0Ry5/Posthorn

Fork 1

chore(deps): Update Python dependencies #21

Open

renovate-bot wants to merge 1 commit from renovate/python-deps into main

renovate-bot commented

2025-10-13 15:17:29 +02:00

Collaborator

This PR contains the following updates:

Package	Change	Age	Confidence
PyGithub	`==2.6.1` -> `==2.8.1`
PyNaCl	`==1.5.0` -> `==1.6.0`
aiohttp	`==3.11.14` -> `==3.13.1`
aiosignal	`==1.3.2` -> `==1.4.0`
attrs (changelog)	`==25.3.0` -> `==25.4.0`
certifi	`==2025.1.31` -> `==2025.10.5`
cffi (changelog)	`==1.17.1` -> `==2.0.0`
charset-normalizer (changelog)	`==3.4.1` -> `==3.4.4`
cryptography (changelog)	`==44.0.2` -> `==46.0.3`
discord.py	`==2.5.2` -> `==2.6.4`
frozenlist	`==1.5.0` -> `==1.8.0`
idna (changelog)	`==3.10` -> `==3.11`
multidict	`==6.2.0` -> `==6.7.0`
propcache	`==0.3.1` -> `==0.4.1`
pycparser	`==2.22` -> `==2.23`
python-dotenv	`==1.1.0` -> `==1.1.1`
requests (source, changelog)	`==2.32.3` -> `==2.32.5`
typing_extensions (changelog)	`==4.13.0` -> `==4.15.0`
urllib3 (changelog)	`==2.3.0` -> `==2.5.0`
wrapt (changelog)	`==1.17.2` -> `==1.17.3`
yarl	`==1.18.3` -> `==1.22.0`

Release Notes

pygithub/pygithub (PyGithub)

`v2.8.1`

Compare Source

What's Changed

Bug Fixes

Use default type if known type is not supported by @EnricoMi in PyGithub/PyGithub#3365

Full Changelog: https://github.com/PyGithub/PyGithub/compare/v2.8.0...v2.8.1

`v2.8.0`

Compare Source

What's Changed

New Features

Add self hosted runner management to Organization by @billnapier in PyGithub/PyGithub#3203
Add support to generate release notes by @mball-agathos in PyGithub/PyGithub#3022

Improvements

Fix connection pooling to improve connection performance by @chriskuehl in PyGithub/PyGithub#3289
Add Repository.get_automated_security_fixes method by @zstyblik in PyGithub/PyGithub#3303
Sync Issue class with API spec by @EnricoMi in PyGithub/PyGithub#3338
Return more union classes like NamedUser | Organization | Enterprise by @EnricoMi in PyGithub/PyGithub#3224
Sync Enterprise class with API spec by @EnricoMi in PyGithub/PyGithub#3342
Sync GitReleaseAsset class with API spec by @EnricoMi in PyGithub/PyGithub#3343
Sync many class with OpenAPI spec by @EnricoMi in PyGithub/PyGithub#3344
Point deprecation warnings to the caller code rather than inner class by @xmo-odoo in PyGithub/PyGithub#3275
Allow for repo strings in all Team repo methods by @EnricoMi in PyGithub/PyGithub#3356

Bug Fixes

Fix API path of Repository.get_git_ref by @csalerno-asml in PyGithub/PyGithub#2992
Rework redirection URL allowance check by @EnricoMi in PyGithub/PyGithub#3329
Fix GitRelease.name, deprecate GitRelease.title by @EnricoMi in PyGithub/PyGithub#3346
Remove "COMMENT" as the default event for create_review by @eddie-santos in PyGithub/PyGithub#3078
Add support for public release assets by @aolieman in PyGithub/PyGithub#3339
Fix GitHub breaking API change of maintainers in Organization.create_team by @interifter in PyGithub/PyGithub#3291

Maintenance

Minor fix to release.yml by @EnricoMi in PyGithub/PyGithub#3201
Reduce test replay data by @EnricoMi in PyGithub/PyGithub#3243
Add check to OpenAPI script to check doc-string verbs by @EnricoMi in PyGithub/PyGithub#3332
Improve apply OpenAPI schemas by @EnricoMi in PyGithub/PyGithub#3333
Add config to OpenAPI script to ignore schemas by @EnricoMi in PyGithub/PyGithub#3334
Add suggest and create method feature to OpenAPI script by @EnricoMi in PyGithub/PyGithub#3318
Fix CI OpenApi apply command by @EnricoMi in PyGithub/PyGithub#3341
Improve OpenAPI scripts by @EnricoMi in PyGithub/PyGithub#3340
Improve OpenAPI CI by @EnricoMi in PyGithub/PyGithub#3347
Rework test framework by @EnricoMi in PyGithub/PyGithub#3271
Some minor fixes to OpenAPI scripts by @EnricoMi in PyGithub/PyGithub#3350
Add manual workflow to fix auto-fixable issues by @EnricoMi in PyGithub/PyGithub#3351
Bump actions/download-artifact from 4 to 5 by @dependabot[bot] in PyGithub/PyGithub#3330
Use default per-page const in PaginatedList by @sam93210 in PyGithub/PyGithub#3039
Bump actions/setup-python from 4 to 5 by @dependabot[bot] in PyGithub/PyGithub#3283
Bump actions/checkout from 3 to 5 by @dependabot[bot] in PyGithub/PyGithub#3348
Various minor OpenAPI scripts fixes by @EnricoMi in PyGithub/PyGithub#3353
Add union class support to OpenAPI script by @EnricoMi in PyGithub/PyGithub#3354
Add github_actions label to Maintenance section by @EnricoMi in PyGithub/PyGithub#3357
Upgrade docformatter pre-commit hook by @EnricoMi in PyGithub/PyGithub#3359
Add warning about Checks API in doc-strings by @atodorov in PyGithub/PyGithub#3229
Update docs on development by @EnricoMi in PyGithub/PyGithub#3352

New Contributors

@chriskuehl made their first contribution in PyGithub/PyGithub#3289
@zstyblik made their first contribution in PyGithub/PyGithub#3303
@csalerno-asml made their first contribution in PyGithub/PyGithub#2992
@eddie-santos made their first contribution in PyGithub/PyGithub#3078
@aolieman made their first contribution in PyGithub/PyGithub#3339
@sam93210 made their first contribution in PyGithub/PyGithub#3039
@mball-agathos made their first contribution in PyGithub/PyGithub#3022
@atodorov made their first contribution in PyGithub/PyGithub#3229
@interifter made their first contribution in PyGithub/PyGithub#3291

Full Changelog: https://github.com/PyGithub/PyGithub/compare/v2.7.0...v2.8.0

`v2.7.0`

Compare Source

What's Changed

Breaking Changes

Method Github.get_rate_limit() now returns RateLimitOverview rather than RateLimit (PyGithub/PyGithub#3205).

Code like

gh.get_rate_limit().core.remaining

should be replaced with

gh.get_rate_limit().resources.core.remaining

Method GitTag.verification now returns GitCommitVerification rather than dict[str, Any] (PyGithub/PyGithub#3226).

Code like

tag.verification["reason"]
tag.verification.get("reason")

should be replaced with

tag.verification.reason

New Features

Add getting list of self-hosted runners of organization by @climbfuji in PyGithub/PyGithub#3190
Apply OpenAPI spec by @EnricoMi in PyGithub/PyGithub#3317
Add support for Sub-Issues by @e7217 in PyGithub/PyGithub#3258

Improvements

Refactor search results into separate classes by @EnricoMi in PyGithub/PyGithub#3204
Add OrganizationInvitation by @EnricoMi in PyGithub/PyGithub#3207
Add and apply missing schemas by @EnricoMi in PyGithub/PyGithub#3209
Sync RepositoryAdvisory tests with OpenAPI spec by @EnricoMi in PyGithub/PyGithub#3215
Sync ProjectColumn and ProjectCard tests with OpenAPI spec by @EnricoMi in PyGithub/PyGithub#3216
Sync CopilotSeat class with API spec by @EnricoMi in PyGithub/PyGithub#3232
Sync HookDeliverySummary class with API spec by @EnricoMi in PyGithub/PyGithub#3233
Sync RequiredPullRequestReviews class with API spec by @EnricoMi in PyGithub/PyGithub#3234
Sync RequiredStatusChecks class with API spec by @EnricoMi in PyGithub/PyGithub#3236
Sync Team class with API spec by @EnricoMi in PyGithub/PyGithub#3237
Replace deprecated.deprecated() with typing_extensions.deprecated() by @lazka in PyGithub/PyGithub#3255
fix(CodeScanAlert): add missing attributes by @ReenigneArcher in PyGithub/PyGithub#3274
Allow SHAs when creating PR comments by @tuchfarber in PyGithub/PyGithub#3248
Get collaborator role name by @jmgate in PyGithub/PyGithub#3295
Adding prevent_self_review property to Repository.createEnvironment by @gopidesupavan in PyGithub/PyGithub#3246
Add PullRequest.get_issue_timeline method by @kukarkinmm in PyGithub/PyGithub#3259
Support built-in reversed() on PaginatedList by @mfocko in PyGithub/PyGithub#3260
Relax 404 condition in Requester exception handling by @jsmolar in PyGithub/PyGithub#3299
Add delete_self_hosted_runner to Organization by @uncleDecart in PyGithub/PyGithub#3306

Bug Fixes

Fix broken pickle support for Auth classes by @EnricoMi in PyGithub/PyGithub#3211
Remove schema from Deployment, remove message attribute by @EnricoMi in PyGithub/PyGithub#3223
Fix incorrect deprecated import by @EnricoMi in PyGithub/PyGithub#3225
Add CodeSecurityConfigRepository returned by get_repos_for_code_security_config by @EnricoMi in PyGithub/PyGithub#3219
Fix Branch.get_required_status_checks return type by @EnricoMi in PyGithub/PyGithub#3235
Adds multi_select and true_false options to CustomProperty.value_type by @gfog-floqast in PyGithub/PyGithub#3173
Fix url encoding of strings with slashes in URLs by @OscarVanL in PyGithub/PyGithub#3263
Fix side-effect when removing Authorization key from headers by @alecglen in PyGithub/PyGithub#3313
Make TimingData.run_duration_ms optional by @LifeLex in PyGithub/PyGithub#3268
Normalize App ID to String & Enhance JWT Issuer Verification by @x612skm in PyGithub/PyGithub#3272

Dependencies

Bump actions/checkout from 3 to 4 by @dependabot[bot] in PyGithub/PyGithub#2754

Maintenance

Mention removal of AppAuth.private_key in changelog by @EnricoMi in PyGithub/PyGithub#3212
Remove wrong schema from Repository by @EnricoMi in PyGithub/PyGithub#3220
Rename HookDeliveryRequest and …Response private headers fields by @EnricoMi in PyGithub/PyGithub#3221
Sort classes' functions by @EnricoMi in PyGithub/PyGithub#3231
Move all Python files to future annotations by @EnricoMi in PyGithub/PyGithub#3241
Fix return type of PaginatedList[int] by @EnricoMi in PyGithub/PyGithub#3240
Sync with OpenAPI spec by @EnricoMi in PyGithub/PyGithub#3244
Make token auth default in tests by @EnricoMi in PyGithub/PyGithub#3242
Add Organization.get_repos_for_code_security_config test by @billnapier in PyGithub/PyGithub#3239
Add Python 3.13 to CI by @lazka in PyGithub/PyGithub#3253
Enhance PyGithub webhook documentation by @ssganesh035 in PyGithub/PyGithub#3267
Create codeql.yml by @JLLeitschuh in PyGithub/PyGithub#3277
Add schema to TimingData by @EnricoMi in PyGithub/PyGithub#3206
Remove error schemas from classes by @EnricoMi in PyGithub/PyGithub#3202

New Contributors

@ssganesh035 made their first contribution in PyGithub/PyGithub#3267
@ReenigneArcher made their first contribution in PyGithub/PyGithub#3274
@climbfuji made their first contribution in PyGithub/PyGithub#3190
@tuchfarber made their first contribution in PyGithub/PyGithub#3248
@jmgate made their first contribution in PyGithub/PyGithub#3295
@gopidesupavan made their first contribution in PyGithub/PyGithub#3246
@kukarkinmm made their first contribution in PyGithub/PyGithub#3259
@mfocko made their first contribution in PyGithub/PyGithub#3260
@gfog-floqast made their first contribution in PyGithub/PyGithub#3173
@jsmolar made their first contribution in PyGithub/PyGithub#3299
@OscarVanL made their first contribution in PyGithub/PyGithub#3263
@alecglen made their first contribution in PyGithub/PyGithub#3313
@LifeLex made their first contribution in PyGithub/PyGithub#3268
@e7217 made their first contribution in PyGithub/PyGithub#3258
@x612skm made their first contribution in PyGithub/PyGithub#3272
@uncleDecart made their first contribution in PyGithub/PyGithub#3306

Full Changelog: https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.7.0

pyca/pynacl (PyNaCl)

`v1.6.0`

Compare Source

BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
Added support for the low level AEAD AES bindings.
Added support for crypto_core_ed25519_from_uniform.
Update libsodium to 1.0.20-stable (2025-08-27 build).
Added support for free-threaded Python 3.14.
Added support for Windows on ARM wheels.

aio-libs/aiohttp (aiohttp)

Features

Make configuration options in AppRunner also available in run_app()
-- by :user:Cycloctane.

Related issues and pull requests on GitHub:
:issue:11633.

Bug fixes

Switched to backports.zstd for Python <3.14 and fixed zstd decompression for chunked zstd streams -- by :user:ZhaoMJ.

Note: Users who installed zstandard for support on Python <3.14 will now need to install
backports.zstd instead (installing aiohttp[speedups] will do this automatically).

Related issues and pull requests on GitHub:
:issue:11623.
Updated Content-Type header parsing to return application/octet-stream when header contains invalid syntax.
See :rfc:9110#section-8.3-5.

-- by :user:sgaist.

Related issues and pull requests on GitHub:
:issue:10889.
Fixed Python 3.14 support when built without zstd support -- by :user:JacobHenner.

Related issues and pull requests on GitHub:
:issue:11603.
Fixed blocking I/O in the event loop when using netrc authentication by moving netrc file lookup to an executor -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11634.
Fixed routing to a sub-application added via .add_domain() not working
if the same path exists on the parent app. -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub:
:issue:11673.

Packaging updates and notes for downstreams

Moved core packaging metadata from :file:setup.cfg to :file:pyproject.toml per :pep:621
-- by :user:cdce8p.

Related issues and pull requests on GitHub:
:issue:9951.

Features

Added support for Python 3.14.

Related issues and pull requests on GitHub:
:issue:10851, :issue:10872.
Added support for free-threading in Python 3.14+ -- by :user:kumaraditya303.

Related issues and pull requests on GitHub:
:issue:11466, :issue:11464.
Added support for Zstandard (aka Zstd) compression
-- by :user:KGuillaume-chaps.

Related issues and pull requests on GitHub:
:issue:11161.
Added StreamReader.total_raw_bytes to check the number of bytes downloaded
-- by :user:robpats.

Related issues and pull requests on GitHub:
:issue:11483.

Bug fixes

Fixed pytest plugin to not use deprecated :py:mod:asyncio policy APIs.

Related issues and pull requests on GitHub:
:issue:10851.
Updated Content-Disposition header parsing to handle trailing semicolons and empty parts
-- by :user:PLPeeters.

Related issues and pull requests on GitHub:
:issue:11243.
Fixed saved CookieJar failing to be loaded if cookies have partitioned flag when
http.cookie does not have partitioned cookies supports. -- by :user:Cycloctane.

Related issues and pull requests on GitHub:
:issue:11523.

Improved documentation

Added Wireup to third-party libraries -- by :user:maldoinc.

Related issues and pull requests on GitHub:
:issue:11233.

Packaging updates and notes for downstreams

The blockbuster test dependency is now optional; the corresponding test fixture is disabled when it is unavailable
-- by :user:musicinybrain.

Related issues and pull requests on GitHub:
:issue:11363.
Added riscv64 build to releases -- by :user:eshattow.

Related issues and pull requests on GitHub:
:issue:11425.

Contributor-facing changes

Fixed test_send_compress_text failing when alternative zlib implementation
is used. (zlib-ng in python 3.14 windows build) -- by :user:Cycloctane.

Related issues and pull requests on GitHub:
:issue:11546.

Bug fixes

Fixed :class:~aiohttp.DigestAuthMiddleware to preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expecting algorithm=MD5-sess instead of algorithm=MD5-SESS)
-- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11352.

Improved documentation

Remove outdated contents of aiohttp-devtools and aiohttp-swagger
from Web_advanced docs.
-- by :user:Cycloctane

Related issues and pull requests on GitHub:
:issue:11347.

Packaging updates and notes for downstreams

Started including the llhttp :file:LICENSE file in wheels by adding vendor/llhttp/LICENSE to license-files in :file:setup.cfg -- by :user:threexc.

Related issues and pull requests on GitHub:
:issue:11226.

Contributor-facing changes

Updated a regex in test_aiohttp_request_coroutine for Python 3.14.

Related issues and pull requests on GitHub:
:issue:11271.

Bug fixes

Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:9110#section-15.4.3-3.1 -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11270.
Fixed :py:meth:ClientSession.close() <aiohttp.ClientSession.close> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11273.
Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub:
:issue:11280.

Features

Added initial trailer parsing logic to Python HTTP parser -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub:
:issue:11269.

Improved documentation

Clarified exceptions raised by WebSocketResponse.send_frame et al.
-- by :user:DoctorJohn.

Related issues and pull requests on GitHub:
:issue:11234.

Bug fixes

Fixed auto-created :py:class:~aiohttp.TCPConnector not using the session's event loop when :py:class:~aiohttp.ClientSession is created without an explicit connector -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11147.

Bug fixes

Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g., \012 for newline) by vendoring the correct _unquote implementation from Python's http.cookies module -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11173.
Fixed Cookie header parsing to treat attribute names as regular cookies per :rfc:6265#section-5.4 -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11178.

Features

Improved SSL connection handling by changing the default ssl_shutdown_timeout
from 0.1 to 0 seconds. SSL connections now use Python's default graceful
shutdown during normal operation but are aborted immediately when the connector
is closed, providing optimal behavior for both cases. Also added support for
ssl_shutdown_timeout=0 on all Python versions. Previously, this value was
rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
Python < 3.11 now trigger a RuntimeWarning -- by :user:bdraco.

The ssl_shutdown_timeout parameter is now deprecated and will be removed in
aiohttp 4.0 as there is no clear use case for changing the default.

Related issues and pull requests on GitHub:
:issue:11148.

