8000 Comparing master...3.13 · aio-libs/aiohttp · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: aio-libs/aiohttp
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: aio-libs/aiohttp
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.13
Choose a head ref
  • 6 commits
  • 10 files changed
  • 1 contributor

Commits on Jun 16, 2025

  1. Bump pydantic from 2.11.6 to 2.11.7 (#11219) 

    Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.6 to
2.11.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pydantic/pydantic/releases">pydantic's
releases</a>.</em></p>
<blockquote>
<h2>v2.11.7 2025-06-14</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Fixes</h3>
<ul>
<li>Copy <code>FieldInfo</code> instance if necessary during
<code>FieldInfo</code> build by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/11980">pydantic/pydantic#11980</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pydantic/pydantic/compare/v2.11.6...v2.11.7">https://github.com/pydantic/pydantic/compare/v2.11.6...v2.11.7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's
changelog</a>.</em></p>
<blockquote>
<h2>v2.11.7 (2025-06-14)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.11.7">GitHub
release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Copy <code>FieldInfo</code> instance if necessary during
<code>FieldInfo</code> build by <a
href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a
href="https://redirect.github.com/pydantic/pydantic/pull/11898">#11898</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pydantic/pydantic/commit/5f033e46c54fea1b59b6894d6527daf49475e690"><code>5f033e4</code></a>
Prepare release v2.11.7</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/c3368b83c411f421a7322959bc29f3bea4bd252a"><code>c3368b8</code></a>
Copy <code>FieldInfo</code> instance if necessary during
<code>FieldInfo</code> build (<a
href="https://redirect.github.com/pydantic/pydantic/issues/11980">#11980</a>)</li>
<li>See full diff in <a
href="https://github.com/pydantic/pydantic/compare/v2.11.6...v2.11.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.11.6&new-version=2.11.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 16, 2025
    Configuration menu
    Copy the full SHA
    7839460 View commit details
    Browse the repository at this point in the history

  2. Bump certifi from 2025.4.26 to 2025.6.15 (#11220) 

    Bumps [certifi](https://github.com/certifi/python-certifi) from
2025.4.26 to 2025.6.15.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/certifi/python-certifi/commit/e767d5938eddddf804216cec93a55c85129c5f2d"><code>e767d59</code></a>
2025.06.15 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/357">#357</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/3e7076557d66b598fcca462e422dc988f09a6802"><code>3e70765</code></a>
Bump actions/setup-python from 5.5.0 to 5.6.0</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/9afd2ff407b8a0638988c952a6636b8dd623af7c"><code>9afd2ff</code></a>
Bump actions/download-artifact from 4.2.1 to 4.3.0</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/d7c816cbc9cf621b3ddc8cd7fa7eda3f36982620"><code>d7c816c</code></a>
remove code that's no longer required that 3.7 is our minimum (<a
href="https://redirect.github.com/certifi/python-certifi/issues/351">#351</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/189961379209973abd0dd6304297f03e2359e1b9"><code>1899613</code></a>
Declare setuptools as the build backend in pyproject.toml (<a
href="https://redirect.github.com/certifi/python-certifi/issues/350">#350</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/c8741423d67e1025c0bdad5225ded05cf962f207"><code>c874142</code></a>
update CI for ubuntu 20.04 deprecation (<a
href="https://redirect.github.com/certifi/python-certifi/issues/348">#348</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2025.04.26...2025.06.15">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2025.4.26&new-version=2025.6.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 16, 2025
    Configuration menu
    Copy the full SHA
    8264fce View commit details
    Browse the repository at this point in the history

