From 6adfb2968ada87e21c308d5a41d2b26bc2eb09ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 11:50:38 +0000 Subject: [PATCH 1/2] Bump filelock from 3.21.2 to 3.24.2 (#12078) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.21.2 to 3.24.2.
Release notes

Sourced from filelock's releases.

3.24.2

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.24.1...3.24.2

3.24.1

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.24.0...3.24.1

3.24.0

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.23.0...3.24.0

3.23.0

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.22.0...3.23.0

3.22.0

What's Changed

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########


3.24.2 (2026-02-16)



3.24.1 (2026-02-15)



3.24.0 (2026-02-14)



3.23.0 (2026-02-14)



3.22.0 (2026-02-14)



3.21.2 (2026-02-13)


... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.21.2&new-version=3.24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 448d0df896a..2f83390aa74 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -69,7 +69,7 @@ exceptiongroup==1.3.1 # via pytest execnet==2.1.2 # via pytest-xdist -filelock==3.21.2 +filelock==3.24.2 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster diff --git a/requirements/dev.txt b/requirements/dev.txt index f5ad6cda8a9..da68c301905 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -67,7 +67,7 @@ exceptiongroup==1.3.1 # via pytest execnet==2.1.2 # via pytest-xdist -filelock==3.21.2 +filelock==3.24.2 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster diff --git a/requirements/lint.txt b/requirements/lint.txt index e35289588e1..a87b54907e4 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -29,7 +29,7 @@ distlib==0.4.0 # via virtualenv exceptiongroup==1.3.1 # via pytest -filelock==3.21.2 +filelock==3.24.2 # via virtualenv forbiddenfruit==0.1.4 # via blockbuster From 1c472b5eb704be73178d98ec886b2da36663dc4d Mon Sep 17 00:00:00 2001 From: Varun Chawla <34209028+veeceey@users.noreply.github.com> Date: Mon, 16 Feb 2026 07:29:00 -0800 Subject: [PATCH 2/2] Reject ClientTimeout(total=0) in v4, use None to disable timeouts (#12044) --- CHANGES/11859.bugfix.rst | 1 + aiohttp/client.py | 8 ++++++++ tests/test_connector.py | 19 ++++++++++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 CHANGES/11859.bugfix.rst diff --git a/CHANGES/11859.bugfix.rst b/CHANGES/11859.bugfix.rst new file mode 100644 index 00000000000..1efb26813d7 --- /dev/null +++ b/CHANGES/11859.bugfix.rst @@ -0,0 +1 @@ +Removed support for ``ClientTimeout(total=0)`` to disable timeouts. Use ``None`` instead of ``0`` to disable the total timeout. Passing ``0`` now raises :exc:`ValueError` with a clear error message -- by :user:`veeceey`. diff --git a/aiohttp/client.py b/aiohttp/client.py index 26e67d490f2..555d5678d4d 100644 --- a/aiohttp/client.py +++ b/aiohttp/client.py @@ -240,6 +240,14 @@ class ClientTimeout: # - or use https://docs.python.org/3/library/dataclasses.html#dataclasses.replace # to overwrite the defaults + def __post_init__(self) -> None: + if self.total is not None and self.total == 0: + raise ValueError( + "total timeout must be a positive number or None to disable, " + "got 0. Using 0 to disable timeouts is no longer supported, " + "use None instead." + ) + # 5 Minute default read timeout DEFAULT_TIMEOUT: Final[ClientTimeout] = ClientTimeout(total=5 * 60, sock_connect=30) diff --git a/tests/test_connector.py b/tests/test_connector.py index f73862e4d4c..cb156cef86b 100644 --- a/tests/test_connector.py +++ b/tests/test_connector.py @@ -1492,7 +1492,7 @@ def exception_handler(loop: asyncio.AbstractEventLoop, context: object) -> None: ) m_resolver().resolve.return_value = dns_response_error() m_resolver().close = mock.AsyncMock() - f = loop.create_task(conn._create_direct_connection(req, [], ClientTimeout(0))) + f = loop.create_task(conn._create_direct_connection(req, [], ClientTimeout())) await asyncio.sleep(0) f.cancel() @@ -2654,6 +2654,23 @@ async def test_start_tls_exception_with_ssl_shutdown_timeout_nonzero_pre_311( underlying_transport.abort.assert_not_called() +def test_client_timeout_total_zero_raises() -> None: + """Test that ClientTimeout(total=0) raises ValueError. + + Related to https://github.com/aio-libs/aiohttp/issues/11859 + Using total=0 to disable timeouts is no longer supported in v4, + use None instead. + """ + with pytest.raises(ValueError, match="total timeout must be a positive number"): + ClientTimeout(total=0) + + +def test_client_timeout_total_none_is_valid() -> None: + """Test that ClientTimeout(total=None) is still valid for disabling timeouts.""" + timeout = ClientTimeout(total=None) + assert timeout.total is None + + async def test_invalid_ssl_param() -> None: with pytest.raises(TypeError): aiohttp.TCPConnector(ssl=object()) # type: ignore[arg-type]