Deprecations (removal in next major release)

Improved SSL connection handling by changing the default ssl_shutdown_timeout
from 0.1 to 0 seconds. SSL connections now use Python's default graceful
shutdown during normal operation but are aborted immediately when the connector
is closed, providing optimal behavior for both cases. Also added support for
ssl_shutdown_timeout=0 on all Python versions. Previously, this value was
rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
Python < 3.11 now trigger a RuntimeWarning -- by :user:bdraco.

The ssl_shutdown_timeout parameter is now deprecated and will be removed in
aiohttp 4.0 as there is no clear use case for changing the default.

Related issues and pull requests on GitHub:
:issue:11148.

Bug fixes

Fixed leak of aiodns.DNSResolver when :py:class:~aiohttp.TCPConnector is closed and no resolver was passed when creating the connector -- by :user:Tasssadar.

This was a regression introduced in version 3.12.0 (:pr:10897).

Related issues and pull requests on GitHub:
:issue:11150.

Bug fixes

Fixed IOBasePayload and TextIOPayload reading entire files into memory when streaming large files -- by :user:bdraco.

When using file-like objects with the aiohttp client, the entire file would be read into memory if the file size was provided in the Content-Length header. This could cause out-of-memory errors when uploading large files. The payload classes now correctly read data in chunks of READ_SIZE (64KB) regardless of the total content length.

Related issues and pull requests on GitHub:
:issue:11138.

Features

Added preemptive digest authentication to :class:~aiohttp.DigestAuthMiddleware -- by :user:bdraco.

The middleware now reuses authentication credentials for subsequent requests to the same
protection space, improving efficiency by avoiding extra authentication round trips.
This behavior matches how web browsers handle digest authentication and follows
:rfc:7616#section-3.6.

Preemptive authentication is enabled by default but can be disabled by passing
preemptive=False to the middleware constructor.

Related issues and pull requests on GitHub:
:issue:11128, :issue:11129.

`v3.12.7`

Compare Source

===================

.. warning::

This release fixes an issue where the quote_cookie parameter was not being properly
respected for shared cookies (domain="", path=""). If your server does not handle quoted
cookies correctly, you may need to disable cookie quoting by setting quote_cookie=False
when creating your :class:~aiohttp.ClientSession or :class:~aiohttp.CookieJar.
See :ref:aiohttp-client-cookie-quoting-routine for details.

Bug fixes

Fixed cookie parsing to be more lenient when handling cookies with special characters
in names or values. Cookies with characters like {, }, and / in names are now
accepted instead of causing a :exc:~http.cookies.CookieError and 500 errors. Additionally,
cookies with mismatched quotes in values are now parsed correctly, and quoted cookie
values are now handled consistently whether or not they include special attributes
like Domain. Also fixed :class:~aiohttp.CookieJar to ensure shared cookies (domain="", path="")
respect the quote_cookie parameter, making cookie quoting behavior consistent for
all cookies -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:2683, :issue:5397, :issue:7993, :issue:11112.
Fixed an issue where cookies with duplicate names but different domains or paths
were lost when updating the cookie jar. The :class:~aiohttp.ClientSession
cookie jar now correctly stores all cookies even if they have the same name but
different domain or path, following the :rfc:6265#section-5.3 storage model -- by :user:bdraco.

Note that :attr:ClientResponse.cookies <aiohttp.ClientResponse.cookies> returns
a :class:~http.cookies.SimpleCookie which uses the cookie name as a key, so
only the last cookie with each name is accessible via this interface. All cookies
can be accessed via :meth:ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall> if needed.

Related issues and pull requests on GitHub:
:issue:4486, :issue:11105, :issue:11106.

Miscellaneous internal changes

Avoided creating closed futures in ResponseHandler that will never be awaited -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11107.
Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11114.

`v3.12.6`

Compare Source

===================

Bug fixes

Fixed spurious "Future exception was never retrieved" warnings for connection lost errors when the connector is not closed -- by :user:bdraco.

When connections are lost, the exception is now marked as retrieved since it is always propagated through other means, preventing unnecessary warnings in logs.

Related issues and pull requests on GitHub:
:issue:11100.

`v3.12.4`

Compare Source

===================

Bug fixes

Fixed connector not waiting for connections to close before returning from :meth:~aiohttp.BaseConnector.close (partial backport of :pr:3733) -- by :user:atemate and :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1925, :issue:11074.

`v3.12.3`

Compare Source

===================

Bug fixes

Fixed memory leak in :py:meth:~aiohttp.CookieJar.filter_cookies that caused unbounded memory growth
when making requests to different URL paths -- by :user:bdraco and :user:Cycloctane.

Related issues and pull requests on GitHub:
:issue:11052, :issue:11054.

`v3.12.2`

Compare Source

===================

Bug fixes

Fixed Content-Length header not being set to 0 for non-GET requests with None body -- by :user:bdraco.

Non-GET requests (POST, PUT, PATCH, DELETE) with None as the body now correctly set the Content-Length header to 0, matching the behavior of requests with empty bytes (b""). This regression was introduced in aiohttp 3.12.1.

Related issues and pull requests on GitHub:
:issue:11035.

`v3.12.1`

Compare Source

====================

Bug fixes

Fixed :class:~aiohttp.DigestAuthMiddleware to preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expecting algorithm=MD5-sess instead of algorithm=MD5-SESS)
-- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:11352.

Improved documentation

Remove outdated contents of aiohttp-devtools and aiohttp-swagger
from Web_advanced docs.
-- by :user:Cycloctane

Related issues and pull requests on GitHub:
:issue:11347.

Packaging updates and notes for downstreams

Started including the llhttp :file:LICENSE file in wheels by adding vendor/llhttp/LICENSE to license-files in :file:setup.cfg -- by :user:threexc.

Related issues and pull requests on GitHub:
:issue:11226.

Contributor-facing changes

Updated a regex in test_aiohttp_request_coroutine for Python 3.14.

Related issues and pull requests on GitHub:
:issue:11271.

`v3.12.0`

Compare Source

===================

Bug fixes

Fixed :py:attr:~aiohttp.web.WebSocketResponse.prepared property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:bdraco

Related issues and pull requests on GitHub:
:issue:6009, :issue:10988.
Response is now always True, instead of using MutableMapping behaviour (False when map is empty)

Related issues and pull requests on GitHub:
:issue:10119.
Fixed connection reuse for file-like data payloads by ensuring buffer
truncation respects content-length boundaries and preventing premature
connection closure race -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10325, :issue:10915, :issue:10941, :issue:10943.
Fixed pytest plugin to not use deprecated :py:mod:asyncio policy APIs.

Related issues and pull requests on GitHub:
:issue:10851.
Fixed :py:class:~aiohttp.resolver.AsyncResolver not using the loop argument in versions 3.x where it should still be supported -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10951.

Features

Added a comprehensive HTTP Digest Authentication client middleware (DigestAuthMiddleware)
that implements RFC 7616. The middleware supports all standard hash algorithms
(MD5, SHA, SHA-256, SHA-512) with session variants, handles both 'auth' and
'auth-int' quality of protection options, and automatically manages the
authentication flow by intercepting 401 responses and retrying with proper
credentials -- by :user:feus4177, :user:TimMenninger, and :user:bdraco.

Related issues and pull requests on GitHub:
:issue:2213, :issue:10725.
Added client middleware support -- by :user:bdraco and :user:Dreamsorcerer.

This change allows users to add middleware to the client session and requests, enabling features like
authentication, logging, and request/response modification without modifying the core
request logic. Additionally, the session attribute was added to ClientRequest,
allowing middleware to access the session for making additional requests.

Related issues and pull requests on GitHub:
:issue:9732, :issue:10902, :issue:10945, :issue:10952, :issue:10959, :issue:10968.
Allow user setting zlib compression backend -- by :user:TimMenninger

This change allows the user to call :func:aiohttp.set_zlib_backend() with the
zlib compression module of their choice. Default behavior continues to use
the builtin zlib library.

Related issues and pull requests on GitHub:
:issue:9798.
Added support for overriding the base URL with an absolute one in client sessions
-- by :user:vivodi.

Related issues and pull requests on GitHub:
:issue:10074.
Added host parameter to aiohttp_server fixture -- by :user:christianwbrock.

Related issues and pull requests on GitHub:
:issue:10120.
Detect blocking calls in coroutines using BlockBuster -- by :user:cbornet.

Related issues and pull requests on GitHub:
:issue:10433.
Added socket_factory to :py:class:aiohttp.TCPConnector to allow specifying custom socket options
-- by :user:TimMenninger.

Related issues and pull requests on GitHub:
:issue:10474, :issue:10520, :issue:10961, :issue:10962.
Started building armv7l manylinux wheels -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10797.
Implemented shared DNS resolver management to fix excessive resolver object creation
when using multiple client sessions. The new _DNSResolverManager singleton ensures
only one DNSResolver object is created for default configurations, significantly
reducing resource usage and improving performance for applications using multiple
client sessions simultaneously -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10847, :issue:10923, :issue:10946.
Upgraded to LLHTTP 9.3.0 -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub:
:issue:10972.
Optimized small HTTP requests/responses by coalescing headers and body into a single TCP packet -- by :user:bdraco.

This change enhances network efficiency by reducing the number of packets sent for small HTTP payloads, improving latency and reducing overhead. Most importantly, this fixes compatibility with memory-constrained IoT devices that can only perform a single read operation and expect HTTP requests in one packet. The optimization uses zero-copy writelines when coalescing data and works with both regular and chunked transfer encoding.

When aiohttp uses client middleware to communicate with an aiohttp server, connection reuse is more likely to occur since complete responses arrive in a single packet for small payloads.

This aligns aiohttp with other popular HTTP clients that already coalesce small requests.

Related issues and pull requests on GitHub:
:issue:10991.

Improved documentation

Improved documentation for middleware by adding warnings and examples about
request body stream consumption. The documentation now clearly explains that
request body streams can only be read once and provides best practices for
sharing parsed request data between middleware and handlers -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:2914.

Packaging updates and notes for downstreams

Removed non SPDX-license description from setup.cfg -- by :user:devanshu-ziphq.

Related issues and pull requests on GitHub:
:issue:10662.
Added support for building against system llhttp library -- by :user:mgorny.

This change adds support for :envvar:AIOHTTP_USE_SYSTEM_DEPS environment variable that
can be used to build aiohttp against the system install of the llhttp library rather
than the vendored one.

Related issues and pull requests on GitHub:
:issue:10759.
aiodns is now installed on Windows with speedups extra -- by :user:bdraco.

As of aiodns 3.3.0, SelectorEventLoop is no longer required when using pycares 4.7.0 or later.

Related issues and pull requests on GitHub:
:issue:10823.
Fixed compatibility issue with Cython 3.1.1 -- by :user:bdraco

Related issues and pull requests on GitHub:
:issue:10877.

Contributor-facing changes

Sped up tests by disabling blockbuster fixture for test_static_file_huge and test_static_file_huge_cancel tests -- by :user:dikos1337.

Related issues and pull requests on GitHub:
:issue:9705, :issue:10761.
Updated tests to avoid using deprecated :py:mod:asyncio policy APIs and
make it compatible with Python 3.14.

Related issues and pull requests on GitHub:
:issue:10851.
Added Winloop to test suite to support in the future -- by :user:Vizonex.

Related issues and pull requests on GitHub:
:issue:10922.

Miscellaneous internal changes

Added support for the partitioned attribute in the set_cookie method.

Related issues and pull requests on GitHub:
:issue:9870.
Setting :attr:aiohttp.web.StreamResponse.last_modified to an unsupported type will now raise :exc:TypeError instead of silently failing -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10146.

`v3.11.18`

Compare Source

====================

Bug fixes

Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop and newer Python versions -- by :user:lezgomatt.

Related issues and pull requests on GitHub:
:issue:7686.
Fixed reading fragmented WebSocket messages when the payload was masked -- by :user:bdraco.

The problem first appeared in 3.11.17

Related issues and pull requests on GitHub:
:issue:10764.

`v3.11.17`

Compare Source

====================

Miscellaneous internal changes

Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10713.
Improved web server performance when connection can be reused -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10714.
Improved performance of the WebSocket reader -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10740.
Improved performance of the WebSocket reader with large messages -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10744.

`v3.11.16`

Compare Source

====================

Bug fixes

Replaced deprecated asyncio.iscoroutinefunction with its counterpart from inspect
-- by :user:layday.

Related issues and pull requests on GitHub:
:issue:10634.
Fixed :class:multidict.CIMultiDict being mutated when passed to :class:aiohttp.web.Response -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10672.

`v3.11.15`

Compare Source

====================

Bug fixes

Reverted explicitly closing sockets if an exception is raised during create_connection -- by :user:bdraco.

This change originally appeared in aiohttp 3.11.13

Related issues and pull requests on GitHub:
:issue:10464, :issue:10617, :issue:10656.

Miscellaneous internal changes

Improved performance of WebSocket buffer handling -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10601.
Improved performance of serializing headers -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:10625.

aio-libs/aiosignal (aiosignal)

`v1.4.0`

Compare Source

==================

Features

Added decorator functionality to Signal as a convenient way to add a callback -- by @Vizonex.
#699 <https://github.com/aio-libs/aiosignal/pulls/699>_
Improved type safety by allowing callback parameters to be type checked (typing-extensions is now required for Python <3.13).
Parameters for a Signal callback should now be defined like Signal[int, str] -- by @Vizonex and @Dreamsorcerer.
#699 <https://github.com/aio-libs/aiosignal/pulls/699>, #710 <https://github.com/aio-libs/aiosignal/pulls/710>

Misc

Removed the sphinxcontrib-asyncio documentation dependency.
#528 <https://github.com/aio-libs/aiosignal/pull/528>_

python-attrs/attrs (attrs)

`v25.4.0`

Compare Source

Backwards-incompatible Changes

Class-level kw_only=True behavior is now consistent with dataclasses.

Previously, a class that sets kw_only=True makes all attributes keyword-only, including those from base classes.
If an attribute sets kw_only=False, that setting is ignored, and it is still made keyword-only.

Now, only the attributes defined in that class that doesn't explicitly set kw_only=False are made keyword-only.

This shouldn't be a problem for most users, unless you have a pattern like this:
```
@&#8203;attrs.define(kw_only=True)
class Base:
    a: int
    b: int = attrs.field(default=1, kw_only=False)

@&#8203;attrs.define
class Subclass(Base):
    c: int
```
Here, we have a kw_only=True attrs class (Base) with an attribute that sets kw_only=False and has a default (Base.b), and then create a subclass (Subclass) with required arguments (Subclass.c).
Previously this would work, since it would make Base.b keyword-only, but now this fails since Base.b is positional, and we have a required positional argument (Subclass.c) following another argument with defaults.
#1457

Changes

Values passed to the __init__() method of attrs classes are now correctly passed to __attrs_pre_init__() instead of their default values (in cases where kw_only was not specified).
#1427
Added support for Python 3.14 and PEP 749.
#1446,
#1451
attrs.validators.deep_mapping() now allows to leave out either key_validator xor value_validator.
#1448
attrs.validators.deep_iterator() and attrs.validators.deep_mapping() now accept lists and tuples for all validators and wrap them into a attrs.validators.and_().
#1449
Added a new experimental way to inspect classes:

attrs.inspect(cls) returns the effective class-wide parameters that were used by attrs to construct the class.

The returned class is the same data structure that attrs uses internally to decide how to construct the final class.
#1454
Fixed annotations for attrs.field(converter=...).
Previously, a tuple of converters was only accepted if it had exactly one element.
#1461
The performance of attrs.asdict() has been improved by 45–260%.
#1463
The performance of attrs.astuple() has been improved by 49–270%.
#1469
The type annotation for attrs.validators.or_() now allows for different types of validators.

This was only an issue on Pyright.
#1474

certifi/python-certifi (certifi)

python-cffi/cffi (cffi)

`v2.0.0`

Compare Source

What's Changed

Add Python 3.14 support.
Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
Drop Python <= 3.8 support.
Fix order dependency affecting nested type size calculation (#148).

Full Changelog: https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0

jawah/charset_normalizer (charset-normalizer)

`v3.4.4`

Compare Source

Changed

Bound setuptools to a specific constraint setuptools>=68,<=81.
Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

setuptools-scm as a build dependency.

Misc

Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

`v3.4.3`

Compare Source

Changed

mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
Support for Python 3.14

Fixed

sdist archive contained useless directories.
automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

SBOM are automatically published to the relevant GitHub release to comply with regulatory changes.
Each published wheel comes with its SBOM. We choose CycloneDX as the format.
Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

`v3.4.2`

Compare Source

Fixed

Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

Optional mypyc compilation upgraded to version 1.15 for Python >= 3.8

pyca/cryptography (cryptography)

`v46.0.3`

Compare Source

`v46.0.2`

Compare Source

`v46.0.1`

Compare Source

`v46.0.0`

Compare Source

`v45.0.7`

Compare Source

`v45.0.6`

Compare Source

`v45.0.5`

Compare Source

`v45.0.4`

Compare Source

`v45.0.3`

Compare Source

`v45.0.2`

Compare Source

`v45.0.1`

Compare Source

`v45.0.0`

Compare Source

`v44.0.3`

Compare Source

aio-libs/frozenlist (frozenlist)

`v1.8.0`

Compare Source

======

(2025-10-05)

Contributor-facing changes

The :file:reusable-cibuildwheel.yml workflow has been refactored to
be more generic and :file:ci-cd.yml now holds all the configuration
toggles -- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:668.
When building wheels, the source distribution is now passed directly
to the cibuildwheel invocation -- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:669.
Builds and tests have been added to
ci-cd.yml for arm64 Windows wheels -- by :user:finnagin.

Related issues and pull requests on GitHub:
:issue:677.
Started building wheels for CPython 3.14 -- by :user:kumaraditya303.

Related issues and pull requests on GitHub:
:issue:681, :issue:682.
Removed --config-settings=pure-python=false from :file:requirements/dev.txt.
Developers on CPython still get accelerated builds by default. To explicitly build
a pure Python wheel, use pip install -e . --config-settings=pure-python=true
-- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:687.

`v1.7.0`

Compare Source

======

(2025-06-09)

Features

Added deepcopy support to FrozenList -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:659.

Packaging updates and notes for downstreams

Fixed an issue where frozenlist binary wheels would be built with debugging symbols and line tracing enabled, which significantly impacted performance. Line tracing is now disabled by default and can only be enabled explicitly -- by :user:bdraco.

