Avatar for the aio-libs user
aio-libs
aiohttp
BlogDocsChangelog

Performance History

Latest Results

Release v3.13.4 (#12291)
2 hours ago
[pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci
release/v3.13.4
2 hours ago
Bump sigstore/gh-action-sigstore-python from 3.2.0 to 3.3.0 (#12288)
3.14
2 hours ago
Bump sigstore/gh-action-sigstore-python from 3.2.0 to 3.3.0 (#12285)
master
2 hours ago
Bump gunicorn from 25.2.0 to 25.3.0 (#12289) Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 25.2.0 to 25.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/benoitc/gunicorn/releases">gunicorn's releases</a>.</em></p> <blockquote> <h2>Gunicorn 25.3.0</h2> <h2>Bug Fixes</h2> <ul> <li> <p><strong>HTTP/2 ASGI Body Duplication</strong>: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with &quot;Extra data&quot; messages (<a href="https://redirect.github.com/benoitc/gunicorn/issues/3558">#3558</a>)</p> </li> <li> <p><strong>ASGI Chunked EOF Handling</strong>: Add <code>finish()</code> method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk</p> </li> <li> <p><strong>HTTP/2 Documentation</strong>: Fix <code>http_protocols</code> examples to use comma-separated string instead of list syntax (<a href="https://redirect.github.com/benoitc/gunicorn/issues/3561">#3561</a>)</p> </li> <li> <p><strong>Chunked Encoding</strong>: Reject chunk extensions containing bare CR bytes per RFC 9112 (<a href="https://github.com/benoitc/gunicorn/discussions/3556">#3556</a>)</p> </li> <li> <p><strong>Request Line Limit</strong>: Fix <code>--limit-request-line 0</code> to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (<a href="https://redirect.github.com/benoitc/gunicorn/issues/3563">#3563</a>)</p> </li> </ul> <h2>Security</h2> <ul> <li><strong>ASGI Parser Header Validation</strong>: Add security checks per RFC 9110/9112: <ul> <li>Reject duplicate Content-Length headers</li> <li>Reject requests with both Content-Length and Transfer-Encoding</li> <li>Reject chunked transfer encoding in HTTP/1.0</li> <li>Reject stacked chunked encoding</li> <li>Validate Transfer-Encoding values</li> <li>Strict chunk size validation</li> </ul> </li> </ul> <h2>Changes</h2> <ul> <li> <p><strong>Fast HTTP Parser</strong>: Update to gunicorn_h1c &gt;= 0.6.3 for <code>asgi_headers</code> property and <code>InvalidChunkExtension</code> validation for bare CR rejection</p> </li> <li> <p><strong>ASGI PROXY Protocol</strong>: Add PROXY protocol v1/v2 support to callback parser</p> </li> <li> <p><strong>Docker Images</strong>: Update to Python 3.14</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/benoitc/gunicorn/commit/9bce72cfc3985aba7e0c47bf3c00fa681b2847e4"><code>9bce72c</code></a> Update changelog with missing 25.3.0 changes</li> <li><a href="https://github.com/benoitc/gunicorn/commit/2a15fdb93ab136e5776692d620852f481c89d610"><code>2a15fdb</code></a> Fix pylint isinstance-second-argument-not-valid-type warning</li> <li><a href="https://github.com/benoitc/gunicorn/commit/8d08aaa2cbd38fdfa2ca6fb94094c47b9c16730a"><code>8d08aaa</code></a> Fix --limit-request-line 0 to mean unlimited</li> <li><a href="https://github.com/benoitc/gunicorn/commit/d40a37454736e40916eb51e35895f1c22c0cd34a"><code>d40a374</code></a> Fix pytest-asyncio configuration and treq_asgi hex escapes</li> <li><a href="https://github.com/benoitc/gunicorn/commit/da8bd4850ac0f2d0df215390dad88392eb538d74"><code>da8bd48</code></a> Remove unused AsyncRequest class</li> <li><a href="https://github.com/benoitc/gunicorn/commit/b00f125755ec3f509a3e82dc5568d9f2d8bddba7"><code>b00f125</code></a> Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support</li> <li><a href="https://github.com/benoitc/gunicorn/commit/bdb2ebd5a4913fff1e92800f3763e4a879526d3e"><code>bdb2ebd</code></a> Reject chunk extensions with bare CR bytes (RFC 9112)</li> <li><a href="https://github.com/benoitc/gunicorn/commit/7057fc9f89f0ce4d9ac01a12ea2f39768fb32be6"><code>7057fc9</code></a> Fix http_protocols documentation to use string syntax</li> <li><a href="https://github.com/benoitc/gunicorn/commit/d43acb8fe0910b6669c163e2f4a439e464eab012"><code>d43acb8</code></a> Update to gunicorn_h1c &gt;= 0.6.2 for asgi_headers support</li> <li><a href="https://github.com/benoitc/gunicorn/commit/cbd27e82a238cb1326336c6aa4b8ae058e2c9ff9"><code>cbd27e8</code></a> Merge pull request <a href="https://redirect.github.com/benoitc/gunicorn/issues/3559">#3559</a> from benleembruggen/fix/http2-asgi-body-duplication</li> <li>Additional commits viewable in <a href="https://github.com/benoitc/gunicorn/compare/25.2.0...25.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gunicorn&package-manager=pip&previous-version=25.2.0&new-version=25.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
master
11 hours ago
fix: Fix zstd decompression of multi-frame responses ZstdDecompressor is one-shot-per-frame: once a frame ends, subsequent decompress() calls raise EOFError. This broke HTTP responses where the server sends multiple zstd frames (common with chunked transfer encoding). Detect frame boundaries via eof/unused_data attributes and create fresh decompressor instances for subsequent frames.
josumoreno-BP:fix/zstd-multiframe
23 hours ago
fix: Fix zstd decompression of multi-frame responses ZstdDecompressor is one-shot-per-frame: once a frame ends, subsequent decompress() calls raise EOFError. This broke HTTP responses where the server sends multiple zstd frames (common with chunked transfer encoding). Detect frame boundaries via eof/unused_data attributes and create fresh decompressor instances for subsequent frames.
josumoreno-BP:fix/zstd-multiframe
23 hours ago
Raise ConnectionResetError if transport is None (#11761) (#12283) Backport cherry picked from commit b26c9aee4cf1cb280fa771855ab7be95f1ae1d22
3.14
1 day ago

Latest Branches

CodSpeed Performance Gauge
0%
Release v3.13.4#12291
2 hours ago
274761b
release/v3.13.4
CodSpeed Performance Gauge
0%
fix: Fix zstd decompression of multi-frame responses#12290
24 hours ago
b0c4aec
josumoreno-BP:fix/zstd-multiframe
CodSpeed Performance Gauge
0%
Bump yarl from 1.22.0 to 1.23.0#12187
1 day ago
7ecba69
dependabot/pip/yarl-1.23.0
© 2026 CodSpeed Technology
Home Terms Privacy Docs