Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump aiohttp from 3.8.4 to 3.8.5 #53339

Merged
merged 1 commit into from
Jul 26, 2023
Merged

chore(deps): bump aiohttp from 3.8.4 to 3.8.5 #53339

merged 1 commit into from
Jul 26, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 21, 2023

Bumps aiohttp from 3.8.4 to 3.8.5.

Release notes

Sourced from aiohttp's releases.

3.8.5

Security bugfixes

  • Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:webknjaz and :user:Dreamsorcerer.

    Thanks to :user:sethmlarson for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

    .. _llhttp: https://llhttp.org

    (#7346)

Features

  • Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer

    (#7366)

Bugfixes

  • Fixed a transport is :data:None error -- by :user:Dreamsorcerer.

    (#3355)

Changelog

Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

  • Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:webknjaz and :user:Dreamsorcerer.

    Thanks to :user:sethmlarson for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

    .. _llhttp: https://llhttp.org

    [#7346](https://github.com/aio-libs/aiohttp/issues/7346) <https://github.com/aio-libs/aiohttp/issues/7346>_

Features

  • Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer

    [#7366](https://github.com/aio-libs/aiohttp/issues/7366) <https://github.com/aio-libs/aiohttp/issues/7366>_

Bugfixes

  • Fixed a transport is :data:None error -- by :user:Dreamsorcerer.

    [#3355](https://github.com/aio-libs/aiohttp/issues/3355) <https://github.com/aio-libs/aiohttp/issues/3355>_

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump aiohttp from 3.8.4 to 3.8.5
dbe2225 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.4 to 3.8.5.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.8.4...v3.8.5)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner July 21, 2023 15:43
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Jul 21, 2023
@codecov
Copy link

codecov bot commented Jul 21, 2023
edited
Loading

Codecov Report

Merging #53339 (dbe2225) into master (d55d673) will increase coverage by 6.38%.
The diff coverage is n/a.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #53339      +/-   ##
==========================================
+ Coverage   73.14%   79.53%   +6.38%     
==========================================
  Files        4935     4939       +4     
  Lines      207277   208100     +823     
  Branches    35300    35479     +179     
==========================================
+ Hits       151609   165504   +13895     
+ Misses      50515    37560   -12955     
+ Partials     5153     5036     -117

see 702 files with indirect coverage changes

@mdtro
Copy link
Member

mdtro commented Jul 21, 2023

/gcbrun

@mdtro mdtro added the Trigger: getsentry tests once code is reviewed: apply label to PR to trigger getsentry tests label Jul 21, 2023
JoshFerge
JoshFerge reviewed Jul 26, 2023
View reviewed changes
Copy link
Member

@JoshFerge JoshFerge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where does this actually get used? is it a sub-dependency?

@mdtro
Copy link
Member

mdtro commented Jul 26, 2023
edited
Loading

where does this actually get used? is it a sub-dependency?

@JoshFerge looks like it's a sub-dependency of openai (if I'm using pipdeptree correctly).

> pipdeptree -flr -p aiohttp
aiohttp==3.8.4
  openai==0.27.0
    -e git+ssh://git@github.com/getsentry/sentry.git@efba84efbe0b7d4fdb44698198333718c1ef3e7c#egg=sentry
  -e git+ssh://git@github.com/getsentry/sentry.git@efba84efbe0b7d4fdb44698198333718c1ef3e7c#egg=sentry

> pip show openai
Name: openai
Version: 0.27.0
Summary: Python client library for the OpenAI API
Home-page: https://github.com/openai/openai-python
Author: OpenAI
Author-email: support@openai.com
License:
Location: /Users/mdtro/.pyenv/versions/3.8.16/lib/python3.8/site-packages
Requires: aiohttp, requests, tqdm
Required-by: sentry

@mdtro mdtro merged commit babe591 into master Jul 26, 2023
69 of 70 checks passed
@mdtro mdtro deleted the dependabot/pip/aiohttp-3.8.5 branch July 26, 2023 18:09
@github-actions github-actions bot locked and limited conversation to collaborators Aug 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@JoshFerge JoshFerge JoshFerge approved these changes

@mdtro mdtro mdtro approved these changes

Assignees
No one assigned
Labels
Scope: Backend Automatically applied to PRs that change backend components Trigger: getsentry tests once code is reviewed: apply label to PR to trigger getsentry tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdtro @JoshFerge