This change ensures that production builds are optimized for performance. Developers who need line tracing for debugging purposes can still enable it by:
1. Setting the FROZENLIST_CYTHON_TRACING environment variable
2. Using the --config-setting=with-cython-tracing=true option with pip
Related issues and pull requests on GitHub:
:issue:660.
Enabled PIP_CONSTRAINT environment variable in the build configuration to ensure the pinned Cython version from requirements/cython.txt is used during wheel builds.

Related issues and pull requests on GitHub:
:issue:661.

`v1.6.2`

Compare Source

======

(2025-06-03)

No significant changes.

`v1.6.1`

Compare Source

======

(2025-06-02)

Bug fixes

Correctly use cimport for including PyBool_FromLong -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:653.

Packaging updates and notes for downstreams

Exclude _frozenlist.cpp from bdists/wheels -- by :user:musicinmybrain.

Related issues and pull requests on GitHub:
:issue:649.
Updated to use Cython 3.1 universally across the build path -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:654.

`v1.6.0`

Compare Source

======

(2025-04-17)

Bug fixes

Stopped implicitly allowing the use of Cython pre-release versions when
building the distribution package -- by :user:ajsanchezsanz and
:user:markgreene74.

Related commits on GitHub:
:commit:41591f2.

Features

Implemented support for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:618.
Started building armv7l wheels -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:642.

Packaging updates and notes for downstreams

Stopped implicitly allowing the use of Cython pre-release versions when
building the distribution package -- by :user:ajsanchezsanz and
:user:markgreene74.

Related commits on GitHub:
:commit:41591f2.
Started building wheels for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:618.
The packaging metadata switched to including an SPDX license identifier introduced in :pep:639 -- by :user:cdce8p.

Related issues and pull requests on GitHub:
:issue:639.

Contributor-facing changes

GitHub Actions CI/CD is now configured to manage caching pip-ecosystem
dependencies using re-actors/cache-python-deps_ -- an action by
:user:webknjaz that takes into account ABI stability and the exact
version of Python runtime.

.. _re-actors/cache-python-deps:
https://github.com/marketplace/actions/cache-python-deps

Related issues and pull requests on GitHub:
:issue:633.
Organized dependencies into test and lint dependencies so that no
unnecessary ones are installed during CI runs -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:636.

kjd/idna (idna)

`v3.11`

Compare Source

aio-libs/multidict (multidict)

`v6.7.0`

Compare Source

=====

(2025-10-05)

Contributor-facing changes

Updated tests and added CI for CPython 3.14 -- by :user:kumaraditya303.

Related issues and pull requests on GitHub:
:issue:1235.

`v6.6.4`

Compare Source

=====

(2025-08-11)

Bug fixes

Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them
-- by :user:Vizonex

Related issues and pull requests on GitHub:
:issue:1233.

Contributor-facing changes

The type preciseness coverage report generated by MyPy <https://mypy-lang.org>__ is now uploaded to Coveralls <https://coveralls.io/github/aio-libs/multidict>__ and
will not be included in the Codecov views <https://app.codecov.io/gh/aio-libs/multidict>__ going forward
-- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:1122, :issue:1231.
Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims.
-- by :user:Vizonex

Related issues and pull requests on GitHub:
:issue:1233.

`v6.6.3`

Compare Source

=====

(2025-06-30)

Bug fixes

Fixed inconsistencies generated by the C implementation of _md_shrink() which might later lead to assertion failures and crash -- by :user:Romain-Geissler-1A.

Related issues and pull requests on GitHub:
:issue:1229.

`v6.6.2`

Compare Source

=====

(2025-06-28)

Bug fixes

Fixed a memory corruption issue in the C implementation of _md_shrink() that could lead to segmentation faults and data loss when items were deleted from a :class:~multidict.MultiDict. The issue was an edge case in the pointer arithmetic during the compaction phase -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1221, :issue:1222.
Fixed format string compilation errors in debug builds on 32-bit platforms by using portable %zd format specifiers for Py_ssize_t values instead of %ld -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1225, :issue:1226.

Packaging updates and notes for downstreams

Re-enabled 32-bit Linux wheel builds that were disabled by default in cibuildwheel 3.0.0 -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1225, :issue:1227.

`v6.6.1`

Compare Source

=====

(2025-06-28)

Bug fixes

If :meth:multidict.MultiDict.extend, :meth:multidict.MultiDict.merge, or :meth:multidict.MultiDict.update raises an exception, now the multidict internal state is correctly restored.
Patch by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1215.

Contributor-facing changes

Fixed setuptools deprecation warning about the license specification -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1216.
Fix compiler warnings and convert them to errors -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1217.

`v6.6.0`

Compare Source

=====

(2025-06-27)

Features

Added :meth:multidict.MultiDict.merge which copies all items from arguments if its key
not exist in the dictionary -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:292.
Stopped reallocating memory for the internal htkeys_t structure when inserting new items if the
multidict has deleted items and it could be collapsed in-place. Removal of
malloc()/free() improves the performance slightly.

The change affects C implementation only, pure Python code is not changed.

Patch by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1200.
C implementation of :class:multidict.MultiDict.getall now is slightly faster if it returns nothing -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1212.

Improved documentation

Replaced docstring for :meth:multidict.MultiDict.update to don't use RST/markdown markup.

Related issues and pull requests on GitHub:
:issue:1203.
Improved documentation for :meth:multidict.MultiDict.extend and :meth:multidict.MultiDict.update -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1205.

Contributor-facing changes

When building wheels, the source distribution is now passed directly
to the cibuildwheel invocation -- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:1199.
Set up PYTHONHASHSEED for benchmarks execution to make measured times stable -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1202.

`v6.5.1`

Compare Source

=====

(2025-06-24)

Bug fixes

Fixed a bug in C implementation when multidict is resized and it has deleted slots.

The bug was introduced by multidict 6.5.0 release.

Patch by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1195.

Contributor-facing changes

A pair of code formatters for Python and C have been configured in the pre-commit tool.

Related issues and pull requests on GitHub:
:issue:1123.
Shorted fixture parametrization ids.

For example, test_keys_view_xor[case-insensitive-pure-python-module] becomes test_keys_view_xor[ci-py] -- by :user:asvetlov.

Related issues and pull requests on GitHub:
:issue:1192.
The :file:reusable-cibuildwheel.yml workflow has been refactored to
be more generic and :file:ci-cd.yml now holds all the configuration
toggles -- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:1193.

`v6.5.0`

Compare Source

=====

(2025-06-17)

.. note::

The release was yanked because of :issue:1195, multidict 6.5.1 should be used
instead.

Features

Replace internal implementation from an array of items to hash table.
algorithmic complexity for lookups is switched from O(N) to O(1).

The hash table is very similar to :class:dict from CPython but it allows keys duplication.

The benchmark shows 25-50% boost for single lookups, x2-x3 for bulk updates, and x20 for
some multidict view operations. The gain is not for free:
:class:~multidict.MultiDict.add and :class:~multidict.MultiDict.extend are 25-50%
slower now. We consider it as acceptable because the lookup is much more common
operation that addition for the library domain.

Related issues and pull requests on GitHub:
:issue:1128.

Contributor-facing changes

Builds have been added for arm64 Windows
wheels and the reusable-build-wheel.yml
template has been modified to allow for
an os value (windows-11-arm) which
does not end with the -latest postfix.

Related issues and pull requests on GitHub:
:issue:1167.

`v6.4.4`

Compare Source

=====

(2025-05-19)

Bug fixes

Fixed a segmentation fault when calling :py:meth:multidict.MultiDict.setdefault with a single argument -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1160.
Fixed a segmentation fault when attempting to directly instantiate view objects
(multidict._ItemsView, multidict._KeysView, multidict._ValuesView) -- by :user:bdraco.

View objects now raise a proper :exc:TypeError with the message "cannot create '...' instances directly"
when direct instantiation is attempted.

View objects should only be created through the proper methods: :py:meth:multidict.MultiDict.items,
:py:meth:multidict.MultiDict.keys, and :py:meth:multidict.MultiDict.values.

Related issues and pull requests on GitHub:
:issue:1164.

Miscellaneous internal changes

:class:multidict.MultiDictProxy was refactored to rely only on
:class:multidict.MultiDict public interface and don't touch any implementation
details.

Related issues and pull requests on GitHub:
:issue:1150.
Multidict views were refactored to rely only on
:class:multidict.MultiDict API and don't touch any implementation
details.

Related issues and pull requests on GitHub:
:issue:1152.
Dropped internal _Impl class from pure Python implementation, both pure Python and C
Extension follows the same design internally now.

Related issues and pull requests on GitHub:
:issue:1153.

`v6.4.3`

Compare Source

=====

(2025-04-10)

Bug fixes

Fixed building the library in debug mode.

Related issues and pull requests on GitHub:
:issue:1144.
Fixed custom PyType_GetModuleByDef() when non-heap type object was passed.

Related issues and pull requests on GitHub:
:issue:1147.

Packaging updates and notes for downstreams

Added the ability to build in debug mode by setting :envvar:MULTIDICT_DEBUG_BUILD in the environment -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1145.

`v6.4.2`

Compare Source

=====

(2025-04-09)

Bug fixes

Fixed a segmentation fault when creating subclassed :py:class:~multidict.MultiDict objects on Python < 3.11 -- by :user:bdraco.

The problem first appeared in 6.4.0

Related issues and pull requests on GitHub:
:issue:1141.

`v6.4.1`

Compare Source

=====

(2025-04-09)

No significant changes.

`v6.4.0`

Compare Source

=====

(2025-04-09)

Bug fixes

Fixed a memory leak creating new :class:~multidict.istr objects -- by :user:bdraco.

The leak was introduced in 6.3.0

Related issues and pull requests on GitHub:
:issue:1133.
Fixed reference counting when calling :py:meth:multidict.MultiDict.update -- by :user:bdraco.

The leak was introduced in 4.4.0

Related issues and pull requests on GitHub:
:issue:1135.

Features

Switched C Extension to use heap types and the module state.

Related issues and pull requests on GitHub:
:issue:1125.
Started building armv7l wheels -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1127.

`v6.3.2`

Compare Source

=====

(2025-04-03)

Bug fixes

Resolved a memory leak by ensuring proper reference count decrementation -- by :user:asvetlov and :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1121.

`v6.3.1`

Compare Source

=====

(2025-04-01)

Bug fixes

Fixed keys not becoming case-insensitive when :class:multidict.CIMultiDict is created by passing in a :class:multidict.MultiDict -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1112.
Fixed the pure Python version mutating the original :class:multidict.MultiDict when creating a new :class:multidict.CIMultiDict from an existing one when keyword arguments are also passed -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1113.
Prevented crashing with a segfault when :func:repr is called for recursive multidicts and their proxies and views.

Related issues and pull requests on GitHub:
:issue:1115.

`v6.3.0`

Compare Source

=====

(2025-03-31)

Bug fixes

Set operations for KeysView and ItemsView of case-insensitive multidicts and their proxies are processed in case-insensitive manner.

Related issues and pull requests on GitHub:
:issue:965.
Rewrote :class:multidict.CIMultiDict and it proxy to always return
:class:multidict.istr keys. istr is derived from :class:str,
thus the change is backward compatible.

The performance boost is about 15% for some operations for C Extension,
pure Python implementation have got a visible (15% - 230%) speedup as well.

Related issues and pull requests on GitHub:
:issue:1097.
Fixed a crash when extending a multidict from multidict proxy if C Extensions were used.

Related issues and pull requests on GitHub:
:issue:1100.

Features

Implemented a custom parser for METH_FASTCALL | METH_KEYWORDS protocol
-- by :user:asvetlov.

The patch re-enables fast call protocol in the :py:mod:multidict C Extension.

Speedup is about 25%-30% for the library benchmarks for Python 3.12+.

Related issues and pull requests on GitHub:
:issue:1070.
The C-extension no longer pre-allocates a Python exception object in
lookup-related methods of :py:class:~multidict.MultiDict when the
passed-in key is not found but default value is provided.

Namely, this affects :py:meth:MultiDict.getone() <multidict.MultiDict.getone>, :py:meth:MultiDict.getall() <multidict.MultiDict.getall>, :py:meth:MultiDict.get() <multidict.MultiDict.get>, :py:meth:MultiDict.pop() <multidict.MultiDict.pop>, :py:meth:MultiDict.popone() <multidict.MultiDict.popone>, and :py:meth:MultiDict.popall() <multidict.MultiDict.popall>.

Additionally, the :py:class:~multidict.MultiDict comparison with
regular :py:class:dict\ ionaries is now about 60% faster
on Python 3.13+ in the fallback-to-default case.

Related issues and pull requests on GitHub:
:issue:1078.
Implemented __repr__() for C Extension classes in C.

The speedup is about 2.5 times.

Related issues and pull requests on GitHub:
:issue:1081.
Made C version of :class:multidict.istr pickleable.

Related issues and pull requests on GitHub:
:issue:1098.
Optimized multidict creation and extending / updating if C Extensions are used.

The speedup is between 25% and 70% depending on the usage scenario.

Related issues and pull requests on GitHub:
:issue:1101.
:meth:multidict.MultiDict.popitem is changed to remove
the latest entry instead of the first.

It gives O(1) amortized complexity.

The standard :meth:dict.popitem removes the last entry also.

Related issues and pull requests on GitHub:
:issue:1105.

Contributor-facing changes

Started running benchmarks for the pure Python implementation in addition to the C implementation -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1092.
The the project-wide Codecov_ metric is no longer reported
via GitHub Checks API. The combined value is not very useful
because one of the sources (MyPy) cannot reach 100% with the
current state of the ecosystem. We may want to reconsider in
the future. Instead, we now have two separate
“runtime coverage” metrics for library code and tests.
They are to be kept at 100% at all times.
And the “type coverage” metric will remain advisory, at a
lower threshold.

The default patch metric check is renamed to “runtime”
to better reflect its semantics. This one will also require
100% coverage.
Another “typing” patch coverage metric is now reported
alongside it. It's considered advisory, just like its
project counterpart.

When looking at Codecov_, one will likely want to look at
MyPy and pytest flags separately. It is usually best to
avoid looking at the PR pages that sometimes display
combined coverage incorrectly.

The change additionally disables the deprecated GitHub
Annotations integration in Codecov_.

Finally, the badge coloring range now starts at 100%.

.. image:: https://codecov.io/gh/aio-libs/multidict/branch/master/graph/badge.svg?flag=pytest
:target: https://codecov.io/gh/aio-libs/multidict?flags[]=pytest
:alt: Coverage metrics

-- by :user:webknjaz

Related issues and pull requests on GitHub:
:issue:1093.

Miscellaneous internal changes

Synchronized :file:pythoncapi_compat.h with the latest available version.

Related issues and pull requests on GitHub:
:issue:1063.
Moved registering ABCs for C Extension classes from C to Python.

Related issues and pull requests on GitHub:
:issue:1083.
Refactored the internal pair_list implementation.

Related issues and pull requests on GitHub:
:issue:1084.
Implemented views comparison and disjoints in C instead of Python helpers.

The performance boost is about 40%.

Related issues and pull requests on GitHub:
:issue:1096.

aio-libs/propcache (propcache)

`v0.4.1`

Compare Source

=====

(2025-10-08)

Bug fixes

Fixed reference leak caused by Py_INCREF because Cython has its own reference counter systems -- by :user:Vizonex.

Related issues and pull requests on GitHub:
:issue:162.

Contributor-facing changes

Fixes the default value for the os
parameter in reusable-build-wheel.yml
to be ubuntu-latest instead of
ubuntu.

Related issues and pull requests on GitHub:
:issue:155.

`v0.4.0`

Compare Source

=====

(2025-10-04)

Features

Optimized propcache by replacing sentinel :py:class:object for checking if
the :py:class:object is NULL and changed :py:class:dict API for
Python C-API -- by :user:Vizonex.

Related issues and pull requests on GitHub:
:issue:121.

Contributor-facing changes

Builds have been added for arm64 Windows
wheels and the reusable-build-wheel.yml
workflow has been modified to allow for
an OS value (windows-11-arm) which
does not include the -latest postfix
-- by :user:finnagin.

Related issues and pull requests on GitHub:
:issue:133.
Added CI for CPython 3.14 -- by :user:kumaraditya303.

Related issues and pull requests on GitHub:
:issue:140.

`v0.3.2`

Compare Source

=====

(2025-06-09)

Improved documentation

Fixed incorrect decorator usage in the :func:~propcache.api.under_cached_property example code -- by :user:meanmail.

Related issues and pull requests on GitHub:
:issue:109.

Packaging updates and notes for downstreams

Updated to use Cython 3.1 universally across the build path -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:117.
Made Cython line tracing opt-in via the with-cython-tracing build config setting -- by :user:bdraco.

Previously, line tracing was enabled by default in :file:pyproject.toml, which caused build issues for some users and made wheels nearly twice as slow.

Now line tracing is only enabled when explicitly requested via pip install . --config-setting=with-cython-tracing=true or by setting the PROPCACHE_CYTHON_TRACING environment variable.

Related issues and pull requests on GitHub:
:issue:118.

eliben/pycparser (pycparser)

`v2.23`

Compare Source

theskumar/python-dotenv (python-dotenv)

`v1.1.1`

Compare Source

Fixed

CLI: Ensure find_dotenv work reliably on python 3.13 by [@theskumar] in #563
CLI: revert the use of execvpe on Windows by [@wrongontheinternet] in #566

psf/requests (requests)

`v2.32.5`

Compare Source

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.
Dropped support for Python 3.8 following its end of support.

`v2.32.4`

Compare Source

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.
Dropped support for pypy 3.9 following its end of support.

python/typing_extensions (typing_extensions)

`v4.15.0`

Compare Source

No user-facing changes since 4.15.0rc1.

`v4.14.1`

Compare Source

Fix usage of typing_extensions.TypedDict nested inside other types
(e.g., typing.Type[typing_extensions.TypedDict]). This is not allowed by the
type system but worked on older versions, so we maintain support.

`v4.14.0`

Compare Source

Changes since 4.14.0rc1:

Remove __or__ and __ror__ methods from typing_extensions.Sentinel
on Python versions <3.10. PEP 604 was introduced in Python 3.10, and
typing_extensions does not generally attempt to backport PEP-604 methods
to prior versions.
Further update typing_extensions.evaluate_forward_ref with changes in Python 3.14.

`v4.13.2`

Compare Source

Fix TypeError when taking the union of typing_extensions.TypeAliasType and a
typing.TypeAliasType on Python 3.12 and 3.13.
Patch by Joren Hammudoglu.
Backport from CPython PR #132160
to avoid having user arguments shadowed in generated __new__ by
@typing_extensions.deprecated.
Patch by Victorien Plot.

