Bump aiohttp from 3.14.0 to 3.14.1#181
Conversation
dependabot
Bot
added
dependencies
Security Vulnerability — No Patch Available Yetaieng-bot found the following security vulnerabilities reported by pip-audit, but cannot fix them automatically because no patched version has been released to PyPI yet:
Why this cannot be auto-fixedThe vulnerability exists in What aieng-bot did fixThe following tornado vulnerabilities were fixed in this update by pinning
Recommended next steps
This PR will not be auto-merged until the torch vulnerability is resolved. |
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.14.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…VE-2026-49855, GHSA-pw6j-qg29-8w7f Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>
amrit110
force-pushed
the
dependabot/uv/aiohttp-3.14.1
branch
from
e7a592a to
809a558
Compare
Regenerating the lock file from scratch pulled in transformers 5.12.1 which caused mypy errors. Restored lock from main and re-ran uv lock to only update what was needed (aiohttp 3.14.1, tornado 6.5.7). Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>
|
Automated fix applied and PR merged The agentic fix loop successfully fixed this PR and merged it. ✓ Successfully fixed merge_conflict failures - Modified 1 files - Executed 383 agent actions - (242 info, 62 tool_call, 16 error, 50 tool_result, 13 reasoning) View detailed trace on dashboard | Raw trace AI Engineering Maintenance Bot |
1 participant
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.