From 2e33c98525b3d3b067fdf01ba1b00c1227be1f2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Sep 2024 19:33:38 +0000
Subject: [PATCH 1/3] Bump aiohttp from 3.9.4 to 3.10.2 in /src

Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.4 to 3.10.2.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.4...v3.10.2)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 src/requirements-dev.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index f3f24e19..a703887a 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -4,7 +4,9 @@
 #
 #    pip-compile requirements-dev.in
 #
-aiohttp==3.9.4
+aiohappyeyeballs==2.4.0
+    # via aiohttp
+aiohttp==3.10.2
     # via
     #   -r requirements-dev.in
     #   aiohttp-cors
@@ -59,9 +61,7 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via
-    #   coverage
-    #   pytest-cov
+    # via pytest-cov
 cryptography==43.0.1
     # via -r requirements.txt
 defusedxml==0.7.1

From ac55b56e72d2e38238212826c8acc24168b71222 Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Wed, 16 Oct 2024 11:51:24 -0600
Subject: [PATCH 2/3] Update minimum aiohttp in requirements-dev.in

---
 src/requirements-dev.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/requirements-dev.in b/src/requirements-dev.in
index 8a58745a..78564503 100644
--- a/src/requirements-dev.in
+++ b/src/requirements-dev.in
@@ -9,4 +9,4 @@ tox>=4.0,<5.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-aiohttp>=3.9.4        # CVE-2024-30251, CVE-2024-27306
+aiohttp>=3.10.2       # CVE-2024-42367

From c73e55988068e6d875e983de083ad94086dd5df7 Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Wed, 16 Oct 2024 11:53:25 -0600
Subject: [PATCH 3/3] Recompile requirements

---
 src/requirements-dev.txt | 2 +-
 src/requirements.txt     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index a703887a..95dfe235 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -126,7 +126,7 @@ idna==3.7
     #   -r requirements.txt
     #   requests
     #   yarl
-importlib-resources==6.1.1
+importlib-resources==6.4.5
     # via
     #   -r requirements.txt
     #   jsonschema
diff --git a/src/requirements.txt b/src/requirements.txt
index 943a2186..36ac37e7 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -65,7 +65,7 @@ idna==3.7
     # via
     #   -r requirements.in
     #   requests
-importlib-resources==6.1.1
+importlib-resources==6.4.5
     # via
     #   jsonschema
     #   jsonschema-specifications