From 6adfb2968ada87e21c308d5a41d2b26bc2eb09ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Feb 2026 11:50:38 +0000
Subject: [PATCH 1/2] Bump filelock from 3.21.2 to 3.24.2 (#12078)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.21.2 to
3.24.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.24.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>📝 docs: restructure using Diataxis framework by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/489">tox-dev/filelock#489</a></li>
<li>🐛 fix(test): resolve flaky write non-starvation test by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/490">tox-dev/filelock#490</a></li>
<li>🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race
by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/491">tox-dev/filelock#491</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.24.1...3.24.2">https://github.com/tox-dev/filelock/compare/3.24.1...3.24.2</a></p>
<h2>3.24.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🐛 fix(soft): resolve Windows deadlock and test race condition by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/488">tox-dev/filelock#488</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.24.0...3.24.1">https://github.com/tox-dev/filelock/compare/3.24.0...3.24.1</a></p>
<h2>3.24.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/480">tox-dev/filelock#480</a></li>
<li>✨ feat(lock): add poll_interval to constructor by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/482">tox-dev/filelock#482</a></li>
<li>🐛 fix(win): eliminate lock file race in threaded usage by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/484">tox-dev/filelock#484</a></li>
<li>✨ feat(mode): respect POSIX default ACL inheritance by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/483">tox-dev/filelock#483</a></li>
<li>🐛 fix(api): detect same-thread self-deadlock by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/481">tox-dev/filelock#481</a></li>
<li>✨ feat(lock): add cancel_check to acquire by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/487">tox-dev/filelock#487</a></li>
<li>✨ feat(lock): add lifetime parameter for lock expiration by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/486">tox-dev/filelock#486</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.23.0...3.24.0">https://github.com/tox-dev/filelock/compare/3.23.0...3.24.0</a></p>
<h2>3.23.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>📝 docs: add fasteners to similar libraries by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/478">tox-dev/filelock#478</a></li>
<li>📝 docs: move from Unlicense to MIT by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/479">tox-dev/filelock#479</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.22.0...3.23.0">https://github.com/tox-dev/filelock/compare/3.22.0...3.23.0</a></p>
<h2>3.22.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>✨ feat(soft): detect and break stale locks by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/476">tox-dev/filelock#476</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst">filelock's
changelog</a>.</em></p>
<blockquote>
<p>###########
Changelog
###########</p>
<hr />
<p>3.24.2 (2026-02-16)</p>
<hr />
<ul>
<li>🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race
:pr:<code>491</code></li>
<li>🐛 fix(test): resolve flaky write non-starvation test
:pr:<code>490</code></li>
<li>📝 docs: restructure using Diataxis framework
:pr:<code>489</code></li>
</ul>
<hr />
<p>3.24.1 (2026-02-15)</p>
<hr />
<ul>
<li>🐛 fix(soft): resolve Windows deadlock and test race condition
:pr:<code>488</code></li>
</ul>
<hr />
<p>3.24.0 (2026-02-14)</p>
<hr />
<ul>
<li>✨ feat(lock): add lifetime parameter for lock expiration (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/68">#68</a>)
:pr:<code>486</code></li>
<li>✨ feat(lock): add cancel_check to acquire (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/309">#309</a>)
:pr:<code>487</code></li>
<li>🐛 fix(api): detect same-thread self-deadlock
:pr:<code>481</code></li>
<li>✨ feat(mode): respect POSIX default ACLs (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/378">#378</a>)
:pr:<code>483</code></li>
<li>🐛 fix(win): eliminate lock file race in threaded usage
:pr:<code>484</code></li>
<li>✨ feat(lock): add poll_interval to constructor
:pr:<code>482</code></li>
<li>🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS
:pr:<code>480</code></li>
</ul>
<hr />
<p>3.23.0 (2026-02-14)</p>
<hr />
<ul>
<li>📝 docs: move from Unlicense to MIT :pr:<code>479</code></li>
<li>📝 docs: add fasteners to similar libraries :pr:<code>478</code></li>
</ul>
<hr />
<p>3.22.0 (2026-02-14)</p>
<hr />
<ul>
<li>🐛 fix(soft): skip stale detection on Windows
:pr:<code>477</code></li>
<li>✨ feat(soft): detect and break stale locks :pr:<code>476</code></li>
</ul>
<hr />
<p>3.21.2 (2026-02-13)</p>
<hr />
<ul>
<li>🐛 fix: catch ImportError for missing sqlite3 C library
:pr:<code>475</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/filelock/commit/db3e05a5ea4dcb6fa96bad3dd033881a6dfd2014"><code>db3e05a</code></a>
Release 3.24.2</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/ab6b90e809ebd9187ee77ce09f97bd5dce102a39"><code>ab6b90e</code></a>
🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/491">#491</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/98b4ee96a46514beea08a2c90eca4ee5e1a4c5b2"><code>98b4ee9</code></a>
🐛 fix(test): resolve flaky write non-starvation test (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/490">#490</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/ef15f6bc106f197711850f18a281fd87bd7bedff"><code>ef15f6b</code></a>
📝 docs: restructure using Diataxis framework (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/489">#489</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/0b2f65ba65b3241a0d273a23bd729601e3ebe541"><code>0b2f65b</code></a>
Release 3.24.1</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/abccdba2fb1532245625139f28dabf42b31a19a3"><code>abccdba</code></a>
🐛 fix(soft): resolve Windows deadlock and test race condition (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/488">#488</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/2de9380712d41617729d1cfabab13a4684861d3f"><code>2de9380</code></a>
Release 3.24.0</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/d429e18f159ae26432579d0394b0f6cd460d9f1f"><code>d429e18</code></a>
✨ feat(lock): add lifetime parameter for lock expiration (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/68">#68</a>)
(<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/486">#486</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/6c75bf7832d0039f54dfb193ad3bd6a4bea2d94f"><code>6c75bf7</code></a>
✨ feat(lock): add cancel_check to acquire (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/309">#309</a>)
(<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/487">#487</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/fa6a27b84043e9611f551673364185a9b5d2d49f"><code>fa6a27b</code></a>
🐛 fix(api): detect same-thread self-deadlock (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/481">#481</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.21.2...3.24.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.21.2&new-version=3.24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 448d0df896a..2f83390aa74 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -69,7 +69,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.21.2
+filelock==3.24.2
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster
diff --git a/requirements/dev.txt b/requirements/dev.txt
index f5ad6cda8a9..da68c301905 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -67,7 +67,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.21.2
+filelock==3.24.2
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster
diff --git a/requirements/lint.txt b/requirements/lint.txt
index e35289588e1..a87b54907e4 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -29,7 +29,7 @@ distlib==0.4.0
     # via virtualenv
 exceptiongroup==1.3.1
     # via pytest
-filelock==3.21.2
+filelock==3.24.2
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster

From 1c472b5eb704be73178d98ec886b2da36663dc4d Mon Sep 17 00:00:00 2001
From: Varun Chawla <34209028+veeceey@users.noreply.github.com>
Date: Mon, 16 Feb 2026 07:29:00 -0800
Subject: [PATCH 2/2] Reject ClientTimeout(total=0) in v4, use None to disable
 timeouts (#12044)

---
 CHANGES/11859.bugfix.rst |  1 +
 aiohttp/client.py        |  8 ++++++++
 tests/test_connector.py  | 19 ++++++++++++++++++-
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/11859.bugfix.rst

diff --git a/CHANGES/11859.bugfix.rst b/CHANGES/11859.bugfix.rst
new file mode 100644
index 00000000000..1efb26813d7
--- /dev/null
+++ b/CHANGES/11859.bugfix.rst
@@ -0,0 +1 @@
+Removed support for ``ClientTimeout(total=0)`` to disable timeouts. Use ``None`` instead of ``0`` to disable the total timeout. Passing ``0`` now raises :exc:`ValueError` with a clear error message -- by :user:`veeceey`.
diff --git a/aiohttp/client.py b/aiohttp/client.py
index 26e67d490f2..555d5678d4d 100644
--- a/aiohttp/client.py
+++ b/aiohttp/client.py
@@ -240,6 +240,14 @@ class ClientTimeout:
     # - or use https://docs.python.org/3/library/dataclasses.html#dataclasses.replace
     # to overwrite the defaults
 
+    def __post_init__(self) -> None:
+        if self.total is not None and self.total == 0:
+            raise ValueError(
+                "total timeout must be a positive number or None to disable, "
+                "got 0. Using 0 to disable timeouts is no longer supported, "
+                "use None instead."
+            )
+
 
 # 5 Minute default read timeout
 DEFAULT_TIMEOUT: Final[ClientTimeout] = ClientTimeout(total=5 * 60, sock_connect=30)
diff --git a/tests/test_connector.py b/tests/test_connector.py
index f73862e4d4c..cb156cef86b 100644
--- a/tests/test_connector.py
+++ b/tests/test_connector.py
@@ -1492,7 +1492,7 @@ def exception_handler(loop: asyncio.AbstractEventLoop, context: object) -> None:
         )
         m_resolver().resolve.return_value = dns_response_error()
         m_resolver().close = mock.AsyncMock()
-        f = loop.create_task(conn._create_direct_connection(req, [], ClientTimeout(0)))
+        f = loop.create_task(conn._create_direct_connection(req, [], ClientTimeout()))
 
         await asyncio.sleep(0)
         f.cancel()
@@ -2654,6 +2654,23 @@ async def test_start_tls_exception_with_ssl_shutdown_timeout_nonzero_pre_311(
     underlying_transport.abort.assert_not_called()
 
 
+def test_client_timeout_total_zero_raises() -> None:
+    """Test that ClientTimeout(total=0) raises ValueError.
+
+    Related to https://github.com/aio-libs/aiohttp/issues/11859
+    Using total=0 to disable timeouts is no longer supported in v4,
+    use None instead.
+    """
+    with pytest.raises(ValueError, match="total timeout must be a positive number"):
+        ClientTimeout(total=0)
+
+
+def test_client_timeout_total_none_is_valid() -> None:
+    """Test that ClientTimeout(total=None) is still valid for disabling timeouts."""
+    timeout = ClientTimeout(total=None)
+    assert timeout.total is None
+
+
 async def test_invalid_ssl_param() -> None:
     with pytest.raises(TypeError):
         aiohttp.TCPConnector(ssl=object())  # type: ignore[arg-type]