Commits on Jun 17, 2025

  1. Bump mypy from 1.16.0 to 1.16.1 (#11222) 

    Bumps [mypy](https://github.com/python/mypy) from 1.16.0 to 1.1
10000
6.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python/mypy/commit/68b8fa097d080c92d30a429bc74de8acd56caf85"><code>68b8fa0</code></a>
Bump version to 1.16.1</li>
<li><a
href="https://github.com/python/mypy/commit/e253eded9c887630f3f5404c4b9f73f13570476a"><code>e253ede</code></a>
Single underscore is not a sunder (<a
href="https://redirect.github.com/python/mypy/issues/19273">#19273</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/9fb5ff66c51bd971d7a6b1260cc0ec9f1b82cc06"><code>9fb5ff6</code></a>
Fix properties with setters after deleters (<a
href="https://redirect.github.com/python/mypy/issues/19248">#19248</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/c20fd7838338cd65d6c7c6e252eda85996cfc98e"><code>c20fd78</code></a>
Handle assignment of bound methods in class bodies (<a
href="https://redirect.github.com/python/mypy/issues/19233">#19233</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/c86480ce51e4bb6db21f4b3f0b3ec8833aafc8ce"><code>c86480c</code></a>
Tighten metaclass <strong>call</strong> handling in protocols (<a
href="https://redirect.github.com/python/mypy/issues/19191">#19191</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/cb3c6ec6a7aaa96a0e26768a946ac63ea14115f2"><code>cb3c6ec</code></a>
Fix crash on partial type used as context (<a
href="https://redirect.github.com/python/mypy/issues/19216">#19216</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/c39f5e73c47182e51c5d8d488f7cc7301257c974"><code>c39f5e7</code></a>
[mypyc] Fixing condition for handling user-defined <strong>del</strong>
(<a
href="https://redirect.github.com/python/mypy/issues/19188">#19188</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/0a4f28431faa18e59d35bc269cb0ea6c00810653"><code>0a4f284</code></a>
Fix crash on invalid property inside its own body (<a
href="https://redirect.github.com/python/mypy/issues/19208">#19208</a>)</li>
<li><a
href="https://github.com/python/mypy/commit/9b079f6592740a51c0e629728eeb0324ad85126f"><code>9b079f6</code></a>
Bump version to 1.16.1+dev</li>
<li>See full diff in <a
href="https://github.com/python/mypy/compare/v1.16.0...v1.16.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy&package-manager=pip&previous-version=1.16.0&new-version=1.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 17, 2025
    Configuration menu
    Copy the full SHA
    2ad7568 View commit details
    Browse the repository at this point in the history

  2. Bump multidict from 6.4.4 to 6.5.0 (#11223) 

    Bumps [multidict](https://github.com/aio-libs/multidict) from 6.4.4 to
6.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/multidict/releases">multidict's
releases</a>.</em></p>
<blockquote>
<h2>6.5.0</h2>
<h2>Features</h2>
<ul>
<li>
<p>Replace internal implementation from an array of items to hash table.
algorithmic complexity for lookups is switched from O(N) to O(1).</p>
<p>The hash table is very similar to :class:<code>dict</code> from
CPython but it allows keys duplication.</p>
<p>The benchmark shows 25-50% boost for single lookups, x2-x3 for bulk
updates, and x20 for
some multidict view operations.  The gain is not for free:
:class:<code>~multidict.MultiDict.add</code> and
:class:<code>~multidict.MultiDict.extend</code> are 25-50%
slower now. We consider it as acceptable because the lookup is much more
common
operation that addition for the library domain.</p>
<p><em>Related issues and pull requests on GitHub:</em>
<a
href="https://redirect.github.com/aio-libs/multidict/issues/1128">#1128</a>.</p>
</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p>Builds have been added for arm64 Windows
wheels and the <code>reusable-build-wheel.yml</code>
template has been modified to allow for
an os value (<code>windows-11-arm</code>) which
does not end with the <code>-latest</code> postfix.</p>
<p><em>Related issues and pull requests on GitHub:</em>
<a
href="https://redirect.github.com/aio-libs/multidict/issues/1167">#1167</a>.</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/multidict/blob/master/CHANGES.rst">multidict's
changelog</a>.</em></p>
<blockquote>
<h1>6.5.0</h1>
<p><em>(2025-06-17)</em></p>
<h2>Features</h2>
<ul>
<li>
<p>Replace internal implementation from an array of items to hash table.
algorithmic complexity for lookups is switched from O(N) to O(1).</p>
<p>The hash table is very similar to :class:<code>dict</code> from
CPython but it allows keys duplication.</p>
<p>The benchmark shows 25-50% boost for single lookups, x2-x3 for bulk
updates, and x20 for
some multidict view operations.  The gain is not for free:
:class:<code>~multidict.MultiDict.add</code> and
:class:<code>~multidict.MultiDict.extend</code> are 25-50%
slower now. We consider it as acceptable because the lookup is much more
common
operation that addition for the library domain.</p>
<p><em>Related issues and pull requests on GitHub:</em>
:issue:<code>1128</code>.</p>
</li>
</ul>
<h2>Contributor-facing changes</h2>
<ul>
<li>
<p>Builds have been added for arm64 Windows
wheels and the <code>reusable-build-wheel.yml</code>
template has been modified to allow for
an os value (<code>windows-11-arm</code>) which
does not end with the <code>-latest</code> postfix.</p>
<p><em>Related issues and pull requests on GitHub:</em>
:issue:<code>1167</code>.</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aio-libs/multidict/commit/df5b5dbb6e3e262b9311755cf130c669e121eb81"><code>df5b5db</code></a>
Release 6.5.0 (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1176">#1176</a>)</li>
<li><a
href="https://github.com/aio-libs/multidict/commit/9d3c53f28c4c18b1a032af45d013a0bbe12821b9"><code>9d3c53f</code></a>
Replace pair_list with hash table (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1128">#1128</a>)</li>
<li><a
href="https://github.com/aio-libs/multidict/commit/bdbbc4876097669e5cb5939bd63c163a1cea2fe1"><code>bdbbc48</code></a>
Bump pytest-cov from 6.0.0 to 6.1.0 (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1119">#1119</a>)</li>
<li><a
href="https://github.com/aio-libs/multidict/commit/b23c192ed907155efcc5ecd90f2d0b7a8512b63a"><code>b23c192</code></a>
Bump pytest to 8.4.0 (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1169">#1169</a>)</li>
<li><a
href="https://github.com/aio-libs/multidict/commit/87c76b8fc60496f266fa2a010f814b87ab2c204e"><code>87c76b8</code></a>
Fix failed spelling task (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1168">#1168</a>)</li>
<li><a
href="https://github.com/aio-libs/multidict/commit/fa9e4b6d47963f261d03269fc18f9f4675c118f8"><code>fa9e4b6</code></a>
Add Windows arm64 builds (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1167">#1167</a>)</li>
<li><a
href="https://github.com/aio-libs/multidict/commit/874fc89640cc3e33ad9f5d25820d2786bb8b97a9"><code>874fc89</code></a>
Increment version to 6.4.5.dev0 (<a
href="https://redirect.github.com/aio-libs/multidict/issues/1165">#1165</a>)</li>
<li>See full diff in <a
href="https://github.com/aio-libs/multidict/compare/v6.4.4...v6.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=multidict&package-manager=pip&previous-version=6.4.4&new-version=6.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 17, 2025
    Configuration menu
    Copy the full SHA
    ed11b39 View commit details
    Browse the repository at this point in the history

