#Okay so I looked into this, and

Do you mean it's not a problem with aiohttp?

Apparently not

Originally I thought it was on the sending part, but from what I understand google is sending us the header twice

Ok. Why is it erroring now?

Which kinda sucks, now I don't have time to dive into the full implementation of google drive integration

https://github.com/aio-libs/aiohttp/pull/12240

Did something change on the google side?

Nope, it's just that aiohttp fixed a security issue, and that's what causing this

So from what I understand, Google wouldn't be following the RFC

Ok, so it is aiohttp, but it's a valid fix.

oh lol, now I see why you misunderstood

😂

Apparently it's not a problem with aiohttp*

Are we shipping the aiohttp bump tomorrow?

Yep

It fixes more security issues, so from what I understand it's quite important

And looking at the aiohttp PR there also doesn't seem a way to disable it for a client

Is tronikos aware?

I messaged him, no response thus far

Heh, Azure Blob Storage also seems to send duplicate headers. There's linked issue in the abvove issue.

This is annoying. Google Drive is our most popular backup location integration after Cloud and Synology. 2.4 % users.

We could revert the aiohttp bump but as it has many security fixes that's not a great solution.

And it would just be a delay. We'll need to bump eventually.

Monkey patch aiohttp as a quick fix?

Could be an option.

@high warren do you have advice in this situation?

https://github.com/aio-libs/aiohttp/pull/12302

Ok, Nick is fixing it for us.

He's mentioning that he will discuss this with the others, but it might not make the release deadline

Okay, so if it doesn't make the initial release, what can we do? Like there's a chance we wake up tomorrow and there's no new aiohttp, how should we handle this

If we know it's on its way within a couple of days I think we can release with the "bug" and wait for Friday's patch release to fix it.

Otherwise we could look at a monkeypatch.

But I do see a thing where people just update to major ones and skip patch releases, so I am wondering if we should let them know

We have alerts. We would make one if we know it's a problem with the release.

Check

How does the aiohttp bump affect us?

as in, reverting that an option?

.

Not sure if that is relevant to us though

ok, but that doesn't allow for us to asses impact and risk

Nick says that those fixes can't wait

That's all the info I have for those

He also says he came to an agreement with the other maintainers, he will now wrap things up

Working on the release now

Github is not cooperating today

https://github.com/aio-libs/aiohttp/pull/12305

release workflow https://github.com/aio-libs/aiohttp/actions/runs/23818513788

Wow, still running

ok got the approvals done. its going out

testing it now https://github.com/home-assistant/core/pull/167015

ha wheels https://github.com/home-assistant/core/actions/runs/23821472362

everything is working in my production testing. marked it ready

It's already approved 🙂