chore(deps): bump aiohttp from 3.8.5 to 3.8.6

[dependabot]

Bumps aiohttp from 3.8.5 to 3.8.6.

Release notes

Sourced from aiohttp's releases.

3.8.6

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer

  Thanks to :user:kenballus for reporting this, see GHSA-pjjw-qhg8-p2p9.

  .. _llhttp: https://llhttp.org

  (#7647)

• Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer

  Thanks to :user:kenballus for reporting this, see GHSA-gfw2-4jvh-wgfg.

  (#7663)

Deprecation

• Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function.

  Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.

  (#7561)

Features

• Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer

  (#7490)

Bugfixes

• Fixed PermissionError when .netrc is unreadable due to permissions.

  (#7237)

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.8.6 (2023-10-07)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer

  Thanks to :user:kenballus for reporting this, see GHSA-pjjw-qhg8-p2p9.

  .. _llhttp: https://llhttp.org

  [#7647](https://github.com/aio-libs/aiohttp/issues/7647) <https://github.com/aio-libs/aiohttp/issues/7647>_

• Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer

  Thanks to :user:kenballus for reporting this, see GHSA-gfw2-4jvh-wgfg.

  [#7663](https://github.com/aio-libs/aiohttp/issues/7663) <https://github.com/aio-libs/aiohttp/issues/7663>_

Deprecation

• Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function.

  Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.

  [#7561](https://github.com/aio-libs/aiohttp/issues/7561) <https://github.com/aio-libs/aiohttp/issues/7561>_

Features

• Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer

  [#7490](https://github.com/aio-libs/aiohttp/issues/7490) <https://github.com/aio-libs/aiohttp/issues/7490>_

Bugfixes

• Fixed PermissionError when .netrc is unreadable due to permissions.

... (truncated)

Commits

• 996de26 Release v3.8.6 (#7668)
• 8c128d4 [PR #7651/45f98b7d backport][3.8] Fix BadStatusLine message (#7666)
• 89b7df1 Allow lax response parsing on Py parser (#7663) (#7664)
• d5c12ba [PR #7661/85713a48 backport][3.8] Update Python parser for RFCs 9110/9112 (#7...
• 8a3977a [PR #7272/b2a7983a backport][3.8] Fix Read The Docs config (#7650)
• bcc416e [PR #7647/1303350e backport][3.8] Upgrade to llhttp 9.1.3 (#7648)
• b30c0cd Remove chardet/charset-normalizer. (#7589)
• 5946c74 CookieJar - return 'best-match' and not LIFO (#7577) (#7588)
• 8c4ec62 [PR #7518/8bd42e74 backport][3.8] Fix GunicornWebWorker max_requests_jitter n...
• a0d234d Use lenient headers for response parser (#7490) (#7492)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (b979021) 95.78% compared to head (ddc1083) 95.78%.

Additional details and impacted files

@@           Coverage Diff           @@
##              dev      #98   +/-   ##
=======================================
  Coverage   95.78%   95.78%           
=======================================
  Files          24       24           
  Lines         546      546           
=======================================
  Hits          523      523           
  Misses         23       23           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.