Commits on Jun 18, 2025

  1. Bump pytest from 8.4.0 to 8.4.1 (#11229) 

    Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.0 to
8.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>8.4.1</h2>
<h1>pytest 8.4.1 (2025-06-17)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13461">#13461</a>:
Corrected <code>_pytest.terminal.TerminalReporter.isatty</code> to
support
being called as a method. Before it was just a boolean which could
break correct code when using <code>-o log_cli=true</code>).</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13477">#13477</a>:
Reintroduced
<code>pytest.PytestReturnNotNoneWarning</code>{.interpreted-text
role=&quot;class&quot;} which was removed by accident in pytest
[8.4]{.title-ref}.</p>
<p>This warning is raised when a test functions returns a value other
than <code>None</code>, which is often a mistake made by beginners.</p>
<p>See <code>return-not-none</code>{.interpreted-text
role=&quot;ref&quot;} for more information.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13497">#13497</a>:
Fixed compatibility with <code>Twisted 25+</code>.</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13492">#13492</a>:
Fixed outdated warning about <code>faulthandler</code> not working on
Windows.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pytest-dev/pytest/commit/8d99211f0ce3927eb7ee579f7b4f969da06dc787"><code>8d99211</code></a>
Prepare release version 8.4.1</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/5dc5880715633c97310c0593f0ae356de27fa933"><code>5dc5880</code></a>
docs: update pytest.ini addopts example to use separate -p entries (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13529">#13529</a>)
(...</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/d0c7ed0bfae5a5f1f9153cd1e464a421d701e925"><code>d0c7ed0</code></a>
Reintroduce PytestReturnNotNoneWarning (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13495">#13495</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13527">#13527</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/a1b3a7879589eb437e4fd97c169b228c3ed58c63"><code>a1b3a78</code></a>
Fix compatibility with Twisted 25 (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13502">#13502</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13531">#13531</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/4c161aba8ecaab9940040702369025595d26564c"><code>4c161ab</code></a>
pytester: avoid unraisableexception gc collects in inline runs to speed
up te...</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/a86ee09291f913b36fdeec14c42356515b91c979"><code>a86ee09</code></a>
Fix typo in parametrize.rst (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13514">#13514</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13516">#13516</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/1a0581b0227fa07afd1f2c4c6215aec3862cf1ab"><code>1a0581b</code></a>
Remove outdated warning about faulthandler_timeout on Windows (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13492">#13492</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13493">#13493</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/4e631a71484c2fa49e3fd9f884546af411a4888d"><code>4e631a7</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/13486">#13486</a>
from hosmir/fixtypo (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13487">#13487</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/b49745ec529f06edfbbe531b766839763b2be3c2"><code>b49745e</code></a>
fix: support TerminalReporter.isatty being called (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13462">#13462</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13483">#13483</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/cc5ceed916d0c63696da33c67e035917194a4e87"><code>cc5ceed</code></a>
RELEASING: remove pytest mailing list (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13472">#13472</a>)
(<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13473">#13473</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/8.4.0...8.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=pip&previous-version=8.4.0&new-version=8.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 18, 2025
    Configuration menu
    Copy the full SHA
    5444eb6 View commit details
    Browse the repository at this point in the history

Commits on Jun 19, 2025

  1. Bump urllib3 from 2.4.0 to 2.5.0 (#11230) 

    Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.4.0 to 2.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.5.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h1>Security issues</h1>
<p>urllib3 2.5.0 fixes two moderate security issues:</p>
<ul>
<li>Pool managers now properly control redirects when
<code>retries</code> is passed — CVE-2025-50181 reported by <a
href="https://github.com/sandumjacob"><code>@​sandumjacob</code></a>
(5.3 Medium, GHSA-pq67-6m6q-mj2v)</li>
<li>Redirects are now controlled by urllib3 in the Node.js runtime —
CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li>
</ul>
<h1>Features</h1>
<ul>
<li>Added support for the <code>compression.zstd</code> module that is
new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP
784</a> for more information. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li>
<li>Added support for version 0.5 of <code>hatch-vcs</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li>
</ul>
<h1>Bugfixes</h1>
<ul>
<li>Raised exception for <code>HTTPResponse.shutdown</code> on a
connection already released to the pool. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li>
<li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6
proxy with <code>connection_from_host</code>. Previously would not be
wrapped in <code>[]</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.5.0 (2025-06-18)</h1>
<h2>Features</h2>
<ul>
<li>Added support for the <code>compression.zstd</code> module that is
new in Python 3.14.
See <code>PEP 784 &lt;https://peps.python.org/pep-0784/&gt;</code>_ for
more information.
(<code>[#3610](urllib3/urllib3#3610)
&lt;https://github.com/urllib3/urllib3/issues/3610&gt;</code>__)</li>
<li>Added support for version 0.5 of <code>hatch-vcs</code>
(<code>[#3612](urllib3/urllib3#3612)
&lt;https://github.com/urllib3/urllib3/issues/3612&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a security issue where restricting the maximum number of
followed
redirects at the <code>urllib3.PoolManager</code> level via the
<code>retries</code> parameter
did not work.</li>
<li>Made the Node.js runtime respect redirect parameters such as
<code>retries</code>
and <code>redirects</code>.</li>
<li>Raised exception for <code>HTTPResponse.shutdown</code> on a
connection already released to the pool.
(<code>[#3581](urllib3/urllib3#3581)
&lt;https://github.com/urllib3/urllib3/issues/3581&gt;</code>__)</li>
<li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6
proxy with <code>connection_from_host</code>. Previously would not be
wrapped in <code>[]</code>.
(<code>[#3615](urllib3/urllib3#3615)
&lt;https://github.com/urllib3/urllib3/issues/3615&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a>
Release 2.5.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a>
Fix HTTP tunneling with IPv6 in older Python versions</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a>
Bump github/codeql-action from 3.28.0 to 3.29.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a>
Update v2 migration guide to 2.4.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a>
Raise exception for shutdown on a connection already released to the
pool (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a>
Fix emscripten CI for Chrome 137+ (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a>
Bump RECENT_DATE (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a>
Add support for the new <code>compression.zstd</code> module in Python
3.14 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.4.0...2.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.4.0&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 19, 2025
    Configuration menu
    Copy the full SHA
    6aea2ce View commit details
    Browse the repository at this point in the history
Loading
0