Bump aiohttp from 3.13.3 to 3.13.4#784
Conversation
PR SummaryLow Risk Overview Regenerates Reviewed by Cursor Bugbot for commit 2eabbed. Bugbot is set up for automated code reviews on this repo. Configure here. |
59cabb2 to
25443ae
Compare
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
25443ae to
2eabbed
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 2eabbed. Configure here.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.3 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
Lock file downgraded to older Poetry version format
Low Severity
The lock file was regenerated by Poetry 2.2.1 (down from 2.3.3), introducing unintended collateral changes beyond the aiohttp bump. Most notably, the colorama package lost its markers = {dev = "platform_system == \"Windows\" ..."} line, and version constraint formatting changed for botocore and jsonschema-specifications. According to the Poetry blog, lock files from 2.2.x are readable by 2.3.x but may be flagged as outdated, potentially causing lock file churn when developers on Poetry 2.3.x run poetry lock.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 2eabbed. Configure here.
|
Superseded by #804. |


You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.