Skip to content

fix: synchronize aiohttp constraint in uv.lock#743

Merged
jonathan343 merged 1 commit into
developfrom
fix-uv-lock
Jul 17, 2026
Merged

fix: synchronize aiohttp constraint in uv.lock#743
jonathan343 merged 1 commit into
developfrom
fix-uv-lock

Conversation

@jonathan343

@jonathan343 jonathan343 commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Overview

This PR updates uv.lock to match the aiohttp constraint declared by smithy-http.

Background

Dependabot PR #710 upgraded the resolved aiohttp version to 3.14.0, but also changed the lockfile metadata constraint from >=3.11.12,<4.0 to >=3.14.0,<4.0. The source constraint in packages/smithy-http/pyproject.toml was not changed.

As a result, running make install causes uv sync to detect the stale metadata and modify uv.lock.

This has already been reported to dependabot in dependabot/dependabot-core#14937

Testing

  • Ran uv lock --check successfully.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Restore the lockfile metadata to match smithy-http's declared aiohttp
constraint. Dependabot's 3.14.0 update changed the generated minimum
version without updating pyproject.toml.
@jonathan343
jonathan343 requested a review from a team as a code owner July 17, 2026 20:03

@Alan4506 Alan4506 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks @jonathan343!

@jonathan343
jonathan343 merged commit 52a65e6 into develop Jul 17, 2026
10 checks passed
@jonathan343
jonathan343 deleted the fix-uv-lock branch July 17, 2026 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants