aiohttp-cors dependency

[Alessandro-Barbieri]

The aiohttp-cors dependency is problematic, currently it isn't python3.8 ready but black needs it to run tests.

[hugovk]

What's the problem?

aiohttp-cors 0.7.0 is installed and used for Black's tests with Python 3.8:

• https://github.com/psf/black/runs/614035867?check_suite_focus=true

[Alessandro-Barbieri]

The problem is that aiohttp-cors is unmaintained, doesn't officially support python3.7+ and have broken tests in python3.7+

[JelleZijlstra]

What's the concrete problem here? Our tests appear to pass with 3.8 and 3.9.

[Alessandro-Barbieri]

https://twitter.com/mgorny_gentoo/status/1406910910053093382?s=19

[ichard26]

Yes we understand that using a unmaintained dependency is a bad idea, but the thing is that it will be harder to convince us to invest the effort moving blackd to an alternative when to us, it's (or seems) fine. OK, aiohttp-cors's test suite doesn't pass Python 3.7 or 3.8, etc., but is there any concrete issues for users of blackd because of aiohttp-cors?

[cooperlees]

I’m all ears for a proposal to replace it with a maintained dependency and would accept a well tested PR.

Maybe we should write an integration test for the current implementation and then move to a new dependency to ensure minimal risk of missing a key element of functionality.