`v4.13.1`

Compare Source

Bugfixes:

Fix regression in 4.13.0 on Python 3.10.2 causing a TypeError when using Concatenate.
Patch by Daraan.
Fix TypeError when using evaluate_forward_ref on Python 3.10.1-2 and 3.9.8-10.
Patch by Daraan.

urllib3/urllib3 (urllib3)

`v2.5.0`

Compare Source

==================

Features

Added support for the compression.zstd module that is new in Python 3.14.
See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. (#3610 <https://github.com/urllib3/urllib3/issues/3610>__)
Added support for version 0.5 of hatch-vcs (#3612 <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

Fixed a security issue where restricting the maximum number of followed
redirects at the urllib3.PoolManager level via the retries parameter
did not work.
Made the Node.js runtime respect redirect parameters such as retries
and redirects.
Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581 <https://github.com/urllib3/urllib3/issues/3581>__)
Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615 <https://github.com/urllib3/urllib3/issues/3615>__)

`v2.4.0`

Compare Source

==================

Features

Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522 <https://github.com/urllib3/urllib3/issues/3522>__)
Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567 <https://github.com/urllib3/urllib3/issues/3567>__)
Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571 <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

Fixed a bug with partial reads of streaming data in Emscripten. (#3555 <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

Switched to uv for installing development dependecies. (#3550 <https://github.com/urllib3/urllib3/issues/3550>__)
Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566 <https://github.com/urllib3/urllib3/issues/3566>__)

GrahamDumpleton/wrapt (wrapt)

`v1.17.3`: wrapt-1.17.3

Compare Source

See the project page on the Python Package Index at https://pypi.org/project/wrapt/1.17.3/ for more information.

aio-libs/yarl (yarl)

`v1.22.0`

Compare Source

======

(2025-10-05)

Features

Added arm64 Windows wheel builds
-- by :user:finnagin.

Related issues and pull requests on GitHub:
:issue:1516.

`v1.21.0`

======

(2025-10-05)

Contributor-facing changes

The :file:reusable-cibuildwheel.yml workflow has been refactored to
be more generic and :file:ci-cd.yml now holds all the configuration
toggles -- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:1535.
When building wheels, the source distribution is now passed directly
to the cibuildwheel invocation -- by :user:webknjaz.

Related issues and pull requests on GitHub:
:issue:1536.
Added CI for Python 3.14 -- by :user:kumaraditya303.

Related issues and pull requests on GitHub:
:issue:1560.

`v1.20.1`

======

(2025-06-09)

Bug fixes

Started raising a :exc:ValueError exception raised for corrupted
IPv6 URL values.

These fixes the issue where exception :exc:IndexError was
leaking from the internal code because of not being handled and
transformed into a user-facing error. The problem was happening
under the following conditions: empty IPv6 URL, brackets in
reverse order.

-- by :user:MaelPic.

Related issues and pull requests on GitHub:
:issue:1512.

Packaging updates and notes for downstreams

Updated to use Cython 3.1 universally across the build path -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:1514.
Made Cython line tracing opt-in via the with-cython-tracing build config setting -- by :user:bdraco.

Previously, line tracing was enabled by default in :file:pyproject.toml, which caused build issues for some users and made wheels nearly twice as slow.
Now line tracing is only enabled when explicitly requested via pip install . --config-setting=with-cython-tracing=true or by setting the YARL_CYTHON_TRACING environment variable.

Related issues and pull requests on GitHub:
:issue:1521.

`v1.20.0`

Compare Source

======

(2025-04-16)

Features

Implemented support for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:1456.

Packaging updates and notes for downstreams

Started building wheels for the free-threaded build of CPython 3.13 -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:1456.

`v1.19.0`

Compare Source

======

(2025-04-05)

Bug fixes

Fixed entire name being re-encoded when using :py:meth:yarl.URL.with_suffix -- by :user:NTFSvolume.

Related issues and pull requests on GitHub:
:issue:1468.

Features

Started building armv7l wheels for manylinux -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1495.

Contributor-facing changes

GitHub Actions CI/CD is now configured to manage caching pip-ecosystem
dependencies using re-actors/cache-python-deps_ -- an action by
:user:webknjaz that takes into account ABI stability and the exact
version of Python runtime.

.. _re-actors/cache-python-deps:
https://github.com/marketplace/actions/cache-python-deps

Related issues and pull requests on GitHub:
:issue:1471.
Increased minimum propcache_ version to 0.2.1 to fix failing tests -- by :user:bdraco.

.. _propcache:
https://github.com/aio-libs/propcache

Related issues and pull requests on GitHub:
:issue:1479.
Added all hidden folders to pytest's norecursedirs to prevent it
from trying to collect tests there -- by :user:lysnikolaou.

Related issues and pull requests on GitHub:
:issue:1480.

Miscellaneous internal changes

Improved accuracy of type annotations -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub:
:issue:1484.
Improved performance of parsing query strings -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1493, :issue:1497.
Improved performance of the C unquoter -- by :user:bdraco.

Related issues and pull requests on GitHub:
:issue:1496, :issue:1498.

