Commit 34d667e
committed
build(deps): bump aiohttp from 3.13.3 to 3.14.1 in /docs
Resolves Dependabot alert #67 (GHSA-w2fm-2cpv-w7v5 / CVE-2026-22815):
aiohttp <= 3.13.3 allows unlimited trailer headers, leading to possible
uncapped memory usage (CWE-400/CWE-770). Fixed in aiohttp 3.13.4.
aiohttp is a transitive runtime dependency pulled in only by the docs
toolchain via gremlinpython==3.7.4. Bumped to 3.14.1 (>= 3.13.4 patched).
Docs build verified with 'make test' (sphinx-build -W --keep-going).1 parent c08913b commit 34d667e
1 file changed
Lines changed: 26 additions & 20 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments