update aiohttp
minimum dependency version to 3.8.0
#384
Labels
type: chore
Changes to the build process or auxiliary tools and libraries such as documentation generation
Describe the bug
Aiohttp 3.8.0 adds validation of HTTP header keys and values to prevent header injection
AFFECTED VERSIONS: <3.8.0
FIXED VERSIONS: 3.8.0
more about the vulnerability: https://pyup.io/vulnerabilities/PVE-2021-42692/42692/
To Reproduce
On any poetry python project, do following commands
clone https://github.com/eccenca/cmem-plugin-graphql
- cd cmem-plugin-graphql - git checkout feature/mutationSupport-ECC-5299 - task poetry:install - task check:safety
Expected behavior
on
poetry run safety check
all safety checks should pass.System info:
gql 3.4.0 GraphQL client for Python
├── aiohttp >=3.7.1,<3.9.0
The text was updated successfully, but these errors were encountered: