From 495f6d75ad91f0f6aefbf777adbbf9bf661e35a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 May 2024 08:11:15 -0600
Subject: [PATCH] Bump aiohttp from 3.9.3 to 3.9.4 in /src (#287)

* Bump aiohttp from 3.9.3 to 3.9.4 in /src

Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.3 to 3.9.4.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.3...v3.9.4)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Require aiohttp>=3.9.4 in requirements-dev.in

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Romaniello <aromaniello@ntia.gov>
---
 src/requirements-dev.in  | 2 +-
 src/requirements-dev.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.in b/src/requirements-dev.in
index 8fe2d167..8a58745a 100644
--- a/src/requirements-dev.in
+++ b/src/requirements-dev.in
@@ -9,4 +9,4 @@ tox>=4.0,<5.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-aiohttp>=3.9.2        # CVE-2023-37276
+aiohttp>=3.9.4        # CVE-2024-30251, CVE-2024-27306
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 0166e5e2..77d73007 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile requirements-dev.in
 #
-aiohttp==3.9.3
+aiohttp==3.9.4
     # via
     #   -r requirements-dev.in
     #   aiohttp-cors