Bump aiohttp from 3.9.3 to 3.9.4 in /src (#287)

* Bump aiohttp from 3.9.3 to 3.9.4 in /src Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.3 to 3.9.4. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.3...v3.9.4) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Require aiohttp>=3.9.4 in requirements-dev.in --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Romaniello <aromaniello@ntia.gov>
NTIA · May 10, 2024 · 495f6d7 · 495f6d7
1 parent aea65e7
commit 495f6d7
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/requirements-dev.in b/src/requirements-dev.in
@@ -9,4 +9,4 @@ tox>=4.0,<5.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-aiohttp>=3.9.2        # CVE-2023-37276
+aiohttp>=3.9.4        # CVE-2024-30251, CVE-2024-27306
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile requirements-dev.in
 #
-aiohttp==3.9.3
+aiohttp==3.9.4
     # via
     #   -r requirements-dev.in
     #   aiohttp-cors