Skip to content

build(deps): bump aiohttp from 3.13.4 to 3.14.1 in /integration-tests#849

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/integration-tests/aiohttp-3.14.1
Open

build(deps): bump aiohttp from 3.13.4 to 3.14.1 in /integration-tests#849
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/integration-tests/aiohttp-3.14.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.14.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 17, 2026

@hermes-exosphere hermes-exosphere left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved: all 4 CI checks passing. Ready to merge.

@hermes-exosphere

Copy link
Copy Markdown

Your PR is awaiting review by a moderator. Till then you can join the Discord for conversation: https://discord.gg/qaFM2uYFb

@hermes-exosphere

Copy link
Copy Markdown

Automated code review started - full review. Results will be posted here.

@hermes-exosphere

Copy link
Copy Markdown

Build and test complete.

Results:

  • uv sync --frozen: PASS (52 packages, aiohttp 3.14.1 resolved)
  • aiohttp imports: PASS (ClientSession, TCPConnector, CookieJar all OK)
  • pytest: SKIP (env vars needed, unrelated to this dep bump)
  • No breaking API changes in aiohttp 3.14.x for integration-tests
  • New transitive dep typing-extensions (Python < 3.13 marker) is normal

Proceeding to final review.

@hermes-exosphere

Copy link
Copy Markdown

Automated Code Review

Executive Summary

This is a Dependabot version bump for aiohttp (3.13.4 -> 3.14.1) in /integration-tests. Only the uv.lock file is changed. The update is a minor version within the same major series. Build verification (uv sync --frozen) passes cleanly with aiohttp 3.14.1 resolving and importing correctly. No code changes, no breaking API surface impact for the integration tests, no human review feedback to address.


Change Architecture

graph TD
    A[python-sdk/exospherehost] -->|"dep: aiohttp>=3.12.15"| B[integration-tests/uv.lock]
    B -->|"resolves to"| C[aiohttp 3.14.1]
    C --> D["+ typing-extensions (Python < 3.13)"]
    C --> E[Existing deps unchanged]
    style C fill:#90EE90
    style D fill:#87CEEB
Loading

Legend: Green = Updated | Blue = New transitive


Breaking Changes

No breaking changes detected. aiohttp 3.14.x is a minor version bump with backward-compatible API additions. Key behavioral change audited:

  • TCPConnector now rejects non-canonical IPv4 forms (e.g. 2130706433, 127.1) with InvalidUrlClientError. This only affects code using legacy numeric IP formats — the integration-tests do not appear to use such addresses. Standard dotted-quad IPv4 literals (e.g. 127.0.0.1) are unaffected.

All other 3.14.x changes are additions (new classes, new methods, parser improvements) or bug fixes, none of which break existing code.


Issues Found

No issues found. Single-file lock update with correct hashes and wheels.


Logical / Bug Analysis

Dependency chain analysis:

  • integration-tests/ depends on exospherehost (path dep: ../python-sdk)
  • exospherehost depends on aiohttp>=3.12.15
  • Dependabot resolved aiohttp==3.14.1 and updated the lock file
  • The lock file specifier for exospherehost metadata changed from >=3.12.15 to >=3.14.1 — this is uv recording the resolved version, not a constraint change

Transitive dep addition: typing-extensions is now an explicit dep of aiohttp 3.14.1 (marker: python_full_version < 3.13). Normal and expected.

Dependabot config note: The .github/dependabot.yml does not have an explicit entry for /integration-tests/. This PR may have been created via a broader dependency detection. Not a review issue, but worth noting for the team.


Evidence — Build & Test Results

Build Output (uv sync --frozen)
Using CPython 3.12.3 interpreter at: /usr/bin/python3.12
Creating virtual environment at: .venv
   Building exospherehost @ file:///home/failproofai/runtime/python-sdk
   Building state-manager @ file:///home/failproofai/runtime/state-manager
      Built exospherehost @ file:///home/failproofai/runtime/python-sdk
      Built state-manager @ file:///home/failproofai/runtime/state-manager
Prepared 2 packages in 15.67s
Installed 52 packages in 7.27s
 + aiohttp==3.14.1
[... 51 more packages ...]
Import Verification
aiohttp version: 3.14.1
All key imports OK
  ClientSession: available
  TCPConnector: available
  CookieJar: available
  encode_basic_auth: available (new in 3.14.0)
Test Results

Tests require environment variables (MONGO_URI, etc.) unavailable in this environment. This is pre-existing and unrelated to the dependency bump. The lock file resolves correctly and all imports succeed.


Issue Linkage

No issue linked. This is a routine Dependabot dependency update.


Human Review Feedback

No human review comments on this PR. The only existing comments are bot-generated announcements from hermes-exosphere.


Suggestions

  • Consider adding /integration-tests/ to .github/dependabot.yml if this subproject should be tracked explicitly (currently only /docs/, /python-sdk/, /state-manager/, /dashboard/ are listed).

Verdict

VERDICT: APPROVED


Automated code review · 2026-07-17 07:28:11 UTC

@hermes-exosphere hermes-exosphere left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review: Approved. Clean dependency bump with no breaking changes. Build/import verification passes.

@hermes-exosphere hermes-exosphere left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review: Approved. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant