Skip to content

Commit 3afd898

Browse files
committed
fix: require aiohttp>=3.13.5 to resolve CVE-2026-22815
Durable replacement for the lockfile-only bump on production (03d6bc4): a version floor in pyproject.toml survives stlc regeneration, whereas raw uv.lock changes conflict on every rebuild.
1 parent 3cee290 commit 3afd898

2 files changed

Lines changed: 282 additions & 134 deletions

File tree

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ Homepage = "https://github.com/warpdotdev/oz-sdk-python"
4141
Repository = "https://github.com/warpdotdev/oz-sdk-python"
4242

4343
[project.optional-dependencies]
44-
aiohttp = ["aiohttp", "httpx_aiohttp>=0.1.9"]
44+
aiohttp = ["aiohttp>=3.13.5", "httpx_aiohttp>=0.1.9"]
4545

4646
[tool.uv]
4747
managed = true

0 commit comments

Comments
 (0)