Solve aiohttp BascicAuth depreciation#890
Conversation
|
Warning Review limit reached
Next review available in: 55 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. 📝 WalkthroughWalkthroughReplaces aiohttp BasicAuth in SmileComm with a precomputed Authorization header, updates request verb handling to use shared headers, and adjusts the aiohttp dependency plus changelog entry. ChangesAuth header refactor and metadata updates
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant Caller
participant SmileComm
participant AiohttpSession
Caller->>SmileComm: _request(method, url)
SmileComm->>SmileComm: start from _base_header
alt method is get
SmileComm->>SmileComm: add Accept-Encoding: gzip
else method is post or put
SmileComm->>SmileComm: add Content-type: text/xml
end
SmileComm->>AiohttpSession: request with headers
AiohttpSession-->>SmileComm: response
SmileComm-->>Caller: return response
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
ad52751 to
8a6a8e6
Compare
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@CHANGELOG.md`:
- Line 5: The CHANGELOG entry has an empty markdown link placeholder in the
“Solve aiohttp BasicAuth deprecation via PR” bullet, which triggers the
markdownlint no-empty-links rule. Update that bullet to use a real PR URL in the
existing link syntax so the link is no longer empty, and keep the change
localized to the changelog entry.
In `@plugwise/smilecomm.py`:
- Around line 18-24: The import in smilecomm.py depends on encode_basic_auth,
which is only available in aiohttp 3.14+, so update the package constraint to
require aiohttp >=3.14 in pyproject.toml and keep the existing import in
smilecomm.py aligned with that minimum version.
- Around line 51-53: The BasicAuth header generation in smilecomm.py changed the
wire format for non-ASCII credentials because encode_basic_auth() now uses the
default encoding. Update the _base_header initialization to explicitly pass
encoding="latin1" in the encode_basic_auth call inside the relevant SmileComm
setup so the Authorization value matches the previous behavior.
In `@pyproject.toml`:
- Line 27: The project Python floor was raised too high in the package metadata,
which will block installs on 3.13 while CI still supports it. Update the
requires-python setting in pyproject.toml to keep the minimum below 3.14,
aligned with the current pytest matrix and the aiohttp/auth change; verify the
package metadata still matches the supported versions.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 7965db2a-0258-47f4-8e34-546382c39785
📒 Files selected for processing (3)
CHANGELOG.mdplugwise/smilecomm.pypyproject.toml
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #890 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 21 21
Lines 3484 3484
=========================================
Hits 3484 3484 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
fd pyproject.toml
cat pyproject.tomlLength of output: 18740
✏️ Learnings added
|
| dependencies = [ | ||
| "aiofiles", | ||
| "aiohttp", | ||
| "aiohttp>=3.14", |
There was a problem hiding this comment.
We should figure out where (if any) this comes from, I've purposely did not set the specific version to ingest whatever we get from the core package constraints and requirements. As core specifies ==3.14.1
There was a problem hiding this comment.
The BasicAuth depreciation is solved by using the encode_basic_auth() function, which is introduced in aiohttp version 3.14.0, see https://github.com/aio-libs/aiohttp/releases/tag/v3.14.0
There was a problem hiding this comment.
Which is appropriately set through our setup scripts from https://github.com/home-assistant/core/blob/d6fe80d208b2dc96a34447fc749b31f4d249fdd2/homeassistant/package_constraints.txt#L9 so while we could >= it we shouldn't necessarily have to but we can surely add it here, we just need to make sure that we update it ourselves whenever core moves
|



Summary by CodeRabbit
Bug Fixes
Chores