1
Preventbin
folders to be taken as extern packages when vendoring (#4370)69141f6
Add doctest for vendorised bin folder2a53cc1
Prevent 'bin' folders to be taken as extern packages7208628
Replace call to deprecatedvalidate_pyproject
command (#4363)96d681a
Remove call to deprecated validate_pyproject commandUpdates
typing-extensions
from 4.11.0 to 4.12.0Release notes
Sourced from typing-extensions's releases.
... (truncated)
Changelog
Sourced from typing-extensions's changelog.
... (truncated)
Commits
f90a8dc
Prepare release 4.12.0 (#408)118e1a6
Make sureisinstance(typing_extensions.ParamSpec("P"), typing.TypeVar)
is u...910141a
Add security documentation (#403)0dbc7c9
Prepare release 4.12.0rc1 (#402)1da5d3d
Update actions/setup-python (#401)72298f0
4.12.0a2 (#400)465ba78
Fix publish workflow (#399)21fde1f
Prepare releaes 4.12.0a1 (#398)63d8277
Add workflow for Trusted Publishing (#395)074d053
Backport PEP-696 specialisation on Python >=3.11.1 (#397)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show