Configuration

📅 Schedule: Branch creation - "after 9am on monday" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [PyGithub](https://github.com/pygithub/pygithub) | `==2.6.1` -> `==2.8.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pygithub/2.8.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pygithub/2.6.1/2.8.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [PyNaCl](https://github.com/pyca/pynacl) | `==1.5.0` -> `==1.6.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pynacl/1.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pynacl/1.5.0/1.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [aiohttp](https://github.com/aio-libs/aiohttp) | `==3.11.14` -> `==3.13.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/aiohttp/3.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/aiohttp/3.11.14/3.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [aiosignal](https://github.com/aio-libs/aiosignal) | `==1.3.2` -> `==1.4.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/aiosignal/1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/aiosignal/1.3.2/1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [attrs](https://github.com/python-attrs/attrs) ([changelog](https://www.attrs.org/en/stable/changelog.html)) | `==25.3.0` -> `==25.4.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/attrs/25.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/attrs/25.3.0/25.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [certifi](https://github.com/certifi/python-certifi) | `==2025.1.31` -> `==2025.10.5` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/certifi/2025.10.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/certifi/2025.1.31/2025.10.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [cffi](https://github.com/python-cffi/cffi) ([changelog](https://cffi.readthedocs.io/en/latest/whatsnew.html)) | `==1.17.1` -> `==2.0.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/cffi/2.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/cffi/1.17.1/2.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [charset-normalizer](https://github.com/jawah/charset_normalizer) ([changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)) | `==3.4.1` -> `==3.4.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/charset-normalizer/3.4.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/charset-normalizer/3.4.1/3.4.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [cryptography](https://github.com/pyca/cryptography) ([changelog](https://cryptography.io/en/latest/changelog/)) | `==44.0.2` -> `==46.0.3` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/cryptography/46.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/cryptography/44.0.2/46.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | discord.py | `==2.5.2` -> `==2.6.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/discord-py/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/discord-py/2.5.2/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [frozenlist](https://github.com/aio-libs/frozenlist) | `==1.5.0` -> `==1.8.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/frozenlist/1.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/frozenlist/1.5.0/1.8.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [idna](https://github.com/kjd/idna) ([changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)) | `==3.10` -> `==3.11` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/idna/3.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/idna/3.10/3.11?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [multidict](https://github.com/aio-libs/multidict) | `==6.2.0` -> `==6.7.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/multidict/6.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/multidict/6.2.0/6.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [propcache](https://github.com/aio-libs/propcache) | `==0.3.1` -> `==0.4.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/propcache/0.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/propcache/0.3.1/0.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [pycparser](https://github.com/eliben/pycparser) | `==2.22` -> `==2.23` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pycparser/2.23?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pycparser/2.22/2.23?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `==1.1.0` -> `==1.1.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/python-dotenv/1.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/python-dotenv/1.1.0/1.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [requests](https://requests.readthedocs.io) ([source](https://github.com/psf/requests), [changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | `==2.32.3` -> `==2.32.5` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.32.3/2.32.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [typing_extensions](https://github.com/python/typing_extensions) ([changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)) | `==4.13.0` -> `==4.15.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/typing-extensions/4.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/typing-extensions/4.13.0/4.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [urllib3](https://github.com/urllib3/urllib3) ([changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==2.3.0` -> `==2.5.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/urllib3/2.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/urllib3/2.3.0/2.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [wrapt](https://github.com/GrahamDumpleton/wrapt) ([changelog](https://wrapt.readthedocs.io/en/latest/changes.html)) | `==1.17.2` -> `==1.17.3` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/wrapt/1.17.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/wrapt/1.17.2/1.17.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [yarl](https://github.com/aio-libs/yarl) | `==1.18.3` -> `==1.22.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/yarl/1.22.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/yarl/1.18.3/1.22.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pygithub/pygithub (PyGithub)</summary> ### [`v2.8.1`](https://github.com/PyGithub/PyGithub/releases/tag/v2.8.1) [Compare Source](https://github.com/pygithub/pygithub/compare/v2.8.0...v2.8.1) #### What's Changed ##### Bug Fixes - Use default type if known type is not supported by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3365](https://github.com/PyGithub/PyGithub/pull/3365) **Full Changelog**: <https://github.com/PyGithub/PyGithub/compare/v2.8.0...v2.8.1> ### [`v2.8.0`](https://github.com/PyGithub/PyGithub/releases/tag/v2.8.0) [Compare Source](https://github.com/pygithub/pygithub/compare/v2.7.0...v2.8.0) #### What's Changed ##### New Features - Add self hosted runner management to Organization by [@billnapier](https://github.com/billnapier) in [PyGithub/PyGithub#3203](https://github.com/PyGithub/PyGithub/pull/3203) - Add support to generate release notes by [@mball-agathos](https://github.com/mball-agathos) in [PyGithub/PyGithub#3022](https://github.com/PyGithub/PyGithub/pull/3022) ##### Improvements - Fix connection pooling to improve connection performance by [@chriskuehl](https://github.com/chriskuehl) in [PyGithub/PyGithub#3289](https://github.com/PyGithub/PyGithub/pull/3289) - Add `Repository.get_automated_security_fixes` method by [@zstyblik](https://github.com/zstyblik) in [PyGithub/PyGithub#3303](https://github.com/PyGithub/PyGithub/pull/3303) - Sync `Issue` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3338](https://github.com/PyGithub/PyGithub/pull/3338) - Return more union classes like `NamedUser | Organization | Enterprise` by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3224](https://github.com/PyGithub/PyGithub/pull/3224) - Sync `Enterprise` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3342](https://github.com/PyGithub/PyGithub/pull/3342) - Sync `GitReleaseAsset` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3343](https://github.com/PyGithub/PyGithub/pull/3343) - Sync many class with OpenAPI spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3344](https://github.com/PyGithub/PyGithub/pull/3344) - Point deprecation warnings to the caller code rather than inner class by [@xmo-odoo](https://github.com/xmo-odoo) in [PyGithub/PyGithub#3275](https://github.com/PyGithub/PyGithub/pull/3275) - Allow for repo strings in all `Team` repo methods by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3356](https://github.com/PyGithub/PyGithub/pull/3356) ##### Bug Fixes - Fix API path of `Repository.get_git_ref` by [@csalerno-asml](https://github.com/csalerno-asml) in [PyGithub/PyGithub#2992](https://github.com/PyGithub/PyGithub/pull/2992) - Rework redirection URL allowance check by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3329](https://github.com/PyGithub/PyGithub/pull/3329) - Fix `GitRelease.name`, deprecate `GitRelease.title` by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3346](https://github.com/PyGithub/PyGithub/pull/3346) - Remove `"COMMENT"` as the default event for `create_review` by [@eddie-santos](https://github.com/eddie-santos) in [PyGithub/PyGithub#3078](https://github.com/PyGithub/PyGithub/pull/3078) - Add support for public release assets by [@aolieman](https://github.com/aolieman) in [PyGithub/PyGithub#3339](https://github.com/PyGithub/PyGithub/pull/3339) - Fix GitHub breaking API change of `maintainers` in `Organization.create_team` by [@interifter](https://github.com/interifter) in [PyGithub/PyGithub#3291](https://github.com/PyGithub/PyGithub/pull/3291) ##### Maintenance - Minor fix to release.yml by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3201](https://github.com/PyGithub/PyGithub/pull/3201) - Reduce test replay data by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3243](https://github.com/PyGithub/PyGithub/pull/3243) - Add check to OpenAPI script to check doc-string verbs by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3332](https://github.com/PyGithub/PyGithub/pull/3332) - Improve apply OpenAPI schemas by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3333](https://github.com/PyGithub/PyGithub/pull/3333) - Add config to OpenAPI script to ignore schemas by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3334](https://github.com/PyGithub/PyGithub/pull/3334) - Add suggest and create method feature to OpenAPI script by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3318](https://github.com/PyGithub/PyGithub/pull/3318) - Fix CI OpenApi apply command by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3341](https://github.com/PyGithub/PyGithub/pull/3341) - Improve OpenAPI scripts by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3340](https://github.com/PyGithub/PyGithub/pull/3340) - Improve OpenAPI CI by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3347](https://github.com/PyGithub/PyGithub/pull/3347) - Rework test framework by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3271](https://github.com/PyGithub/PyGithub/pull/3271) - Some minor fixes to OpenAPI scripts by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3350](https://github.com/PyGithub/PyGithub/pull/3350) - Add manual workflow to fix auto-fixable issues by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3351](https://github.com/PyGithub/PyGithub/pull/3351) - Bump actions/download-artifact from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [PyGithub/PyGithub#3330](https://github.com/PyGithub/PyGithub/pull/3330) - Use default per-page const in `PaginatedList` by [@sam93210](https://github.com/sam93210) in [PyGithub/PyGithub#3039](https://github.com/PyGithub/PyGithub/pull/3039) - Bump actions/setup-python from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [PyGithub/PyGithub#3283](https://github.com/PyGithub/PyGithub/pull/3283) - Bump actions/checkout from 3 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [PyGithub/PyGithub#3348](https://github.com/PyGithub/PyGithub/pull/3348) - Various minor OpenAPI scripts fixes by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3353](https://github.com/PyGithub/PyGithub/pull/3353) - Add union class support to OpenAPI script by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3354](https://github.com/PyGithub/PyGithub/pull/3354) - Add `github_actions` label to Maintenance section by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3357](https://github.com/PyGithub/PyGithub/pull/3357) - Upgrade docformatter pre-commit hook by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3359](https://github.com/PyGithub/PyGithub/pull/3359) - Add warning about Checks API in doc-strings by [@atodorov](https://github.com/atodorov) in [PyGithub/PyGithub#3229](https://github.com/PyGithub/PyGithub/pull/3229) - Update docs on development by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3352](https://github.com/PyGithub/PyGithub/pull/3352) #### New Contributors - [@chriskuehl](https://github.com/chriskuehl) made their first contribution in [PyGithub/PyGithub#3289](https://github.com/PyGithub/PyGithub/pull/3289) - [@zstyblik](https://github.com/zstyblik) made their first contribution in [PyGithub/PyGithub#3303](https://github.com/PyGithub/PyGithub/pull/3303) - [@csalerno-asml](https://github.com/csalerno-asml) made their first contribution in [PyGithub/PyGithub#2992](https://github.com/PyGithub/PyGithub/pull/2992) - [@eddie-santos](https://github.com/eddie-santos) made their first contribution in [PyGithub/PyGithub#3078](https://github.com/PyGithub/PyGithub/pull/3078) - [@aolieman](https://github.com/aolieman) made their first contribution in [PyGithub/PyGithub#3339](https://github.com/PyGithub/PyGithub/pull/3339) - [@sam93210](https://github.com/sam93210) made their first contribution in [PyGithub/PyGithub#3039](https://github.com/PyGithub/PyGithub/pull/3039) - [@mball-agathos](https://github.com/mball-agathos) made their first contribution in [PyGithub/PyGithub#3022](https://github.com/PyGithub/PyGithub/pull/3022) - [@atodorov](https://github.com/atodorov) made their first contribution in [PyGithub/PyGithub#3229](https://github.com/PyGithub/PyGithub/pull/3229) - [@interifter](https://github.com/interifter) made their first contribution in [PyGithub/PyGithub#3291](https://github.com/PyGithub/PyGithub/pull/3291) **Full Changelog**: <https://github.com/PyGithub/PyGithub/compare/v2.7.0...v2.8.0> ### [`v2.7.0`](https://github.com/PyGithub/PyGithub/releases/tag/v2.7.0) [Compare Source](https://github.com/pygithub/pygithub/compare/v2.6.1...v2.7.0) #### What's Changed ##### Breaking Changes - Method `Github.get_rate_limit()` now returns `RateLimitOverview` rather than `RateLimit` ([PyGithub/PyGithub#3205](https://github.com/PyGithub/PyGithub/pull/3205)). Code like ```python gh.get_rate_limit().core.remaining ``` should be replaced with ```python gh.get_rate_limit().resources.core.remaining ``` - Method `GitTag.verification` now returns `GitCommitVerification` rather than `dict[str, Any]` ([PyGithub/PyGithub#3226](https://github.com/PyGithub/PyGithub/pull/3226)). Code like ```python tag.verification["reason"] tag.verification.get("reason") ``` should be replaced with ```python tag.verification.reason ``` ##### New Features - Add getting list of self-hosted runners of organization by [@climbfuji](https://github.com/climbfuji) in [PyGithub/PyGithub#3190](https://github.com/PyGithub/PyGithub/pull/3190) - Apply OpenAPI spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3317](https://github.com/PyGithub/PyGithub/pull/3317) - Add support for Sub-Issues by [@e7217](https://github.com/e7217) in [PyGithub/PyGithub#3258](https://github.com/PyGithub/PyGithub/pull/3258) ##### Improvements - Refactor search results into separate classes by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3204](https://github.com/PyGithub/PyGithub/pull/3204) - Add `OrganizationInvitation` by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3207](https://github.com/PyGithub/PyGithub/pull/3207) - Add and apply missing schemas by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3209](https://github.com/PyGithub/PyGithub/pull/3209) - Sync `RepositoryAdvisory` tests with OpenAPI spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3215](https://github.com/PyGithub/PyGithub/pull/3215) - Sync `ProjectColumn` and `ProjectCard` tests with OpenAPI spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3216](https://github.com/PyGithub/PyGithub/pull/3216) - Sync `CopilotSeat` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3232](https://github.com/PyGithub/PyGithub/pull/3232) - Sync `HookDeliverySummary` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3233](https://github.com/PyGithub/PyGithub/pull/3233) - Sync `RequiredPullRequestReviews` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3234](https://github.com/PyGithub/PyGithub/pull/3234) - Sync `RequiredStatusChecks` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3236](https://github.com/PyGithub/PyGithub/pull/3236) - Sync `Team` class with API spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3237](https://github.com/PyGithub/PyGithub/pull/3237) - Replace `deprecated.deprecated()` with `typing_extensions.deprecated()` by [@lazka](https://github.com/lazka) in [PyGithub/PyGithub#3255](https://github.com/PyGithub/PyGithub/pull/3255) - fix(CodeScanAlert): add missing attributes by [@ReenigneArcher](https://github.com/ReenigneArcher) in [PyGithub/PyGithub#3274](https://github.com/PyGithub/PyGithub/pull/3274) - Allow SHAs when creating PR comments by [@tuchfarber](https://github.com/tuchfarber) in [PyGithub/PyGithub#3248](https://github.com/PyGithub/PyGithub/pull/3248) - Get collaborator role name by [@jmgate](https://github.com/jmgate) in [PyGithub/PyGithub#3295](https://github.com/PyGithub/PyGithub/pull/3295) - Adding `prevent_self_review` property to `Repository.createEnvironment` by [@gopidesupavan](https://github.com/gopidesupavan) in [PyGithub/PyGithub#3246](https://github.com/PyGithub/PyGithub/pull/3246) - Add `PullRequest.get_issue_timeline` method by [@kukarkinmm](https://github.com/kukarkinmm) in [PyGithub/PyGithub#3259](https://github.com/PyGithub/PyGithub/pull/3259) - Support built-in `reversed()` on `PaginatedList` by [@mfocko](https://github.com/mfocko) in [PyGithub/PyGithub#3260](https://github.com/PyGithub/PyGithub/pull/3260) - Relax 404 condition in `Requester` exception handling by [@jsmolar](https://github.com/jsmolar) in [PyGithub/PyGithub#3299](https://github.com/PyGithub/PyGithub/pull/3299) - Add `delete_self_hosted_runner` to `Organization` by [@uncleDecart](https://github.com/uncleDecart) in [PyGithub/PyGithub#3306](https://github.com/PyGithub/PyGithub/pull/3306) ##### Bug Fixes - Fix broken pickle support for `Auth` classes by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3211](https://github.com/PyGithub/PyGithub/pull/3211) - Remove schema from `Deployment`, remove `message` attribute by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3223](https://github.com/PyGithub/PyGithub/pull/3223) - Fix incorrect deprecated import by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3225](https://github.com/PyGithub/PyGithub/pull/3225) - Add `CodeSecurityConfigRepository` returned by `get_repos_for_code_security_config` by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3219](https://github.com/PyGithub/PyGithub/pull/3219) - Fix `Branch.get_required_status_checks` return type by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3235](https://github.com/PyGithub/PyGithub/pull/3235) - Adds `multi_select` and `true_false` options to `CustomProperty.value_type` by [@gfog-floqast](https://github.com/gfog-floqast) in [PyGithub/PyGithub#3173](https://github.com/PyGithub/PyGithub/pull/3173) - Fix url encoding of strings with slashes in URLs by [@OscarVanL](https://github.com/OscarVanL) in [PyGithub/PyGithub#3263](https://github.com/PyGithub/PyGithub/pull/3263) - Fix side-effect when removing Authorization key from headers by [@alecglen](https://github.com/alecglen) in [PyGithub/PyGithub#3313](https://github.com/PyGithub/PyGithub/pull/3313) - Make `TimingData.run_duration_ms` optional by [@LifeLex](https://github.com/LifeLex) in [PyGithub/PyGithub#3268](https://github.com/PyGithub/PyGithub/pull/3268) - Normalize App ID to String & Enhance JWT Issuer Verification by [@x612skm](https://github.com/x612skm) in [PyGithub/PyGithub#3272](https://github.com/PyGithub/PyGithub/pull/3272) ##### Dependencies - Bump actions/checkout from 3 to 4 by [@dependabot](https://github.com/dependabot)\[bot] in [PyGithub/PyGithub#2754](https://github.com/PyGithub/PyGithub/pull/2754) ##### Maintenance - Mention removal of `AppAuth.private_key` in changelog by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3212](https://github.com/PyGithub/PyGithub/pull/3212) - Remove wrong schema from Repository by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3220](https://github.com/PyGithub/PyGithub/pull/3220) - Rename `HookDeliveryRequest` and `…Response` private headers fields by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3221](https://github.com/PyGithub/PyGithub/pull/3221) - Sort classes' functions by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3231](https://github.com/PyGithub/PyGithub/pull/3231) - Move all Python files to future annotations by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3241](https://github.com/PyGithub/PyGithub/pull/3241) - Fix return type of `PaginatedList[int]` by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3240](https://github.com/PyGithub/PyGithub/pull/3240) - Sync with OpenAPI spec by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3244](https://github.com/PyGithub/PyGithub/pull/3244) - Make token auth default in tests by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3242](https://github.com/PyGithub/PyGithub/pull/3242) - Add `Organization.get_repos_for_code_security_config` test by [@billnapier](https://github.com/billnapier) in [PyGithub/PyGithub#3239](https://github.com/PyGithub/PyGithub/pull/3239) - Add Python 3.13 to CI by [@lazka](https://github.com/lazka) in [PyGithub/PyGithub#3253](https://github.com/PyGithub/PyGithub/pull/3253) - Enhance PyGithub webhook documentation by [@ssganesh035](https://github.com/ssganesh035) in [PyGithub/PyGithub#3267](https://github.com/PyGithub/PyGithub/pull/3267) - Create codeql.yml by [@JLLeitschuh](https://github.com/JLLeitschuh) in [PyGithub/PyGithub#3277](https://github.com/PyGithub/PyGithub/pull/3277) - Add schema to `TimingData` by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3206](https://github.com/PyGithub/PyGithub/pull/3206) - Remove error schemas from classes by [@EnricoMi](https://github.com/EnricoMi) in [PyGithub/PyGithub#3202](https://github.com/PyGithub/PyGithub/pull/3202) #### New Contributors - [@ssganesh035](https://github.com/ssganesh035) made their first contribution in [PyGithub/PyGithub#3267](https://github.com/PyGithub/PyGithub/pull/3267) - [@ReenigneArcher](https://github.com/ReenigneArcher) made their first contribution in [PyGithub/PyGithub#3274](https://github.com/PyGithub/PyGithub/pull/3274) - [@climbfuji](https://github.com/climbfuji) made their first contribution in [PyGithub/PyGithub#3190](https://github.com/PyGithub/PyGithub/pull/3190) - [@tuchfarber](https://github.com/tuchfarber) made their first contribution in [PyGithub/PyGithub#3248](https://github.com/PyGithub/PyGithub/pull/3248) - [@jmgate](https://github.com/jmgate) made their first contribution in [PyGithub/PyGithub#3295](https://github.com/PyGithub/PyGithub/pull/3295) - [@gopidesupavan](https://github.com/gopidesupavan) made their first contribution in [PyGithub/PyGithub#3246](https://github.com/PyGithub/PyGithub/pull/3246) - [@kukarkinmm](https://github.com/kukarkinmm) made their first contribution in [PyGithub/PyGithub#3259](https://github.com/PyGithub/PyGithub/pull/3259) - [@mfocko](https://github.com/mfocko) made their first contribution in [PyGithub/PyGithub#3260](https://github.com/PyGithub/PyGithub/pull/3260) - [@gfog-floqast](https://github.com/gfog-floqast) made their first contribution in [PyGithub/PyGithub#3173](https://github.com/PyGithub/PyGithub/pull/3173) - [@jsmolar](https://github.com/jsmolar) made their first contribution in [PyGithub/PyGithub#3299](https://github.com/PyGithub/PyGithub/pull/3299) - [@OscarVanL](https://github.com/OscarVanL) made their first contribution in [PyGithub/PyGithub#3263](https://github.com/PyGithub/PyGithub/pull/3263) - [@alecglen](https://github.com/alecglen) made