update aiohttp minimum dependency version to 3.8.0
#384
Labels
type: chore
Changes to the build process or auxiliary tools and libraries such as documentation generation
Comments
|
I cannot see the vulnerability as I don't have a pyup.io account and it is impossible to register with a gmail email address... But I suspect that the vulnerability concerns only the server part of aiohttp and not the client so that is probably not a problem for gql. |
leszekhanusz
added
the
type: chore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Aiohttp 3.8.0 adds validation of HTTP header keys and values to prevent header injection
AFFECTED VERSIONS: <3.8.0
FIXED VERSIONS: 3.8.0
more about the vulnerability: https://pyup.io/vulnerabilities/PVE-2021-42692/42692/
To Reproduce
On any poetry python project, do following commands
clone https://github.com/eccenca/cmem-plugin-graphql
- cd cmem-plugin-graphql - git checkout feature/mutationSupport-ECC-5299 - task poetry:install - task check:safetyExpected behavior
on
poetry run safety checkall safety checks should pass.System info:
gql 3.4.0 GraphQL client for Python
├── aiohttp >=3.7.1,<3.9.0
The text was updated successfully, but these errors were encountered: