Bump aiohttp from 3.12.6 to 3.12.12 (#1099)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: J. Nick Koston <[email protected]>

Author: dependabot[bot]

requirements.txt

@@ -1,5 +1,5 @@
 -e .
-aiohttp==3.12.6
+aiohttp==3.12.12
 aiomcache==0.8.2
 cryptography==45.0.4
 docker==7.1.0

tests/test_cookie_storage.py

@@ -1,5 +1,6 @@
 import json
 import time
+from http.cookies import SimpleCookie
 from typing import Any, Dict, MutableMapping, cast
 
 from aiohttp import web
@@ -99,10 +100,22 @@ async def handler(request: web.Request) -> web.StreamResponse:
     make_cookie(client, {"a": 1, "b": 2})
     resp = await client.get("/")
     assert resp.status == 200
-    assert (
-        'Set-Cookie: AIOHTTP_SESSION="{}"; '
-        "domain=127.0.0.1; httponly; Path=/".upper()
-    ) == resp.cookies["AIOHTTP_SESSION"].output().upper()
+
+    # Check the actual Set-Cookie header instead of resp.cookies
+    # which used to leak the cookie jar details back into the resp.cookies
+    set_cookie_header = resp.headers.get("Set-Cookie")
+    assert set_cookie_header is not None
+
+    # Parse the header
+    cookie = SimpleCookie()
+    cookie.load(set_cookie_header)
+    assert "AIOHTTP_SESSION" in cookie
+
+    # Verify the cookie was cleared (empty value)
+    morsel = cookie["AIOHTTP_SESSION"]
+    assert morsel.value == "{}"
+    assert morsel["path"] == "/"
+    assert morsel["httponly"] is True
 
 
 async def test_dont_save_not_requested_session(aiohttp_client: AiohttpClient) -> None: