build: add direct dependency on yarl

[onerandomusername]

close #1459

[read-the-docs-community]

Documentation build overview

📚 disnake | 🛠️ Build #30015166 | 📁 Comparing 78817fb against latest (13d648e)

🔍 Preview build

Show files changed (48 files in total): 📝 48 modified | ➕ 0 added | ➖ 0 deleted

File	Status
index.html	📝 modified
whats_new.html	📝 modified
api/abc.html	📝 modified
api/activities.html	📝 modified
api/app_commands.html	📝 modified
api/app_info.html	📝 modified
api/audit_logs.html	📝 modified
api/automod.html	📝 modified
api/channels.html	📝 modified
api/clients.html	📝 modified
api/components.html	📝 modified
api/emoji.html	📝 modified
api/entitlements.html	📝 modified
api/events.html	📝 modified
api/exceptions.html	📝 modified
api/guild_scheduled_events.html	📝 modified
api/guilds.html	📝 modified
api/integrations.html	📝 modified
api/interactions.html	📝 modified
api/invites.html	📝 modified
api/localization.html	📝 modified
api/members.html	📝 modified
api/messages.html	📝 modified
api/misc.html	📝 modified
api/permissions.html	📝 modified
api/roles.html	📝 modified
api/skus.html	📝 modified
api/soundboard.html	📝 modified
api/stage_instances.html	📝 modified
api/stickers.html	📝 modified
api/subscriptions.html	📝 modified
api/ui.html	📝 modified
api/users.html	📝 modified
api/utilities.html	📝 modified
api/voice.html	📝 modified
api/webhooks.html	📝 modified
api/widgets.html	📝 modified
ext/tasks/index.html	📝 modified
ext/commands/api/app_commands.html	📝 modified
ext/commands/api/bots.html	📝 modified
ext/commands/api/checks.html	📝 modified
ext/commands/api/cogs.html	📝 modified
ext/commands/api/context.html	📝 modified
ext/commands/api/converters.html	📝 modified
ext/commands/api/exceptions.html	📝 modified
ext/commands/api/help_commands.html	📝 modified
ext/commands/api/misc.html	📝 modified
ext/commands/api/prefix_commands.html	📝 modified

[shiftinv]

Suggested change

	"yarl>=1.0",
	"yarl~=1.0",

Hm, I'd really prefer not to have unbounded versions in the main dependencies unless absolutely necessary; there's always a risk (even if it's a tiny risk) of something breaking from one day to the next, in which case we'd have to issue emergency bugfix releases. Even aiohttp itself has >= 1.17.0, < 2.0 bounds for yarl: https://github.com/aio-libs/aiohttp/blob/0a840daecb59264a37421e7ba37810f4d6ffc931/setup.cfg#L9C8-L9C24
We've had downstream (dev) dependency breakages before, where one of our dependencies had no upper bound on another dependency and broke as a result of it (eg. pdm and twine with importlib-metadata)

[onerandomusername]

But if we overly lock, then we need to submit emergency fixes to allow newer versions.