phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-07-24 13:19:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): Upgrade protobuf and aiohttp. Fixes CVE-2025-4565 (#2541)

Browse source 
# What does this PR do?

Fixes CVE-2025-4565 and the following warning:

```
warning: `aiohttp==3.11.13` is yanked (reason: "Regression: https://github.com/aio-libs/aiohttp/issues/10617")
```

Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
This commit is contained in:
Yuan Tang 2025-06-27 09:58:38 -04:00 committed by GitHub
parent e7eb9f9adc
commit 9baa16e498
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 46 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

4
requirements.txt
View file

@ -2,7 +2,7 @@
# uv export --frozen --no-hashes --no-emit-project --no-default-groups --output-file=requirements.txt
aiohappyeyeballs==2.5.0
# via aiohttp
aiohttp==3.11.13
aiohttp==3.12.13
# via llama-stack
aiosignal==1.3.2
# via aiohttp
@ -144,7 +144,7 @@ propcache==0.3.0
# via
# aiohttp
# yarl
protobuf==5.29.3
protobuf==5.29.5
# via
# googleapis-common-protos
# opentelemetry-proto