Python yarl (aiohttp) breaks URLs

The python aiohttp library uses yarl for URLs internally, and yarl normalizes URLs by default. It silently decodes some %-encoded characters in the query string that do not strictly need to be encoded.

Sounds harmless, but it isn't. Changing the URL breaks any protocol that signs important aspects of a …