This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: * Fixed backwards compatibility breakage of `ssl` parameter when set outside of `ClientSession` * Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures. greater thanFrom version 3.9.2 : * Fixed server-side websocket connection leak. * Fixed `web.FileResponse` doing blocking I/O in the event loop. * Fixed double compress when compression enabled and compressed file exists in server file responses. * Added runtime type check for `ClientSession` `timeout` parameter. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Improved validation of paths for static resources requests to the server. * Added support for passing :py:data:`True` to `ssl` parameter in `ClientSession` while deprecating :py:data:`None`. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Fixed examples of `fallback_charset_resolver` function in the :doc:`client_advanced` document. * The Sphinx setup was updated to avoid showing the empty changelog draft section in the tagged release documentation builds on Read The Docs. * The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately. * Updated :ref:`contributing/Tests coverage and less than aiohttp-contributing greater than` section to show how we use `codecov`. * Replaced all `tmpdir` fixtures with `tmp_path` in test suite. * Disable broken tests with openssl 3.2 and python and less than 3.11 bsc#1217782 update to 3.9.1: * Fixed importing aiohttp under PyPy on Windows. * Fixed async concurrency safety in websocket compressor. * Fixed `ClientResponse.close` releasing the connection instead of closing. * Fixed a regression where connection may get closed during upgrade. -- by :user:`Dreamsorcerer` * Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:`Dreamsorcerer` update to 3.9.0: * Introduced `AppKey` for static typing support of `Application` storage. * Added a graceful shutdown period which allows pending tasks to complete before the application"s cleanup is called. * Added `handler_cancellation`_ parameter to cancel web handler on client disconnection. * This reintroduces a feature removed in a previous release. * Recommended for those looking for an extra level of protection against denial-of-service attacks. * Added support for setting response header parameters `max_line_size` and `max_field_size`. * Added `auto_decompress` parameter to `ClientSession.request` to override `ClientSession._auto_decompress`. * Changed `raise_for_status` to allow a coroutine. * Added client brotli compression support . * Added `client_max_size` to `BaseRequest.clone` to allow overriding the request body size. -- :user:`anesabml`. * Added a middleware type alias `aiohttp.typedefs.Middleware`. * Exported `HTTPMove` which can be used to catch any redirection request that has a location -- :user:`dreamsorcerer`. * Changed the `path` parameter in `web.run_app` to accept a `pathlib.Path` object. * Performance: Skipped filtering `CookieJar` when the jar is empty or all cookies have expired. * Performance: Only check origin if insecure scheme and there are origins to treat as secure, in `CookieJar.filter_cookies`. * Performance: Used timestamp instead of `datetime` to achieve faster cookie expiration in `CookieJar`. * Added support for passing a custom server name parameter to HTTPS connection. * Added support for using Basic Auth credentials from :file:`.netrc` file when making HTTP requests with the * :py:class:`~aiohttp.ClientSession` `trust_env` argument is set to `True`. -- by :user:`yuvipanda`. * Turned access log into no-op when the logger is disabled. * Added typing information to `RawResponseMessage`. -- by :user:`Gobot1234` * Removed `async-timeout` for Python 3.11+ . * Added support for `brotlicffi` as an alternative to `brotli` . * Added `WebSocketResponse.get_extra_info` to access a protocol transport"s extra info. * Allow `link` argument to be set to None/empty in HTTP 451 exception. * Fixed client timeout not working when incoming data is always available without waiting. -- by :user:`Dreamsorcerer`. * Fixed `readuntil` to work with a delimiter of more than one character. * Added `__repr__` to `EmptyStreamReader` to avoid `AttributeError`. * Fixed bug when using `TCPConnector` with `ttl_dns_cache=0`. * Fixed response returned from expect handler being thrown away. -- by :user:`Dreamsorcerer` * Avoided raising `UnicodeDecodeError` in multipart and in HTTP headers parsing. * Changed `sock_read` timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:`dtrifiro` * Fixed missing query in tracing method URLs when using `yarl` 1.9+. * Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a `DeprecationWarning` on Python 3.12. * Fixed `EmptyStreamReader.iter_chunks` never ending. * Fixed a rare `RuntimeError: await wasn#x27;t used with future` exception. * Fixed issue with insufficient HTTP method and version validation. * Added check to validate that absolute URIs have schemes. * Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates. * Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator. * Fixed Python HTTP parser not treating 204/304/1xx as an empty body. * Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3. * Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:`Dreamsorcerer` * Edge Case Handling for ResponseParser for missing reason value. * Fixed `ClientWebSocketResponse.close_code` being erroneously set to `None` when there are concurrent async tasks receiving data and closing the connection. * Added HTTP method validation. * Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:`Dreamsorcerer` * Performance: Fixed increase in latency with small messages from websocket compression changes. * Improved Documentation * Fixed the `ClientResponse.release`"s type in the doc. Changed from `comethod` to `method`. * Added information on behavior of base_url parameter in `ClientSession`. * Completed `trust_env` parameter description to honor `wss_proxy`, `ws_proxy` or `no_proxy` env. * Dropped Python 3.6 support. * Dropped Python 3.7 support. -- by :user:`Dreamsorcerer` * Removed support for abandoned `tokio` event loop. * Made `print` argument in `run_app` optional. * Improved performance of `ceil_timeout` in some cases. * Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:`Dreamsorcerer` * Improved import time by replacing `http.server` with `http.HTTPStatus`. * Fixed annotation of `ssl` parameter to disallow `True`. update to 3.8.6 : * Security bugfixes * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- pjjw- qhg8-p2p9. * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- gfw2-4jvh- wgfg. * Added `fallback_charset_resolver` parameter in `ClientSession` to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use `fallback_charset_resolver the client * Fixed `PermissionError` when `.netrc` is unreadable due to permissions. * Fixed output of parsing errors * Fixed sorting in `filter_cookies` to use cookie with longest path. Release 3.8.0