their first contribution in [PyGithub/PyGithub#3313](https://github.com/PyGithub/PyGithub/pull/3313) - [@LifeLex](https://github.com/LifeLex) made their first contribution in [PyGithub/PyGithub#3268](https://github.com/PyGithub/PyGithub/pull/3268) - [@e7217](https://github.com/e7217) made their first contribution in [PyGithub/PyGithub#3258](https://github.com/PyGithub/PyGithub/pull/3258) - [@x612skm](https://github.com/x612skm) made their first contribution in [PyGithub/PyGithub#3272](https://github.com/PyGithub/PyGithub/pull/3272) - [@uncleDecart](https://github.com/uncleDecart) made their first contribution in [PyGithub/PyGithub#3306](https://github.com/PyGithub/PyGithub/pull/3306) **Full Changelog**: <https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.7.0> </details> <details> <summary>pyca/pynacl (PyNaCl)</summary> ### [`v1.6.0`](https://github.com/pyca/pynacl/blob/HEAD/CHANGELOG.rst#160-2025-09-11) [Compare Source](https://github.com/pyca/pynacl/compare/1.5.0...1.6.0) - **BACKWARDS INCOMPATIBLE:** Removed support for Python 3.6 and 3.7. - Added support for the low level AEAD AES bindings. - Added support for `crypto_core_ed25519_from_uniform`. - Update `libsodium` to 1.0.20-stable (2025-08-27 build). - Added support for free-threaded Python 3.14. - Added support for Windows on ARM wheels. </details> <details> <summary>aio-libs/aiohttp (aiohttp)</summary> ### [`v3.13.1`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3131-2025-10-17) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.13.0...v3.13.1) \=================== ## Features - Make configuration options in `AppRunner` also available in `run_app()` \-- by :user:`Cycloctane`. *Related issues and pull requests on GitHub:* :issue:`11633`. ## Bug fixes - Switched to `backports.zstd` for Python <3.14 and fixed zstd decompression for chunked zstd streams -- by :user:`ZhaoMJ`. Note: Users who installed `zstandard` for support on Python <3.14 will now need to install `backports.zstd` instead (installing `aiohttp[speedups]` will do this automatically). *Related issues and pull requests on GitHub:* :issue:`11623`. - Updated `Content-Type` header parsing to return `application/octet-stream` when header contains invalid syntax. See :rfc:`9110#section-8.3-5`. \-- by :user:`sgaist`. *Related issues and pull requests on GitHub:* :issue:`10889`. - Fixed Python 3.14 support when built without `zstd` support -- by :user:`JacobHenner`. *Related issues and pull requests on GitHub:* :issue:`11603`. - Fixed blocking I/O in the event loop when using netrc authentication by moving netrc file lookup to an executor -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11634`. - Fixed routing to a sub-application added via `.add_domain()` not working if the same path exists on the parent app. -- by :user:`Dreamsorcerer`. *Related issues and pull requests on GitHub:* :issue:`11673`. ## Packaging updates and notes for downstreams - Moved core packaging metadata from :file:`setup.cfg` to :file:`pyproject.toml` per :pep:`621` \-- by :user:`cdce8p`. *Related issues and pull requests on GitHub:* :issue:`9951`. *** ### [`v3.13.0`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3130-2025-10-06) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.15...v3.13.0) \=================== ## Features - Added support for Python 3.14. *Related issues and pull requests on GitHub:* :issue:`10851`, :issue:`10872`. - Added support for free-threading in Python 3.14+ -- by :user:`kumaraditya303`. *Related issues and pull requests on GitHub:* :issue:`11466`, :issue:`11464`. - Added support for Zstandard (aka Zstd) compression \-- by :user:`KGuillaume-chaps`. *Related issues and pull requests on GitHub:* :issue:`11161`. - Added `StreamReader.total_raw_bytes` to check the number of bytes downloaded \-- by :user:`robpats`. *Related issues and pull requests on GitHub:* :issue:`11483`. ## Bug fixes - Fixed pytest plugin to not use deprecated :py:mod:`asyncio` policy APIs. *Related issues and pull requests on GitHub:* :issue:`10851`. - Updated `Content-Disposition` header parsing to handle trailing semicolons and empty parts \-- by :user:`PLPeeters`. *Related issues and pull requests on GitHub:* :issue:`11243`. - Fixed saved `CookieJar` failing to be loaded if cookies have `partitioned` flag when `http.cookie` does not have partitioned cookies supports. -- by :user:`Cycloctane`. *Related issues and pull requests on GitHub:* :issue:`11523`. ## Improved documentation - Added `Wireup` to third-party libraries -- by :user:`maldoinc`. *Related issues and pull requests on GitHub:* :issue:`11233`. ## Packaging updates and notes for downstreams - The `blockbuster` test dependency is now optional; the corresponding test fixture is disabled when it is unavailable \-- by :user:`musicinybrain`. *Related issues and pull requests on GitHub:* :issue:`11363`. - Added `riscv64` build to releases -- by :user:`eshattow`. *Related issues and pull requests on GitHub:* :issue:`11425`. ## Contributor-facing changes - Fixed `test_send_compress_text` failing when alternative zlib implementation is used. (`zlib-ng` in python 3.14 windows build) -- by :user:`Cycloctane`. *Related issues and pull requests on GitHub:* :issue:`11546`. *** ### [`v3.12.15`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31215-2025-07-28) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.14...v3.12.15) \==================== ## Bug fixes - Fixed :class:`~aiohttp.DigestAuthMiddleware` to preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expecting `algorithm=MD5-sess` instead of `algorithm=MD5-SESS`) \-- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11352`. ## Improved documentation - Remove outdated contents of `aiohttp-devtools` and `aiohttp-swagger` from Web\_advanced docs. \-- by :user:`Cycloctane` *Related issues and pull requests on GitHub:* :issue:`11347`. ## Packaging updates and notes for downstreams - Started including the `llhttp` :file:`LICENSE` file in wheels by adding `vendor/llhttp/LICENSE` to `license-files` in :file:`setup.cfg` -- by :user:`threexc`. *Related issues and pull requests on GitHub:* :issue:`11226`. ## Contributor-facing changes - Updated a regex in `test_aiohttp_request_coroutine` for Python 3.14. *Related issues and pull requests on GitHub:* :issue:`11271`. *** ### [`v3.12.14`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31214-2025-07-10) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.13...v3.12.14) \==================== ## Bug fixes - Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:`9110#section-15.4.3-3.1` -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11270`. - Fixed :py:meth:`ClientSession.close() <aiohttp.ClientSession.close>` hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11273`. - Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:`Dreamsorcerer`. *Related issues and pull requests on GitHub:* :issue:`11280`. ## Features - Added initial trailer parsing logic to Python HTTP parser -- by :user:`Dreamsorcerer`. *Related issues and pull requests on GitHub:* :issue:`11269`. ## Improved documentation - Clarified exceptions raised by `WebSocketResponse.send_frame` et al. \-- by :user:`DoctorJohn`. *Related issues and pull requests on GitHub:* :issue:`11234`. *** ### [`v3.12.13`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31213-2025-06-14) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.12...v3.12.13) \==================== ## Bug fixes - Fixed auto-created :py:class:`~aiohttp.TCPConnector` not using the session's event loop when :py:class:`~aiohttp.ClientSession` is created without an explicit connector -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11147`. *** ### [`v3.12.12`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31212-2025-06-09) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.11...v3.12.12) \==================== ## Bug fixes - Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g., `\012` for newline) by vendoring the correct `_unquote` implementation from Python's `http.cookies` module -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11173`. - Fixed `Cookie` header parsing to treat attribute names as regular cookies per :rfc:`6265#section-5.4` -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11178`. *** ### [`v3.12.11`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31211-2025-06-07) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.10...v3.12.11) \==================== ## Features - Improved SSL connection handling by changing the default `ssl_shutdown_timeout` from `0.1` to `0` seconds. SSL connections now use Python's default graceful shutdown during normal operation but are aborted immediately when the connector is closed, providing optimal behavior for both cases. Also added support for `ssl_shutdown_timeout=0` on all Python versions. Previously, this value was rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on Python < 3.11 now trigger a `RuntimeWarning` -- by :user:`bdraco`. The `ssl_shutdown_timeout` parameter is now deprecated and will be removed in aiohttp 4.0 as there is no clear use case for changing the default. *Related issues and pull requests on GitHub:* :issue:`11148`. ## Deprecations (removal in next major release) - Improved SSL connection handling by changing the default `ssl_shutdown_timeout` from `0.1` to `0` seconds. SSL connections now use Python's default graceful shutdown during normal operation but are aborted immediately when the connector is closed, providing optimal behavior for both cases. Also added support for `ssl_shutdown_timeout=0` on all Python versions. Previously, this value was rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on Python < 3.11 now trigger a `RuntimeWarning` -- by :user:`bdraco`. The `ssl_shutdown_timeout` parameter is now deprecated and will be removed in aiohttp 4.0 as there is no clear use case for changing the default. *Related issues and pull requests on GitHub:* :issue:`11148`. *** ### [`v3.12.10`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31210-2025-06-07) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.9...v3.12.10) \==================== ## Bug fixes - Fixed leak of `aiodns.DNSResolver` when :py:class:`~aiohttp.TCPConnector` is closed and no resolver was passed when creating the connector -- by :user:`Tasssadar`. This was a regression introduced in version 3.12.0 (:pr:`10897`). *Related issues and pull requests on GitHub:* :issue:`11150`. *** ### [`v3.12.9`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3129-2025-06-04) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.8...v3.12.9) \=================== ## Bug fixes - Fixed `IOBasePayload` and `TextIOPayload` reading entire files into memory when streaming large files -- by :user:`bdraco`. When using file-like objects with the aiohttp client, the entire file would be read into memory if the file size was provided in the `Content-Length` header. This could cause out-of-memory errors when uploading large files. The payload classes now correctly read data in chunks of `READ_SIZE` (64KB) regardless of the total content length. *Related issues and pull requests on GitHub:* :issue:`11138`. *** ### [`v3.12.8`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3128-2025-06-04) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.7...v3.12.8) \=================== ## Features - Added preemptive digest authentication to :class:`~aiohttp.DigestAuthMiddleware` -- by :user:`bdraco`. The middleware now reuses authentication credentials for subsequent requests to the same protection space, improving efficiency by avoiding extra authentication round trips. This behavior matches how web browsers handle digest authentication and follows :rfc:`7616#section-3.6`. Preemptive authentication is enabled by default but can be disabled by passing `preemptive=False` to the middleware constructor. *Related issues and pull requests on GitHub:* :issue:`11128`, :issue:`11129`. *** ### [`v3.12.7`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3127-2025-06-02) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.6...v3.12.7) \=================== .. warning:: This release fixes an issue where the `quote_cookie` parameter was not being properly respected for shared cookies (domain="", path=""). If your server does not handle quoted cookies correctly, you may need to disable cookie quoting by setting `quote_cookie=False` when creating your :class:`~aiohttp.ClientSession` or :class:`~aiohttp.CookieJar`. See :ref:`aiohttp-client-cookie-quoting-routine` for details. ## Bug fixes - Fixed cookie parsing to be more lenient when handling cookies with special characters in names or values. Cookies with characters like `{`, `}`, and `/` in names are now accepted instead of causing a :exc:`~http.cookies.CookieError` and 500 errors. Additionally, cookies with mismatched quotes in values are now parsed correctly, and quoted cookie values are now handled consistently whether or not they include special attributes like `Domain`. Also fixed :class:`~aiohttp.CookieJar` to ensure shared cookies (domain="", path="") respect the `quote_cookie` parameter, making cookie quoting behavior consistent for all cookies -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`2683`, :issue:`5397`, :issue:`7993`, :issue:`11112`. - Fixed an issue where cookies with duplicate names but different domains or paths were lost when updating the cookie jar. The :class:`~aiohttp.ClientSession` cookie jar now correctly stores all cookies even if they have the same name but different domain or path, following the :rfc:`6265#section-5.3` storage model -- by :user:`bdraco`. Note that :attr:`ClientResponse.cookies <aiohttp.ClientResponse.cookies>` returns a :class:`~http.cookies.SimpleCookie` which uses the cookie name as a key, so only the last cookie with each name is accessible via this interface. All cookies can be accessed via :meth:`ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall>` if needed. *Related issues and pull requests on GitHub:* :issue:`4486`, :issue:`11105`, :issue:`11106`. ## Miscellaneous internal changes - Avoided creating closed futures in `ResponseHandler` that will never be awaited -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11107`. - Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11114`. *** ### [`v3.12.6`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3126-2025-05-31) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.4...v3.12.6) \=================== ## Bug fixes - Fixed spurious "Future exception was never retrieved" warnings for connection lost errors when the connector is not closed -- by :user:`bdraco`. When connections are lost, the exception is now marked as retrieved since it is always propagated through other means, preventing unnecessary warnings in logs. *Related issues and pull requests on GitHub:* :issue:`11100`. *** ### [`v3.12.4`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3124-2025-05-28) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.3...v3.12.4) \=================== ## Bug fixes - Fixed connector not waiting for connections to close before returning from :meth:`~aiohttp.BaseConnector.close` (partial backport of :pr:`3733`) -- by :user:`atemate` and :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1925`, :issue:`11074`. *** ### [`v3.12.3`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3123-2025-05-28) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.2...v3.12.3) \=================== ## Bug fixes - Fixed memory leak in :py:meth:`~aiohttp.CookieJar.filter_cookies` that caused unbounded memory growth when making requests to different URL paths -- by :user:`bdraco` and :user:`Cycloctane`. *Related issues and pull requests on GitHub:* :issue:`11052`, :issue:`11054`. *** ### [`v3.12.2`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3122-2025-05-26) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.1...v3.12.2) \=================== ## Bug fixes - Fixed `Content-Length` header not being set to `0` for non-GET requests with `None` body -- by :user:`bdraco`. Non-GET requests (`POST`, `PUT`, `PATCH`, `DELETE`) with `None` as the body now correctly set the `Content-Length` header to `0`, matching the behavior of requests with empty bytes (`b""`). This regression was introduced in aiohttp 3.12.1. *Related issues and pull requests on GitHub:* :issue:`11035`. *** ### [`v3.12.1`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31215-2025-07-28) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.12.0...v3.12.1) \==================== ## Bug fixes - Fixed :class:`~aiohttp.DigestAuthMiddleware` to preserve the algorithm case from the server's challenge in the authorization response. This improves compatibility with servers that perform case-sensitive algorithm matching (e.g., servers expecting `algorithm=MD5-sess` instead of `algorithm=MD5-SESS`) \-- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`11352`. ## Improved documentation - Remove outdated contents of `aiohttp-devtools` and `aiohttp-swagger` from Web\_advanced docs. \-- by :user:`Cycloctane` *Related issues and pull requests on GitHub:* :issue:`11347`. ## Packaging updates and notes for downstreams - Started including the `llhttp` :file:`LICENSE` file in wheels by adding `vendor/llhttp/LICENSE` to `license-files` in :file:`setup.cfg` -- by :user:`threexc`. *Related issues and pull requests on GitHub:* :issue:`11226`. ## Contributor-facing changes - Updated a regex in `test_aiohttp_request_coroutine` for Python 3.14. *Related issues and pull requests on GitHub:* :issue:`11271`. *** ### [`v3.12.0`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#3120-2025-05-24) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.11.18...v3.12.0) \=================== ## Bug fixes - Fixed :py:attr:`~aiohttp.web.WebSocketResponse.prepared` property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:`bdraco` *Related issues and pull requests on GitHub:* :issue:`6009`, :issue:`10988`. - Response is now always True, instead of using MutableMapping behaviour (False when map is empty) *Related issues and pull requests on GitHub:* :issue:`10119`. - Fixed connection reuse for file-like data payloads by ensuring buffer truncation respects content-length boundaries and preventing premature connection closure race -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10325`, :issue:`10915`, :issue:`10941`, :issue:`10943`. - Fixed pytest plugin to not use deprecated :py:mod:`asyncio` policy APIs. *Related issues and pull requests on GitHub:* :issue:`10851`. - Fixed :py:class:`~aiohttp.resolver.AsyncResolver` not using the `loop` argument in versions 3.x where it should still be supported -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10951`. ## Features - Added a comprehensive HTTP Digest Authentication client middleware (DigestAuthMiddleware) that implements RFC 7616. The middleware supports all standard hash algorithms (MD5, SHA, SHA-256, SHA-512) with session variants, handles both 'auth' and 'auth-int' quality of protection options, and automatically manages the authentication flow by intercepting 401 responses and retrying with proper credentials -- by :user:`feus4177`, :user:`TimMenninger`, and :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`2213`, :issue:`10725`. - Added client middleware support -- by :user:`bdraco` and :user:`Dreamsorcerer`. This change allows users to add middleware to the client session and requests, enabling features like authentication, logging, and request/response modification without modifying the core request logic. Additionally, the `session` attribute was added to `ClientRequest`, allowing middleware to access the session for making additional requests. *Related issues and pull requests on GitHub:* :issue:`9732`, :issue:`10902`, :issue:`10945`, :issue:`10952`, :issue:`10959`, :issue:`10968`. - Allow user setting zlib compression backend -- by :user:`TimMenninger` This change allows the user to call :func:`aiohttp.set_zlib_backend()` with the zlib compression module of their choice. Default behavior continues to use the builtin `zlib` library. *Related issues and pull requests on GitHub:* :issue:`9798`. - Added support for overriding the base URL with an absolute one in client sessions \-- by :user:`vivodi`. *Related issues and pull requests on GitHub:* :issue:`10074`. - Added `host` parameter to `aiohttp_server` fixture -- by :user:`christianwbrock`. *Related issues and pull requests on GitHub:* :issue:`10120`. - Detect blocking calls in coroutines using BlockBuster -- by :user:`cbornet`. *Related issues and pull requests on GitHub:* :issue:`10433`. - Added `socket_factory` to :py:class:`aiohttp.TCPConnector` to allow specifying custom socket options \-- by :user:`TimMenninger`. *Related issues and pull requests on GitHub:* :issue:`10474`, :issue:`10520`, :issue:`10961`, :issue:`10962`. - Started building armv7l manylinux wheels -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10797`. - Implemented shared DNS resolver management to fix excessive resolver object creation when using multiple client sessions. The new `_DNSResolverManager` singleton ensures only one `DNSResolver` object is created for default configurations, significantly reducing resource usage and improving performance for applications using multiple client sessions simultaneously -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10847`, :issue:`10923`, :issue:`10946`. - Upgraded to LLHTTP 9.3.0 -- by :user:`Dreamsorcerer`. *Related issues and pull requests on GitHub:* :issue:`10972`. - Optimized small HTTP requests/responses by coalescing headers and body into a single TCP packet -- by :user:`bdraco`. This change enhances network efficiency by reducing the number of packets sent for small HTTP payloads, improving latency and reducing overhead. Most importantly, this fixes compatibility with memory-constrained IoT devices that can only perform a single read operation and expect HTTP requests in one packet. The optimization uses zero-copy `writelines` when coalescing data and works with both regular and chunked transfer encoding. When `aiohttp` uses client middleware to communicate with an `aiohttp` server, connection reuse is more likely to occur since complete responses arrive in a single packet for small payloads. This aligns `aiohttp` with other popular HTTP clients that already coalesce small requests. *Related issues and pull requests on GitHub:* :issue:`10991`. ## Improved documentation - Improved documentation for middleware by adding warnings and examples about request body stream consumption. The documentation now clearly explains that request body streams can only be read once and provides best practices for sharing parsed request data between middleware and handlers -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`2914`. ## Packaging updates and notes for downstreams - Removed non SPDX-license description from `setup.cfg` -- by :user:`devanshu-ziphq`. *Related issues and pull requests on GitHub:* :issue:`10662`. - Added support for building against system `llhttp` library -- by :user:`mgorny`. This change adds support for :envvar:`AIOHTTP_USE_SYSTEM_DEPS` environment variable that can be used to build aiohttp against the system install of the `llhttp` library rather than the vendored one. *Related issues and pull requests on GitHub:* :issue:`10759`. - `aiodns` is now installed on Windows with speedups extra -- by :user:`bdraco`. As of `aiodns` 3.3.0, `SelectorEventLoop` is no longer required when using `pycares` 4.7.0 or later. *Related issues and pull requests on GitHub:* :issue:`10823`. - Fixed compatibility issue with Cython 3.1.1 -- by :user:`bdraco` *Related issues and pull requests on GitHub:* :issue:`10877`. ## Contributor-facing changes - Sped up tests by disabling `blockbuster` fixture for `test_static_file_huge` and `test_static_file_huge_cancel` tests -- by :user:`dikos1337`. *Related issues and pull requests on GitHub:* :issue:`9705`, :issue:`10761`. - Updated tests to avoid using deprecated :py:mod:`asyncio` policy APIs and make it compatible with Python 3.14. *Related issues and pull requests on GitHub:* :issue:`10851`. - Added Winloop to test suite to support in the future -- by :user:`Vizonex`. *Related issues and pull requests on GitHub:* :issue:`10922`. ## Miscellaneous internal changes - Added support for the `partitioned` attribute in the `set_cookie` method. *Related issues and pull requests on GitHub:* :issue:`9870`. - Setting :attr:`aiohttp.web.StreamResponse.last_modified` to an unsupported type will now raise :exc:`TypeError` instead of silently failing -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10146`. *** ### [`v3.11.18`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31118-2025-04-20) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.11.17...v3.11.18) \==================== ## Bug fixes - Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop and newer Python versions -- by :user:`lezgomatt`. *Related issues and pull requests on GitHub:* :issue:`7686`. - Fixed reading fragmented WebSocket messages when the payload was masked -- by :user:`bdraco`. The problem first appeared in 3.11.17 *Related issues and pull requests on GitHub:* :issue:`10764`. *** ### [`v3.11.17`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31117-2025-04-19) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.11.16...v3.11.17) \==================== ## Miscellaneous internal changes - Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10713`. - Improved web server performance when connection can be reused -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10714`. - Improved performance of the WebSocket reader -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10740`. - Improved performance of the WebSocket reader with large messages -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10744`. *** ### [`v3.11.16`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31116-2025-04-01) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.11.15...v3.11.16) \==================== ## Bug fixes - Replaced deprecated `asyncio.iscoroutinefunction` with its counterpart from `inspect` \-- by :user:`layday`. *Related issues and pull requests on GitHub:* :issue:`10634`. - Fixed :class:`multidict.CIMultiDict` being mutated when passed to :class:`aiohttp.web.Response` -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10672`. *** ### [`v3.11.15`](https://github.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#31115-2025-03-31) [Compare Source](https://github.com/aio-libs/aiohttp/compare/v3.11.14...v3.11.15) \==================== ## Bug fixes - Reverted explicitly closing sockets if an exception is raised during `create_connection` -- by :user:`bdraco`. This change originally appeared in aiohttp 3.11.13 *Related issues and pull requests on GitHub:* :issue:`10464`, :issue:`10617`, :issue:`10656`. ## Miscellaneous internal changes - Improved performance of WebSocket buffer handling -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10601`. - Improved performance of serializing headers -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`10625`. *** </details> <details> <summary>aio-libs/aiosignal (aiosignal)</summary> ### [`v1.4.0`](https://github.com/aio-libs/aiosignal/blob/HEAD/CHANGES.rst#140-2025-07-03) [Compare Source](https://github.com/aio-libs/aiosignal/compare/v1.3.2...v1.4.0) \================== ## Features - Added decorator functionality to `Signal` as a convenient way to add a callback -- by `@Vizonex`. `#699 <https://github.com/aio-libs/aiosignal/pulls/699>`\_ - Improved type safety by allowing callback parameters to be type checked (typing-extensions is now required for Python <3.13). Parameters for a `Signal` callback should now be defined like `Signal[int, str]` -- by [@Vizonex](https://github.com/Vizonex) and [@Dreamsorcerer](https://github.com/Dreamsorcerer). `#699 <https://github.com/aio-libs/aiosignal/pulls/699>`*, `#710 <https://github.com/aio-libs/aiosignal/pulls/710>`* ## Misc - Removed the sphinxcontrib-asyncio documentation dependency. `#528 <https://github.com/aio-libs/aiosignal/pull/528>`\_ *** </details> <details> <summary>python-attrs/attrs (attrs)</summary> ### [`v25.4.0`](https://github.com/python-attrs/attrs/blob/HEAD/CHANGELOG.md#2540---2025-10-06) [Compare Source](https://github.com/python-attrs/attrs/compare/25.3.0...25.4.0) ##### Backwards-incompatible Changes - Class-level `kw_only=True` behavior is now consistent with `dataclasses`. Previously, a class that sets `kw_only=True` makes all attributes keyword-only, including those from base classes. If an attribute sets `kw_only=False`, that setting is ignored, and it is still made keyword-only. Now, only the attributes defined in that class that doesn't explicitly set `kw_only=False` are made keyword-only. This shouldn't be a problem for most users, unless you have a pattern like this: ```python @attrs.define(kw_only=True) class Base: a: int b: int = attrs.field(default=1, kw_only=False) @attrs.define class Subclass(Base): c: int ``` Here, we have a `kw_only=True` *attrs* class (`Base`) with an attribute that sets `kw_only=False` and has a default (`Base.b`), and then create a subclass (`Subclass`) with required arguments (`Subclass.c`). Previously this would work, since it would make `Base.b` keyword-only, but now this fails since `Base.b` is positional, and we have a required positional argument (`Subclass.c`) following another argument with defaults. [#1457](https://github.com/python-attrs/attrs/issues/1457) ##### Changes - Values passed to the `__init__()` method of `attrs` classes are now correctly passed to `__attrs_pre_init__()` instead of their default values (in cases where *kw\_only* was not specified). [#1427](https://github.com/python-attrs/attrs/issues/1427) - Added support for Python 3.14 and [PEP 749](https://peps.python.org/pep-0749/). [#1446](https://github.com/python-attrs/attrs/issues/1446), [#1451](https://github.com/python-attrs/attrs/issues/1451) - `attrs.validators.deep_mapping()` now allows to leave out either *key\_validator* xor *value\_validator*. [#1448](https://github.com/python-attrs/attrs/issues/1448) - `attrs.validators.deep_iterator()` and `attrs.validators.deep_mapping()` now accept lists and tuples for all validators and wrap them into a `attrs.validators.and_()`. [#1449](https://github.com/python-attrs/attrs/issues/1449) - Added a new **experimental** way to inspect classes: `attrs.inspect(cls)` returns the *effective* class-wide parameters that were used by *attrs* to construct the class. The returned class is the same data structure that *attrs* uses internally to decide how to construct the final class. [#1454](https://github.com/python-attrs/attrs/issues/1454) - Fixed annotations for `attrs.field(converter=...)`. Previously, a `tuple` of converters was only accepted if it had exactly one element. [#1461](https://github.com/python-attrs/attrs/issues/1461) - The performance of `attrs.asdict()` has been improved by 45–260%. [#1463](https://github.com/python-attrs/attrs/issues/1463) - The performance of `attrs.astuple()` has been improved by 49–270%. [#1469](https://github.com/python-attrs/attrs/issues/1469) - The type annotation for `attrs.validators.or_()` now allows for different types of validators. This was only an issue on Pyright. [#1474](https://github.com/python-attrs/attrs/issues/1474) </details> <details> <summary>certifi/python-certifi (certifi)</summary> ### [`v2025.10.5`](https://github.com/certifi/python-certifi/compare/2025.08.03...2025.10.05) [Compare Source](https://github.com/certifi/python-certifi/compare/2025.08.03...2025.10.05) ### [`v2025.8.3`](https://github.com/certifi/python-certifi/compare/2025.07.14...2025.08.03) [Compare Source](https://github.com/certifi/python-certifi/compare/2025.07.14...2025.08.03) ### [`v2025.7.14`](https://github.com/certifi/python-certifi/compare/2025.07.09...2025.07.14) [Compare Source](https://github.com/certifi/python-certifi/compare/2025.07.09...2025.07.14) ### [`v2025.7.9`](https://github.com/certifi/python-certifi/compare/2025.06.15...2025.07.09) [Compare Source](https://github.com/certifi/python-certifi/compare/2025.06.15...2025.07.09) ### [`v2025.6.15`](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.06.15) [Compare Source](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.06.15) ### [`v2025.4.26`](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26) [Compare Source](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26) </details> <details> <summary>python-cffi/cffi (cffi)</summary> ### [`v2.0.0`](https://github.com/python-cffi/cffi/releases/tag/v2.0.0) [Compare Source](https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0) #### What's Changed - Add Python 3.14 support. - Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted! - Drop Python <= 3.8 support. - Fix order dependency affecting nested type size calculation ([#148](https://github.com/python-cffi/cffi/issues/148)). **Full Changelog**: <https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0> </details> <details> <summary>jawah/charset_normalizer (charset-normalizer)</summary> ### [`v3.4.4`](https://github.com/jawah/charset_normalizer/blob/HEAD/CHANGELOG.md#344-2025-10-13) [Compare Source](https://github.com/jawah/charset_normalizer/compare/3.4.3...3.4.4) ##### Changed - Bound `setuptools` to a specific constraint `setuptools>=68,<=81`. - Raised upper bound of mypyc for the optional pre-built extension to v1.18.2 ##### Removed - `setuptools-scm` as a build dependency. ##### Misc - Enforced hashes in `dev-requirements.txt` and created `ci-requirements.txt` for security purposes. - Additional pre-built wheels for riscv64, s390x, and armv7l architectures. - Restore ` multiple.intoto.jsonl` in GitHub releases in addition to individual attestation file per wheel. ### [`v3.4.3`](https://github.com/jawah/charset_normalizer/blob/HEAD/CHANGELOG.md#343-2025-08-09) [Compare Source](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3) ##### Changed - mypy(c) is no longer a required dependency at build time if `CHARSET_NORMALIZER_USE_MYPYC` isn't set to `1`. ([#595](https://github.com/jawah/charset_normalizer/issues/595)) ([#583](https://github.com/jawah/charset_normalizer/issues/583)) - automatically lower confidence on small bytes samples that are not Unicode in `detect` output legacy function. ([#391](https://github.com/jawah/charset_normalizer/issues/391)) ##### Added - Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase. - Support for Python 3.14 ##### Fixed - sdist archive contained useless directories. - automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. ([#633](https://github.com/jawah/charset_normalizer/issues/633)) ##### Misc - SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format. - Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel. ### [`v3.4.2`](https://github.com/jawah/charset_normalizer/blob/HEAD/CHANGELOG.md#342-2025-05-02) [Compare Source](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2) ##### Fixed - Addressed the DeprecationWarning in our CLI regarding `argparse.FileType` by backporting the target class into the package. ([#591](https://github.com/jawah/charset_normalizer/issues/591)) - Improved the overall reliability of the detector with CJK Ideographs. ([#605](https://github.com/jawah/charset_normalizer/issues/605)) ([#587](https://github.com/jawah/charset_normalizer/issues/587)) ##### Changed - Optional mypyc compilation upgraded to version 1.15 for Python >= 3.8 </details> <details> <summary>pyca/cryptography (cryptography)</summary> ### [`v46.0.3`](https://github.com/pyca/cryptography/compare/46.0.2...46.0.3) [Compare Source](https://github.com/pyca/cryptography/compare/46.0.2...46.0.3) ### [`v46.0.2`](https://github.com/pyca/cryptography/compare/46.0.1...46.0.2) [Compare Source](https://github.com/pyca/cryptography/compare/46.0.1...46.0.2) ### [`v46.0.1`](https://github.com/pyca/cryptography/compare/46.0.0...46.0.1) [Compare Source](https://github.com/pyca/cryptography/compare/46.0.0...46.0.1) ### [`v46.0.0`](https://github.com/pyca/cryptography/compare/45.0.7...46.0.0) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.7...46.0.0) ### [`v45.0.7`](https://github.com/pyca/cryptography/compare/45.0.6...45.0.7) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.6...45.0.7) ### [`v45.0.6`](https://github.com/pyca/cryptography/compare/45.0.5...45.0.6) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.5...45.0.6) ### [`v45.0.5`](https://github.com/pyca/cryptography/compare/45.0.4...45.0.5) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.4...45.0.5) ### [`v45.0.4`](https://github.com/pyca/cryptography/compare/45.0.3...45.0.4) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.3...45.0.4) ### [`v45.0.3`](https://github.com/pyca/cryptography/compare/45.0.2...45.0.3) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.2...45.0.3) ### [`v45.0.2`](https://github.com/pyca/cryptography/compare/45.0.1...45.0.2) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.1...45.0.2) ### [`v45.0.1`](https://github.com/pyca/cryptography/compare/45.0.0...45.0.1) [Compare Source](https://github.com/pyca/cryptography/compare/45.0.0...45.0.1) ### [`v45.0.0`](https://github.com/pyca/cryptography/compare/44.0.3...45.0.0) [Compare Source](https://github.com/pyca/cryptography/compare/44.0.3...45.0.0) ### [`v44.0.3`](https://github.com/pyca/cryptography/compare/44.0.2...44.0.3) [Compare Source](https://github.com/pyca/cryptography/compare/44.0.2...44.0.3) </details> <details> <summary>aio-libs/frozenlist (frozenlist)</summary> ### [`v1.8.0`](https://github.com/aio-libs/frozenlist/blob/HEAD/CHANGES.rst#v180) [Compare Source](https://github.com/aio-libs/frozenlist/compare/v1.7.0...v1.8.0) \====== *(2025-10-05)* ## Contributor-facing changes - The :file:`reusable-cibuildwheel.yml` workflow has been refactored to be more generic and :file:`ci-cd.yml` now holds all the configuration toggles -- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`668`. - When building wheels, the source distribution is now passed directly to the `cibuildwheel` invocation -- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`669`. - Builds and tests have been added to `ci-cd.yml` for arm64 Windows wheels -- by :user:`finnagin`. *Related issues and pull requests on GitHub:* :issue:`677`. - Started building wheels for CPython 3.14 -- by :user:`kumaraditya303`. *Related issues and pull requests on GitHub:* :issue:`681`, :issue:`682`. - Removed `--config-settings=pure-python=false` from :file:`requirements/dev.txt`. Developers on CPython still get accelerated builds by default. To explicitly build a pure Python wheel, use `pip install -e . --config-settings=pure-python=true` \-- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`687`. *** ### [`v1.7.0`](https://github.com/aio-libs/frozenlist/blob/HEAD/CHANGES.rst#v170) [Compare Source](https://github.com/aio-libs/frozenlist/compare/v1.6.2...v1.7.0) \====== *(2025-06-09)* ## Features - Added deepcopy support to FrozenList -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`659`. ## Packaging updates and notes for downstreams - Fixed an issue where `frozenlist` binary wheels would be built with debugging symbols and line tracing enabled, which significantly impacted performance. Line tracing is now disabled by default and can only be enabled explicitly -- by :user:`bdraco`. This change ensures that production builds are optimized for performance. Developers who need line tracing for debugging purposes can still enable it by: 1. Setting the `FROZENLIST_CYTHON_TRACING` environment variable 2. Using the `--config-setting=with-cython-tracing=true` option with pip *Related issues and pull requests on GitHub:* :issue:`660`. - Enabled `PIP_CONSTRAINT` environment variable in the build configuration to ensure the pinned Cython version from `requirements/cython.txt` is used during wheel builds. *Related issues and pull requests on GitHub:* :issue:`661`. *** ### [`v1.6.2`](https://github.com/aio-libs/frozenlist/blob/HEAD/CHANGES.rst#v162) [Compare Source](https://github.com/aio-libs/frozenlist/compare/v1.6.1...v1.6.2) \====== *(2025-06-03)* No significant changes. *** ### [`v1.6.1`](https://github.com/aio-libs/frozenlist/blob/HEAD/CHANGES.rst#v161) [Compare Source](https://github.com/aio-libs/frozenlist/compare/v1.6.0...v1.6.1) \====== *(2025-06-02)* ## Bug fixes - Correctly use `cimport` for including `PyBool_FromLong` -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`653`. ## Packaging updates and notes for downstreams - Exclude `_frozenlist.cpp` from bdists/wheels -- by :user:`musicinmybrain`. *Related issues and pull requests on GitHub:* :issue:`649`. - Updated to use Cython 3.1 universally across the build path -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`654`. *** ### [`v1.6.0`](https://github.com/aio-libs/frozenlist/blob/HEAD/CHANGES.rst#v160) [Compare Source](https://github.com/aio-libs/frozenlist/compare/v1.5.0...v1.6.0) \====== *(2025-04-17)* ## Bug fixes - Stopped implicitly allowing the use of Cython pre-release versions when building the distribution package -- by :user:`ajsanchezsanz` and :user:`markgreene74`. *Related commits on GitHub:* :commit:`41591f2`. ## Features - Implemented support for the free-threaded build of CPython 3.13 -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`618`. - Started building armv7l wheels -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`642`. ## Packaging updates and notes for downstreams - Stopped implicitly allowing the use of Cython pre-release versions when building the distribution package -- by :user:`ajsanchezsanz` and :user:`markgreene74`. *Related commits on GitHub:* :commit:`41591f2`. - Started building wheels for the free-threaded build of CPython 3.13 -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`618`. - The packaging metadata switched to including an SPDX license identifier introduced in :pep:`639` -- by :user:`cdce8p`. *Related issues and pull requests on GitHub:* :issue:`639`. ## Contributor-facing changes - GitHub Actions CI/CD is now configured to manage caching pip-ecosystem dependencies using `re-actors/cache-python-deps`\_ -- an action by :user:`webknjaz` that takes into account ABI stability and the exact version of Python runtime. .. \_`re-actors/cache-python-deps`: <https://github.com/marketplace/actions/cache-python-deps> *Related issues and pull requests on GitHub:* :issue:`633`. - Organized dependencies into test and lint dependencies so that no unnecessary ones are installed during CI runs -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`636`. *** </details> <details> <summary>kjd/idna (idna)</summary> ### [`v3.11`](https://github.com/kjd/idna/compare/v3.10...v3.11) [Compare Source](https://github.com/kjd/idna/compare/v3.10...v3.11) </details> <details> <summary>aio-libs/multidict (multidict)</summary> ### [`v6.7.0`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#670) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.6.4...v6.7.0) \===== *(2025-10-05)* ## Contributor-facing changes - Updated tests and added CI for CPython 3.14 -- by :user:`kumaraditya303`. *Related issues and pull requests on GitHub:* :issue:`1235`. *** ### [`v6.6.4`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#664) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.6.3...v6.6.4) \===== *(2025-08-11)* ## Bug fixes - Fixed `MutliDict` & `CIMultiDict` memory leak when deleting values or clearing them \-- by :user:`Vizonex` *Related issues and pull requests on GitHub:* :issue:`1233`. ## Contributor-facing changes - The type preciseness coverage report generated by `MyPy <https://mypy-lang.org>`\_\_ is now uploaded to `Coveralls <https://coveralls.io/github/aio-libs/multidict>`\_\_ and will not be included in the `Codecov views <https://app.codecov.io/gh/aio-libs/multidict>`\_\_ going forward \-- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`1122`, :issue:`1231`. - Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims. \-- by :user:`Vizonex` *Related issues and pull requests on GitHub:* :issue:`1233`. *** ### [`v6.6.3`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#663) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.6.2...v6.6.3) \===== *(2025-06-30)* ## Bug fixes - Fixed inconsistencies generated by the C implementation of `_md_shrink()` which might later lead to assertion failures and crash -- by :user:`Romain-Geissler-1A`. *Related issues and pull requests on GitHub:* :issue:`1229`. *** ### [`v6.6.2`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#662) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.6.1...v6.6.2) \===== *(2025-06-28)* ## Bug fixes - Fixed a memory corruption issue in the C implementation of `_md_shrink()` that could lead to segmentation faults and data loss when items were deleted from a :class:`~multidict.MultiDict`. The issue was an edge case in the pointer arithmetic during the compaction phase -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1221`, :issue:`1222`. - Fixed format string compilation errors in debug builds on 32-bit platforms by using portable `%zd` format specifiers for `Py_ssize_t` values instead of `%ld` -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1225`, :issue:`1226`. ## Packaging updates and notes for downstreams - Re-enabled 32-bit Linux wheel builds that were disabled by default in cibuildwheel 3.0.0 -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1225`, :issue:`1227`. *** ### [`v6.6.1`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#661) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.6.0...v6.6.1) \===== *(2025-06-28)* ## Bug fixes - If :meth:`multidict.MultiDict.extend`, :meth:`multidict.MultiDict.merge`, or :meth:`multidict.MultiDict.update` raises an exception, now the multidict internal state is correctly restored. Patch by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1215`. ## Contributor-facing changes - Fixed `setuptools` deprecation warning about the license specification -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1216`. - Fix compiler warnings and convert them to errors -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1217`. *** ### [`v6.6.0`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#660) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.5.1...v6.6.0) \===== *(2025-06-27)* ## Features - Added :meth:`multidict.MultiDict.merge` which copies all items from arguments if its key not exist in the dictionary -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`292`. - Stopped reallocating memory for the internal `htkeys_t` structure when inserting new items if the multidict has deleted items and it could be collapsed in-place. Removal of `malloc()`/`free()` improves the performance slightly. The change affects C implementation only, pure Python code is not changed. Patch by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1200`. - C implementation of :class:`multidict.MultiDict.getall` now is slightly faster if it returns nothing -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1212`. ## Improved documentation - Replaced docstring for :meth:`multidict.MultiDict.update` to don't use RST/markdown markup. *Related issues and pull requests on GitHub:* :issue:`1203`. - Improved documentation for :meth:`multidict.MultiDict.extend` and :meth:`multidict.MultiDict.update` -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1205`. ## Contributor-facing changes - When building wheels, the source distribution is now passed directly to the `cibuildwheel` invocation -- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`1199`. - Set up `PYTHONHASHSEED` for benchmarks execution to make measured times stable -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1202`. *** ### [`v6.5.1`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#651) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.5.0...v6.5.1) \===== *(2025-06-24)* ## Bug fixes - Fixed a bug in C implementation when multidict is resized and it has deleted slots. The bug was introduced by multidict 6.5.0 release. Patch by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1195`. ## Contributor-facing changes - A pair of code formatters for Python and C have been configured in the pre-commit tool. *Related issues and pull requests on GitHub:* :issue:`1123`. - Shorted fixture parametrization ids. For example, `test_keys_view_xor[case-insensitive-pure-python-module]` becomes `test_keys_view_xor[ci-py]` -- by :user:`asvetlov`. *Related issues and pull requests on GitHub:* :issue:`1192`. - The :file:`reusable-cibuildwheel.yml` workflow has been refactored to be more generic and :file:`ci-cd.yml` now holds all the configuration toggles -- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`1193`. *** ### [`v6.5.0`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#650) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.4.4...v6.5.0) \===== *(2025-06-17)* .. note:: The release was yanked because of :issue:`1195`, multidict 6.5.1 should be used instead. ## Features - Replace internal implementation from an array of items to hash table. algorithmic complexity for lookups is switched from O(N) to O(1). The hash table is very similar to :class:`dict` from CPython but it allows keys duplication. The benchmark shows 25-50% boost for single lookups, x2-x3 for bulk updates, and x20 for some multidict view operations. The gain is not for free: :class:`~multidict.MultiDict.add` and :class:`~multidict.MultiDict.extend` are 25-50% slower now. We consider it as acceptable because the lookup is much more common operation that addition for the library domain. *Related issues and pull requests on GitHub:* :issue:`1128`. ## Contributor-facing changes - Builds have been added for arm64 Windows wheels and the `reusable-build-wheel.yml` template has been modified to allow for an os value (`windows-11-arm`) which does not end with the `-latest` postfix. *Related issues and pull requests on GitHub:* :issue:`1167`. *** ### [`v6.4.4`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#644) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.4.3...v6.4.4) \===== *(2025-05-19)* ## Bug fixes - Fixed a segmentation fault when calling :py:meth:`multidict.MultiDict.setdefault` with a single argument -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1160`. - Fixed a segmentation fault when attempting to directly instantiate view objects (`multidict._ItemsView`, `multidict._KeysView`, `multidict._ValuesView`) -- by :user:`bdraco`. View objects now raise a proper :exc:`TypeError` with the message "cannot create '...' instances directly" when direct instantiation is attempted. View objects should only be created through the proper methods: :py:meth:`multidict.MultiDict.items`, :py:meth:`multidict.MultiDict.keys`, and :py:meth:`multidict.MultiDict.values`. *Related issues and pull requests on GitHub:* :issue:`1164`. ## Miscellaneous internal changes - :class:`multidict.MultiDictProxy` was refactored to rely only on :class:`multidict.MultiDict` public interface and don't touch any implementation details. *Related issues and pull requests on GitHub:* :issue:`1150`. - Multidict views were refactored to rely only on :class:`multidict.MultiDict` API and don't touch any implementation details. *Related issues and pull requests on GitHub:* :issue:`1152`. - Dropped internal `_Impl` class from pure Python implementation, both pure Python and C Extension follows the same design internally now. *Related issues and pull requests on GitHub:* :issue:`1153`. *** ### [`v6.4.3`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#643) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.4.2...v6.4.3) \===== *(2025-04-10)* ## Bug fixes - Fixed building the library in debug mode. *Related issues and pull requests on GitHub:* :issue:`1144`. - Fixed custom `PyType_GetModuleByDef()` when non-heap type object was passed. *Related issues and pull requests on GitHub:* :issue:`1147`. ## Packaging updates and notes for downstreams - Added the ability to build in debug mode by setting :envvar:`MULTIDICT_DEBUG_BUILD` in the environment -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1145`. *** ### [`v6.4.2`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#642) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.4.1...v6.4.2) \===== *(2025-04-09)* ## Bug fixes - Fixed a segmentation fault when creating subclassed :py:class:`~multidict.MultiDict` objects on Python < 3.11 -- by :user:`bdraco`. The problem first appeared in 6.4.0 *Related issues and pull requests on GitHub:* :issue:`1141`. *** ### [`v6.4.1`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#641) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.4.0...v6.4.1) \===== *(2025-04-09)* No significant changes. *** ### [`v6.4.0`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#640) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.3.2...v6.4.0) \===== *(2025-04-09)* ## Bug fixes - Fixed a memory leak creating new :class:`~multidict.istr` objects -- by :user:`bdraco`. The leak was introduced in 6.3.0 *Related issues and pull requests on GitHub:* :issue:`1133`. - Fixed reference counting when calling :py:meth:`multidict.MultiDict.update` -- by :user:`bdraco`. The leak was introduced in 4.4.0 *Related issues and pull requests on GitHub:* :issue:`1135`. ## Features - Switched C Extension to use heap types and the module state. *Related issues and pull requests on GitHub:* :issue:`1125`. - Started building armv7l wheels -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1127`. *** ### [`v6.3.2`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#632) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.3.1...v6.3.2) \===== *(2025-04-03)* ## Bug fixes - Resolved a memory leak by ensuring proper reference count decrementation -- by :user:`asvetlov` and :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1121`. *** ### [`v6.3.1`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#631) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.3.0...v6.3.1) \===== *(2025-04-01)* ## Bug fixes - Fixed keys not becoming case-insensitive when :class:`multidict.CIMultiDict` is created by passing in a :class:`multidict.MultiDict` -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1112`. - Fixed the pure Python version mutating the original :class:`multidict.MultiDict` when creating a new :class:`multidict.CIMultiDict` from an existing one when keyword arguments are also passed -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1113`. - Prevented crashing with a segfault when :func:`repr` is called for recursive multidicts and their proxies and views. *Related issues and pull requests on GitHub:* :issue:`1115`. *** ### [`v6.3.0`](https://github.com/aio-libs/multidict/blob/HEAD/CHANGES.rst#630) [Compare Source](https://github.com/aio-libs/multidict/compare/v6.2.0...v6.3.0) \===== *(2025-03-31)* ## Bug fixes - Set operations for `KeysView` and `ItemsView` of case-insensitive multidicts and their proxies are processed in case-insensitive manner. *Related issues and pull requests on GitHub:* :issue:`965`. - Rewrote :class:`multidict.CIMultiDict` and it proxy to always return :class:`multidict.istr` keys. `istr` is derived from :class:`str`, thus the change is backward compatible. The performance boost is about 15% for some operations for C Extension, pure Python implementation have got a visible (15% - 230%) speedup as well. *Related issues and pull requests on GitHub:* :issue:`1097`. - Fixed a crash when extending a multidict from multidict proxy if C Extensions were used. *Related issues and pull requests on GitHub:* :issue:`1100`. ## Features - Implemented a custom parser for `METH_FASTCALL | METH_KEYWORDS` protocol \-- by :user:`asvetlov`. The patch re-enables fast call protocol in the :py:mod:`multidict` C Extension. Speedup is about 25%-30% for the library benchmarks for Python 3.12+. *Related issues and pull requests on GitHub:* :issue:`1070`. - The C-extension no longer pre-allocates a Python exception object in lookup-related methods of :py:class:`~multidict.MultiDict` when the passed-in *key* is not found but *default* value is provided. Namely, this affects :py:meth:`MultiDict.getone() <multidict.MultiDict.getone>`, :py:meth:`MultiDict.getall() <multidict.MultiDict.getall>`, :py:meth:`MultiDict.get() <multidict.MultiDict.get>`, :py:meth:`MultiDict.pop() <multidict.MultiDict.pop>`, :py:meth:`MultiDict.popone() <multidict.MultiDict.popone>`, and :py:meth:`MultiDict.popall() <multidict.MultiDict.popall>`. Additionally, the :py:class:`~multidict.MultiDict` comparison with regular :py:class:`dict`\ ionaries is now about 60% faster on Python 3.13+ in the fallback-to-default case. *Related issues and pull requests on GitHub:* :issue:`1078`. - Implemented `__repr__()` for C Extension classes in C. The speedup is about 2.5 times. *Related issues and pull requests on GitHub:* :issue:`1081`. - Made C version of :class:`multidict.istr` pickleable. *Related issues and pull requests on GitHub:* :issue:`1098`. - Optimized multidict creation and extending / updating if C Extensions are used. The speedup is between 25% and 70% depending on the usage scenario. *Related issues and pull requests on GitHub:* :issue:`1101`. - :meth:`multidict.MultiDict.popitem` is changed to remove the latest entry instead of the first. It gives O(1) amortized complexity. The standard :meth:`dict.popitem` removes the last entry also. *Related issues and pull requests on GitHub:* :issue:`1105`. ## Contributor-facing changes - Started running benchmarks for the pure Python implementation in addition to the C implementation -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1092`. - The the project-wide Codecov\_ metric is no longer reported via GitHub Checks API. The combined value is not very useful because one of the sources (MyPy) cannot reach 100% with the current state of the ecosystem. We may want to reconsider in the future. Instead, we now have two separate “runtime coverage” metrics for library code and tests. They are to be kept at 100% at all times. And the “type coverage” metric will remain advisory, at a lower threshold. The default patch metric check is renamed to “runtime” to better reflect its semantics. This one will also require 100% coverage. Another “typing” patch coverage metric is now reported alongside it. It's considered advisory, just like its project counterpart. When looking at Codecov\_, one will likely want to look at MyPy and pytest flags separately. It is usually best to avoid looking at the PR pages that sometimes display combined coverage incorrectly. The change additionally disables the deprecated GitHub Annotations integration in Codecov\_. Finally, the badge coloring range now starts at 100%. .. image:: <https://codecov.io/gh/aio-libs/multidict/branch/master/graph/badge.svg?flag=pytest> :target: <https://codecov.io/gh/aio-libs/multidict?flags[]=pytest> :alt: Coverage metrics \-- by :user:`webknjaz` *Related issues and pull requests on GitHub:* :issue:`1093`. ## Miscellaneous internal changes - Synchronized :file:`pythoncapi_compat.h` with the latest available version. *Related issues and pull requests on GitHub:* :issue:`1063`. - Moved registering ABCs for C Extension classes from C to Python. *Related issues and pull requests on GitHub:* :issue:`1083`. - Refactored the internal `pair_list` implementation. *Related issues and pull requests on GitHub:* :issue:`1084`. - Implemented views comparison and disjoints in C instead of Python helpers. The performance boost is about 40%. *Related issues and pull requests on GitHub:* :issue:`1096`. *** </details> <details> <summary>aio-libs/propcache (propcache)</summary> ### [`v0.4.1`](https://github.com/aio-libs/propcache/blob/HEAD/CHANGES.rst#041) [Compare Source](https://github.com/aio-libs/propcache/compare/v0.4.0...v0.4.1) \===== *(2025-10-08)* ## Bug fixes - Fixed reference leak caused by `Py_INCREF` because Cython has its own reference counter systems -- by :user:`Vizonex`. *Related issues and pull requests on GitHub:* :issue:`162`. ## Contributor-facing changes - Fixes the default value for the `os` parameter in `reusable-build-wheel.yml` to be `ubuntu-latest` instead of `ubuntu`. *Related issues and pull requests on GitHub:* :issue:`155`. *** ### [`v0.4.0`](https://github.com/aio-libs/propcache/blob/HEAD/CHANGES.rst#040) [Compare Source](https://github.com/aio-libs/propcache/compare/v0.3.2...v0.4.0) \===== *(2025-10-04)* ## Features - Optimized propcache by replacing sentinel :py:class:`object` for checking if the :py:class:`object` is `NULL` and changed :py:class:`dict` API for Python C-API -- by :user:`Vizonex`. *Related issues and pull requests on GitHub:* :issue:`121`. ## Contributor-facing changes - Builds have been added for arm64 Windows wheels and the `reusable-build-wheel.yml` workflow has been modified to allow for an OS value (`windows-11-arm`) which does not include the `-latest` postfix \-- by :user:`finnagin`. *Related issues and pull requests on GitHub:* :issue:`133`. - Added CI for CPython 3.14 -- by :user:`kumaraditya303`. *Related issues and pull requests on GitHub:* :issue:`140`. *** ### [`v0.3.2`](https://github.com/aio-libs/propcache/blob/HEAD/CHANGES.rst#032) [Compare Source](https://github.com/aio-libs/propcache/compare/v0.3.1...v0.3.2) \===== *(2025-06-09)* ## Improved documentation - Fixed incorrect decorator usage in the :func:`~propcache.api.under_cached_property` example code -- by :user:`meanmail`. *Related issues and pull requests on GitHub:* :issue:`109`. ## Packaging updates and notes for downstreams - Updated to use Cython 3.1 universally across the build path -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`117`. - Made Cython line tracing opt-in via the `with-cython-tracing` build config setting -- by :user:`bdraco`. Previously, line tracing was enabled by default in :file:`pyproject.toml`, which caused build issues for some users and made wheels nearly twice as slow. Now line tracing is only enabled when explicitly requested via `pip install . --config-setting=with-cython-tracing=true` or by setting the `PROPCACHE_CYTHON_TRACING` environment variable. *Related issues and pull requests on GitHub:* :issue:`118`. *** </details> <details> <summary>eliben/pycparser (pycparser)</summary> ### [`v2.23`](https://github.com/eliben/pycparser/compare/release_v2.22...release_v2.23) [Compare Source](https://github.com/eliben/pycparser/compare/release_v2.22...release_v2.23) </details> <details> <summary>theskumar/python-dotenv (python-dotenv)</summary> ### [`v1.1.1`](https://github.com/theskumar/python-dotenv/blob/HEAD/CHANGELOG.md#111---2025-06-24) [Compare Source](https://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.1.1) ##### Fixed - CLI: Ensure `find_dotenv` work reliably on python 3.13 by \[[@theskumar](https://github.com/theskumar)] in [#563](https://github.com/theskumar/python-dotenv/pull/563) - CLI: revert the use of execvpe on Windows by \[[@wrongontheinternet](https://github.com/wrongontheinternet)] in [#566](https://github.com/theskumar/python-dotenv/pull/566) </details> <details> <summary>psf/requests (requests)</summary> ### [`v2.32.5`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2325-2025-08-18) [Compare Source](https://github.com/psf/requests/compare/v2.32.4...v2.32.5) **Bugfixes** - The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration. **Deprecations** - Added support for Python 3.14. - Dropped support for Python 3.8 following its end of support. ### [`v2.32.4`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2324-2025-06-10) [Compare Source](https://github.com/psf/requests/compare/v2.32.3...v2.32.4) **Security** - CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. **Improvements** - Numerous documentation improvements **Deprecations** - Added support for pypy 3.11 for Linux and macOS. - Dropped support for pypy 3.9 following its end of support. </details> <details> <summary>python/typing_extensions (typing_extensions)</summary> ### [`v4.15.0`](https://github.com/python/typing_extensions/blob/HEAD/CHANGELOG.md#Release-4150-August-25-2025) [Compare Source](https://github.com/python/typing_extensions/compare/4.14.1...4.15.0) No user-facing changes since 4.15.0rc1. ### [`v4.14.1`](https://github.com/python/typing_extensions/blob/HEAD/CHANGELOG.md#Release-4141-July-4-2025) [Compare Source](https://github.com/python/typing_extensions/compare/4.14.0...4.14.1) - Fix usage of `typing_extensions.TypedDict` nested inside other types (e.g., `typing.Type[typing_extensions.TypedDict]`). This is not allowed by the type system but worked on older versions, so we maintain support. ### [`v4.14.0`](https://github.com/python/typing_extensions/blob/HEAD/CHANGELOG.md#Release-4140-June-2-2025) [Compare Source](https://github.com/python/typing_extensions/compare/4.13.2...4.14.0) Changes since 4.14.0rc1: - Remove `__or__` and `__ror__` methods from `typing_extensions.Sentinel` on Python versions <3.10. PEP 604 was introduced in Python 3.10, and `typing_extensions` does not generally attempt to backport PEP-604 methods to prior versions. - Further update `typing_extensions.evaluate_forward_ref` with changes in Python 3.14. ### [`v4.13.2`](https://github.com/python/typing_extensions/blob/HEAD/CHANGELOG.md#Release-4132-April-10-2025) [Compare Source](https://github.com/python/typing_extensions/compare/4.13.1...4.13.2) - Fix `TypeError` when taking the union of `typing_extensions.TypeAliasType` and a `typing.TypeAliasType` on Python 3.12 and 3.13. Patch by [Joren Hammudoglu](https://github.com/jorenham). - Backport from CPython PR [#132160](https://github.com/python/cpython/pull/132160) to avoid having user arguments shadowed in generated `__new__` by `@typing_extensions.deprecated`. Patch by [Victorien Plot](https://github.com/Viicos). ### [`v4.13.1`](https://github.com/python/typing_extensions/blob/HEAD/CHANGELOG.md#Release-4131-April-3-2025) [Compare Source](https://github.com/python/typing_extensions/compare/4.13.0...4.13.1) Bugfixes: - Fix regression in 4.13.0 on Python 3.10.2 causing a `TypeError` when using `Concatenate`. Patch by [Daraan](https://github.com/Daraan). - Fix `TypeError` when using `evaluate_forward_ref` on Python 3.10.1-2 and 3.9.8-10. Patch by [Daraan](https://github.com/Daraan). </details> <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.5.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#250-2025-06-18) [Compare Source](https://github.com/urllib3/urllib3/compare/2.4.0...2.5.0) \================== ## Features - Added support for the `compression.zstd` module that is new in Python 3.14. See `PEP 784 <https://peps.python.org/pep-0784/>`\_ for more information. (`#3610 <https://github.com/urllib3/urllib3/issues/3610>`\_\_) - Added support for version 0.5 of `hatch-vcs` (`#3612 <https://github.com/urllib3/urllib3/issues/3612>`\_\_) ## Bugfixes - Fixed a security issue where restricting the maximum number of followed redirects at the `urllib3.PoolManager` level via the `retries` parameter did not work. - Made the Node.js runtime respect redirect parameters such as `retries` and `redirects`. - Raised exception for `HTTPResponse.shutdown` on a connection already released to the pool. (`#3581 <https://github.com/urllib3/urllib3/issues/3581>`\_\_) - Fixed incorrect `CONNECT` statement when using an IPv6 proxy with `connection_from_host`. Previously would not be wrapped in `[]`. (`#3615 <https://github.com/urllib3/urllib3/issues/3615>`\_\_) ### [`v2.4.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#240-2025-04-10) [Compare Source](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0) \================== ## Features - Applied PEP 639 by specifying the license fields in pyproject.toml. (`#3522 <https://github.com/urllib3/urllib3/issues/3522>`\_\_) - Updated exceptions to save and restore more properties during the pickle/serialization process. (`#3567 <https://github.com/urllib3/urllib3/issues/3567>`\_\_) - Added `verify_flags` option to `create_urllib3_context` with a default of `VERIFY_X509_PARTIAL_CHAIN` and `VERIFY_X509_STRICT` for Python 3.13+. (`#3571 <https://github.com/urllib3/urllib3/issues/3571>`\_\_) ## Bugfixes - Fixed a bug with partial reads of streaming data in Emscripten. (`#3555 <https://github.com/urllib3/urllib3/issues/3555>`\_\_) ## Misc - Switched to uv for installing development dependecies. (`#3550 <https://github.com/urllib3/urllib3/issues/3550>`\_\_) - Removed the `multiple.intoto.jsonl` asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (`#3566 <https://github.com/urllib3/urllib3/issues/3566>`\_\_) </details> <details> <summary>GrahamDumpleton/wrapt (wrapt)</summary> ### [`v1.17.3`](https://github.com/GrahamDumpleton/wrapt/releases/tag/1.17.3): wrapt-1.17.3 [Compare Source](https://github.com/GrahamDumpleton/wrapt/compare/1.17.2...1.17.3) See the project page on the Python Package Index at <https://pypi.org/project/wrapt/1.17.3/> for more information. </details> <details> <summary>aio-libs/yarl (yarl)</summary> ### [`v1.22.0`](https://github.com/aio-libs/yarl/blob/HEAD/CHANGES.rst#1220) [Compare Source](https://github.com/aio-libs/yarl/compare/v1.21.0...v1.22.0) \====== *(2025-10-05)* ## Features - Added arm64 Windows wheel builds \-- by :user:`finnagin`. *Related issues and pull requests on GitHub:* :issue:`1516`. *** ### [`v1.21.0`](https://github.com/aio-libs/yarl/blob/HEAD/CHANGES.rst#1210) \====== *(2025-10-05)* ## Contributor-facing changes - The :file:`reusable-cibuildwheel.yml` workflow has been refactored to be more generic and :file:`ci-cd.yml` now holds all the configuration toggles -- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`1535`. - When building wheels, the source distribution is now passed directly to the `cibuildwheel` invocation -- by :user:`webknjaz`. *Related issues and pull requests on GitHub:* :issue:`1536`. - Added CI for Python 3.14 -- by :user:`kumaraditya303`. *Related issues and pull requests on GitHub:* :issue:`1560`. *** ### [`v1.20.1`](https://github.com/aio-libs/yarl/blob/HEAD/CHANGES.rst#1201) \====== *(2025-06-09)* ## Bug fixes - Started raising a :exc:`ValueError` exception raised for corrupted IPv6 URL values. These fixes the issue where exception :exc:`IndexError` was leaking from the internal code because of not being handled and transformed into a user-facing error. The problem was happening under the following conditions: empty IPv6 URL, brackets in reverse order. \-- by :user:`MaelPic`. *Related issues and pull requests on GitHub:* :issue:`1512`. ## Packaging updates and notes for downstreams - Updated to use Cython 3.1 universally across the build path -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`1514`. - Made Cython line tracing opt-in via the `with-cython-tracing` build config setting -- by :user:`bdraco`. Previously, line tracing was enabled by default in :file:`pyproject.toml`, which caused build issues for some users and made wheels nearly twice as slow. Now line tracing is only enabled when explicitly requested via `pip install . --config-setting=with-cython-tracing=true` or by setting the `YARL_CYTHON_TRACING` environment variable. *Related issues and pull requests on GitHub:* :issue:`1521`. *** ### [`v1.20.0`](https://github.com/aio-libs/yarl/blob/HEAD/CHANGES.rst#1200) [Compare Source](https://github.com/aio-libs/yarl/compare/v1.19.0...v1.20.0) \====== *(2025-04-16)* ## Features - Implemented support for the free-threaded build of CPython 3.13 -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`1456`. ## Packaging updates and notes for downstreams - Started building wheels for the free-threaded build of CPython 3.13 -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`1456`. *** ### [`v1.19.0`](https://github.com/aio-libs/yarl/blob/HEAD/CHANGES.rst#1190) [Compare Source](https://github.com/aio-libs/yarl/compare/v1.18.3...v1.19.0) \====== *(2025-04-05)* ## Bug fixes - Fixed entire name being re-encoded when using :py:meth:`yarl.URL.with_suffix` -- by :user:`NTFSvolume`. *Related issues and pull requests on GitHub:* :issue:`1468`. ## Features - Started building armv7l wheels for manylinux -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1495`. ## Contributor-facing changes - GitHub Actions CI/CD is now configured to manage caching pip-ecosystem dependencies using `re-actors/cache-python-deps`\_ -- an action by :user:`webknjaz` that takes into account ABI stability and the exact version of Python runtime. .. \_`re-actors/cache-python-deps`: <https://github.com/marketplace/actions/cache-python-deps> *Related issues and pull requests on GitHub:* :issue:`1471`. - Increased minimum `propcache`\_ version to 0.2.1 to fix failing tests -- by :user:`bdraco`. .. \_`propcache`: <https://github.com/aio-libs/propcache> *Related issues and pull requests on GitHub:* :issue:`1479`. - Added all hidden folders to pytest's `norecursedirs` to prevent it from trying to collect tests there -- by :user:`lysnikolaou`. *Related issues and pull requests on GitHub:* :issue:`1480`. ## Miscellaneous internal changes - Improved accuracy of type annotations -- by :user:`Dreamsorcerer`. *Related issues and pull requests on GitHub:* :issue:`1484`. - Improved performance of parsing query strings -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1493`, :issue:`1497`. - Improved performance of the C unquoter -- by :user:`bdraco`. *Related issues and pull requests on GitHub:* :issue:`1496`, :issue:`1498`. *** </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 9am on monday" in timezone UTC, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit

2025-10-13 15:17:29 +02:00