Skip to content

fix(deps): vuln aiohttp (minor → 3.14.1) [test/integration-test]#85

Merged
xlamorlette-datadog merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pep621/integration-test/0-1781563546
Jun 16, 2026
Merged

fix(deps): vuln aiohttp (minor → 3.14.1) [test/integration-test]#85
xlamorlette-datadog merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pep621/integration-test/0-1781563546

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: Security update — 1 package upgraded (MINOR changes included)

Manifests changed:

  • test/integration-test (pep621)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
aiohttp 3.13.5 3.14.1 minor Direct 7 MEDIUM, 4 LOW

Security Details

ℹ️ Other Vulnerabilities (11)
Package CVE Severity Summary Unsafe Version Fixed In
aiohttp GHSA-hg6j-4rv6-33pg MODERATE AIOHTTP is vulnerable to cross-origin redirect with per-request cookies 3.13.5 3.14.0
aiohttp GHSA-g3cq-j2xw-wf74 MODERATE aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup 3.13.5 3.14.1
aiohttp GHSA-xcgm-r5h9-7989 MODERATE aiohttp: Incomplete websocket frame payloads bypass memory limits 3.13.5 3.14.1
aiohttp GHSA-4fvr-rgm6-gqmc MODERATE aiohttp: HTTP/1 Pipelined Requests Queue Without Limit 3.13.5 3.14.1
aiohttp GHSA-63hw-fmq6-xxg2 MODERATE aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines 3.13.5 3.14.1
aiohttp GHSA-hpj7-wq8m-9hgp MODERATE aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges 3.13.5 3.14.1
aiohttp GHSA-jg22-mg44-37j8 MODERATE AIOHTTP is Vulnerable to Deserialization of Untrusted Data 3.13.5 3.14.0
aiohttp GHSA-2fqr-mr3j-6wp8 LOW aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence 3.13.5 3.14.1
aiohttp GHSA-m6qw-4cw2-hm4m LOW aiohttp: CRLF injection in multipart headers 3.13.5 3.14.0
aiohttp GHSA-9x8q-7h8h-wcw9 LOW aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect 3.13.5 3.14.1
aiohttp GHSA-4m7w-qmgq-4wj5 LOW aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections 3.13.5 3.14.1

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-prod-us1-4

datadog-prod-us1-4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

DataDog/httpd-datadog | build-ci-image: [amd64, x86_64]   View in Datadog   GitLab

DataDog/httpd-datadog | build-ci-image: [arm64, aarch64]   View in Datadog   GitLab

ℹ️ Info

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 51.08% (+0.00%)

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 731eefe | Docs | Datadog PR Page | Give us feedback!

@xlamorlette-datadog xlamorlette-datadog marked this pull request as ready for review June 16, 2026 09:01
@xlamorlette-datadog xlamorlette-datadog requested a review from a team as a code owner June 16, 2026 09:02
@xlamorlette-datadog xlamorlette-datadog requested review from dubloom and removed request for a team June 16, 2026 09:02
@xlamorlette-datadog xlamorlette-datadog merged commit 5bd76eb into main Jun 16, 2026
5 checks passed
@xlamorlette-datadog xlamorlette-datadog deleted the engraver-auto-version-upgrade/minorpatch/pep621/integration-test/0-1781563546 branch June 16, 2026 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant