Skip to content

chore(deps): bump aiohttp version to fix cve issue #952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

chore(deps): bump aiohttp version to fix cve issue #952

wants to merge 6 commits into from

Conversation

florianvazelle
Copy link
Collaborator

@florianvazelle florianvazelle commented Sep 16, 2025
edited
Loading

Description

Bumps aiohttp from >=3.10.11,<4 to >=3.12.14,<4 to fix CVE issue.

This PR also drop support for python 3.8 that is not supported any more by aiohttp.

Issues Resolved

Resolves #945

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@florianvazelle
chore(deps): bump aiohttp version to fix cve issue
0c3c756 
Signed-off-by: florian <florian@harfanglab.fr>
@florianvazelle
chore(README): add entry
74aba95 
Signed-off-by: florian <florian@harfanglab.fr>
@florianvazelle
chore: regen poetry.lock
b05d1f8 
Signed-off-by: florian <florian@harfanglab.fr>
@florianvazelle
build: drop 3.8 support
cad6cc6 
Signed-off-by: florian <florian@harfanglab.fr>
@florianvazelle
fix: remove unused global
cefee53 
Signed-off-by: florian <florian@harfanglab.fr>
@florianvazelle florianvazelle marked this pull request as draft September 19, 2025 11:53
@florianvazelle
chore: remove type ignore
b85a3b9 
Signed-off-by: florian <florian@harfanglab.fr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@harshavamsi harshavamsi Awaiting requested review from harshavamsi harshavamsi is a code owner

@axeoman axeoman Awaiting requested review from axeoman axeoman is a code owner

@Shephalimittal Shephalimittal Awaiting requested review from Shephalimittal Shephalimittal is a code owner

@saimedhi saimedhi Awaiting requested review from saimedhi saimedhi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2025-53643 (High) detected in aiohttp-3.10.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
1 participant
@florianvazelle