From aa7dff06f8a13fab3076cf157c6ea650cff63a02 Mon Sep 17 00:00:00 2001
From: aieng-bot <aieng-bot@vectorinstitute.ai>
Date: Fri, 17 Apr 2026 17:02:58 +0000
Subject: [PATCH] chore: tighten aiohttp constraint to >=3.13.5

Update the aiohttp security constraint from >=3.13.4 to >=3.13.5 to
reflect the currently resolved version and ensure the latest security
patches are required.

Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>
---
 pyproject.toml | 2 +-
 uv.lock        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index c20361e9..2510232f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -52,7 +52,7 @@ docs = [
 [tool.uv]
 default-groups = ["dev", "docs"]
 constraint-dependencies = [
-    "aiohttp>=3.13.4",      # GHSA-p998-jp59-783m, GHSA-hcc4-c3v8-rx92, GHSA-m5qp-6w8w-w647, GHSA-3wq7-rqq7-wx6j, GHSA-mwh4-6h8g-pg8w, GHSA-966j-vmvw-g2g9, GHSA-63hf-3vf5-4wqf, GHSA-c427-h43c-vf67, GHSA-w2fm-2cpv-w7v5, GHSA-2vrm-gr82-f7m5
+    "aiohttp>=3.13.5",      # GHSA-p998-jp59-783m, GHSA-hcc4-c3v8-rx92, GHSA-m5qp-6w8w-w647, GHSA-3wq7-rqq7-wx6j, GHSA-mwh4-6h8g-pg8w, GHSA-966j-vmvw-g2g9, GHSA-63hf-3vf5-4wqf, GHSA-c427-h43c-vf67, GHSA-w2fm-2cpv-w7v5, GHSA-2vrm-gr82-f7m5
     "authlib>=1.6.11",      # GHSA-xm59-rqc7-hhvf GHSA-7gcm-g887-7qv7
     "cryptography>=46.0.7", # GHSA-m959-cc7f-wv43, GHSA-p423-j2cm-9vmq
     "pyasn1>=0.6.3",        # GHSA-jr27-m4p2-rc6r
diff --git a/uv.lock b/uv.lock
index efb5da03..93739f85 100644
--- a/uv.lock
+++ b/uv.lock
@@ -13,7 +13,7 @@ members = [
     "aieng-agents",
 ]
 constraints = [
-    { name = "aiohttp", specifier = ">=3.13.4" },
+    { name = "aiohttp", specifier = ">=3.13.5" },
     { name = "authlib", specifier = ">=1.6.11" },
     { name = "cryptography", specifier = ">=46.0.7" },
     { name = "pyasn1", specifier = ">=0.6.3" },