deps: keep aiohttp <3.14 cap; ignore 3.14+ in Dependabot#20
Merged
Conversation
…4 updates --- updated-dependencies: - dependency-name: falcon dependency-version: 4.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-and-patch - dependency-name: boto3 dependency-version: 1.43.34 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: google-cloud-storage dependency-version: 3.12.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-and-patch - dependency-name: typer dependency-version: 0.26.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: filelock dependency-version: 3.29.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: aiohttp dependency-version: 3.14.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-minor-and-patch - dependency-name: joserfc dependency-version: 1.7.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: sentry-sdk dependency-version: 2.63.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-and-patch - dependency-name: mutmut dependency-version: 3.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-and-patch - dependency-name: pytest dependency-version: 9.1.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-minor-and-patch - dependency-name: ruff dependency-version: 0.15.18 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: ty dependency-version: 0.0.51 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: pydoclint dependency-version: 0.8.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch - dependency-name: hypothesis dependency-version: 6.155.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
The python-minor-and-patch group lifted the aiohttp cap to <3.15, pulling in aiohttp 3.14.1. aiohttp 3.14 added a required ClientResponse.stream_writer kwarg that breaks aioresponses 0.7.8 (latest), failing all 81 external/fetch tests with "ClientResponse.__init__() missing 1 required keyword-only argument: 'stream_writer'". Restore the <3.14 cap, re-pin aiohttp to 3.13.5 in the lock (all other group bumps retained), and add a Dependabot ignore for aiohttp >=3.14 so the cap isn't re-proposed each week. Lift both once aioresponses ships a 3.14-compatible release. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. ℹ️ You can also turn on project coverage checks and project coverage reporting on Pull Request comment Thanks for integrating Codecov - We've got you covered ☂️ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Supersedes #19. That Dependabot PR lifted the aiohttp cap (
<3.14→<3.15), pulling in aiohttp 3.14.1, which broke CI.Why CI failed on #19
aiohttp 3.14 added a required
ClientResponse.stream_writerkeyword-only argument. The test suite mocks HTTP via aioresponses 0.7.8 (latest), which still constructsClientResponsethe old way, so all 81 external/fetch/http/otel tests failed with:The
pyproject.tomlcomment already documented this exact cap — Dependabot bumped past the guard it was protecting.What this PR does
aiohttp>=3.9,<3.14cap inpyproject.toml.uv.lockviauv lock— all other group bumps from deps: bump the python-minor-and-patch group across 1 directory with 14 updates #19 are retained.ignoreforaiohttp >=3.14so the cap isn't re-proposed weekly.Lift the cap + drop the ignore once aioresponses ships a 3.14-compatible release.
Verification
uv run pytest tests/test_external_fetch.py tests/test_external.py→ 136 passed (these were the failing suites).🤖 Generated with Claude Code