fix(deps): update dependency aiohttp to v3.9.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
aiohttp	3.8.6 -> 3.9.0

---

Release Notes

aio-libs/aiohttp (aiohttp)

v3.9.0: 3.9.0

Compare Source

Features

• Introduced AppKey for static typing support of Application storage.
  See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

  (#​5864)

• Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called.
  The period can be adjusted with the shutdown_timeout parameter. -- by :user:Dreamsorcerer.
  See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

  (#​7188)

• Added handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>_ parameter to cancel web handler on client disconnection. -- by :user:mosquito
  This (optionally) reintroduces a feature removed in a previous release.
  Recommended for those looking for an extra level of protection against denial-of-service attacks.

  (#​7056)

• Added support for setting response header parameters max_line_size and max_field_size.

  (#​2304)

• Added auto_decompress parameter to ClientSession.request to override ClientSession._auto_decompress. -- by :user:Daste745

  (#​3751)

• Changed raise_for_status to allow a coroutine.

  (#​3892)

• Added client brotli compression support (optional with runtime check).

  (#​5219)

• Added client_max_size to BaseRequest.clone() to allow overriding the request body size. -- :user:anesabml.

  (#​5704)

• Added a middleware type alias aiohttp.typedefs.Middleware.

  (#​5898)

• Exported HTTPMove which can be used to catch any redirection request
  that has a location -- :user:dreamsorcerer.

  (#​6594)

• Changed the path parameter in web.run_app() to accept a pathlib.Path object.

  (#​6839)

• Performance: Skipped filtering CookieJar when the jar is empty or all cookies have expired.

  (#​7819)

• Performance: Only check origin if insecure scheme and there are origins to treat as secure, in CookieJar.filter_cookies().

  (#​7821)

• Performance: Used timestamp instead of datetime to achieve faster cookie expiration in CookieJar.

  (#​7824)

• Added support for passing a custom server name parameter to HTTPS connection.

  (#​7114)

• Added support for using Basic Auth credentials from :file:.netrc file when making HTTP requests with the
  :py:class:~aiohttp.ClientSession trust_env argument is set to True. -- by :user:yuvipanda.

  (#​7131)

• Turned access log into no-op when the logger is disabled.

  (#​7240)

• Added typing information to RawResponseMessage. -- by :user:Gobot1234

  (#​7365)

• Removed async-timeout for Python 3.11+ (replaced with asyncio.timeout() on newer releases).

  (#​7502)

• Added support for brotlicffi as an alternative to brotli (fixing Brotli support on PyPy).

  (#​7611)

• Added WebSocketResponse.get_extra_info() to access a protocol transport's extra info.

  (#​7078)

• Allow link argument to be set to None/empty in HTTP 451 exception.

  (#​7689)

Bugfixes

• Implemented stripping the trailing dots from fully-qualified domain names in Host headers and TLS context when acting as an HTTP client.
  This allows the client to connect to URLs with FQDN host name like https://example.com./.
  -- by :user:martin-sucha.

  (#​3636)

• Fixed client timeout not working when incoming data is always available without waiting. -- by :user:Dreamsorcerer.

  (#​5854)

• Fixed readuntil to work with a delimiter of more than one character.

  (#​6701)

• Added __repr__ to EmptyStreamReader to avoid AttributeError.

  (#​6916)

• Fixed bug when using TCPConnector with ttl_dns_cache=0.

  (#​7014)

• Fixed response returned from expect handler being thrown away. -- by :user:Dreamsorcerer

  (#​7025)

• Avoided raising UnicodeDecodeError in multipart and in HTTP headers parsing.

  (#​7044)

• Changed sock_read timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:dtrifiro

  (#​7149)

• Fixed missing query in tracing method URLs when using yarl 1.9+.

  (#​7259)

• Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a DeprecationWarning on Python 3.12.

  (#​7302)

• Fixed EmptyStreamReader.iter_chunks() never ending. -- by :user:mind1m

  (#​7616)

• Fixed a rare RuntimeError: await wasn't used with future exception. -- by :user:stalkerg

  (#​7785)

• Fixed issue with insufficient HTTP method and version validation.

  (#​7700)

• Added check to validate that absolute URIs have schemes.

  (#​7712)

• Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates.

  (#​7715)

• Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator.

  (#​7719)

• Fixed Python HTTP parser not treating 204/304/1xx as an empty body.

  (#​7755)

• Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3.

  (#​7756)

• Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:Dreamsorcerer

  (#​7764)

• Edge Case Handling for ResponseParser for missing reason value.

  (#​7776)

• Fixed ClientWebSocketResponse.close_code being erroneously set to None when there are concurrent async tasks receiving data and closing the connection.

  (#​7306)

• Added HTTP method validation.

  (#​6533)

• Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:Dreamsorcerer

  (#​7835)

• Performance: Fixed increase in latency with small messages from websocket compression changes.

  (#​7797)

Improved Documentation

• Fixed the ClientResponse.release's type in the doc. Changed from comethod to method.

  (#​5836)

• Added information on behavior of base_url parameter in ClientSession.

  (#​6647)

• Fixed ClientResponseError docs.

  (#​6700)

• Updated Redis code examples to follow the latest API.

  (#​6907)

• Added a note about possibly needing to update headers when using on_response_prepare. -- by :user:Dreamsorcerer

  (#​7283)

• Completed trust_env parameter description to honor wss_proxy, ws_proxy or no_proxy env.

  (#​7325)

• Expanded SSL documentation with more examples (e.g. how to use certifi). -- by :user:Dreamsorcerer

  (#​7334)

• Fix, update, and improve client exceptions documentation.

  (#​7733)

Deprecations and Removals

• Added shutdown_timeout parameter to BaseRunner, while
  deprecating shutdown_timeout parameter from BaseSite. -- by :user:Dreamsorcerer

  (#​7718)

• Dropped Python 3.6 support.

  (#​6378)

• Dropped Python 3.7 support. -- by :user:Dreamsorcerer

  (#​7336)

• Removed support for abandoned tokio event loop. -- by :user:Dreamsorcerer

  (#​7281)

Misc

• Made print argument in run_app() optional.

  (#​3690)

• Improved performance of ceil_timeout in some cases.

  (#​6316)

• Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:Dreamsorcerer

  (#​6591)

• Improved import time by replacing http.server with http.HTTPStatus.

  (#​6903)

• Fixed annotation of ssl parameter to disallow True. -- by :user:Dreamsorcerer.

  (#​7335)

---

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.