Push new release to pypi

[bannsec]

🐣 Is your feature request related to a problem? Please describe.

Yes. When attempting to build a discord.py application today, i've discovered aiohttp is causing a dependency issue which is causing my bot to not work anymore.

pkg_resources.ContextualVersionConflict: (chardet 4.0.0 (/home/bot/bot_venv/lib/python3.6/site-packages), Requirement.parse('chardet<4.0,>=2.0'), {'aiohttp'})

💡 Describe the solution you'd like

it appears this was fixed in master about 12 days ago. However, i need that change in pypi for my bot to build.

❓ Describe alternatives you've considered

📋 Additional context

[Herklos]

We have the same issue as @bannsec at https://github.com/Drakkar-Software/OctoBot.

[Dreamsorcerer]

I can see this is already fixed in 3.8, so you're just waiting for the next release to be made.

[RhinosF1]

I can see this is already fixed in 3.8, so you're just waiting for the next release to be made.

Is there any timeline for this?

Came here as Chardet is flagged up as an outdated package for us and this is the only thing I can see blocking it.

[Herklos]

Is there a schedule for the release @webknjaz ? Thanks !

[shauneccles]

Bump, lots of issues now, a release would be spectacular.

[asvetlov]

This issue has been mentioned on aio-libs. There might be relevant details there:

https://aio-libs.discourse.group/t/aiohttp-3-8-realse/191/1

[webknjaz]

There's no formal release schedule but I will try to look into it over the weekend.

[codingHahn]

Thank you very much for your reponse. Funkwhale currently has an encoding bug with podcasts which is tracked here: https://dev.funkwhale.audio/funkwhale/funkwhale/-/issues/1299 . A release would be much appreciated.

[georgkrause]

Hello, I am currently planning a release for Funkwhale and the issue linked in the previous comment is one of our last issues. Do you already have a schedule for the next release?

[webknjaz]

I had to make a security release in the 3.7 stream so I piggy-backed a #5333 backport on top of it and it should be available in v3.7.4.

[Dreamsorcerer]

@webknjaz There are other bugs, including the high-priority #5233. Is it worth me backporting some fixes into the 3.7 branch ready for another minor patch release? Or do you think we'll get 3.8 released soon?

[webknjaz]

@Dreamsorcerer 3.7 stream is supposed to be closed. The only reason I released 3.7.4 was a CVE and that the branch of 3.8 is in a bad shape (I haven't compared even the features it has with 3.7). It would require a lot more mental capacity and time to release 3.8. Also, it's hard to support many release streams.

First thing to do is to make the CI green because the release process won't get through if testing fails. Then, somebody needs to look at the diff and try to assess whether there's no obvious problems + look at the changelog.

[lociii]

I had to make a security release in the 3.7 stream so I piggy-backed a #5333 backport on top of it and it should be available in v3.7.4.

3.7.4 is still forcing chardet < 4.0
chardet>=2.0,<4.0

[webknjaz]

Ouch... Looks like only a part of that patch got backported (4ed7c25) and I did not verify it separately because the release was security-focused. Maybe this happened because of the rebases I had to do due to the bug that prevented the release. Sorry about that!

[georgkrause]

Can we reopen this issue in this case, please?

[TrueBrain]

As you made us so happy with the suggestion it might be fixed in 3.7.4, any chance you can throw in a quick 3.7.5 to fix it? :D

(honestly, I fully understand if you cannot, and it really is okay; it just means a bit more work on my side every month to keep chardet back in version; not the biggest problem in the world :D But I had to ask ;) ).

[webknjaz]

@TrueBrain I've had a minute to make the post-release @ https://pypi.org/project/aiohttp/3.7.4.post0/ — enjoy!

[TrueBrain]

How absolutely awesome, thank you so much for that :D You rule :D