From db57cbbaf63cb4b01ad12d7c755a07445c1accff Mon Sep 17 00:00:00 2001 From: Wing Huang Date: Tue, 9 Jun 2026 02:59:16 +0800 Subject: [PATCH] security(deps): bump aiohttp to 3.14.0, anthropic to 0.87.0; pin cryptography floor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - aiohttp 3.13.4 -> 3.14.0 (messaging/slack/homeassistant/sms extras + lazy_deps platform.slack) — picks up CVE-2026-34993 (RCE via CookieJar.load deserialization) and CVE-2026-47265 (per-request cookie leak on cross-origin redirect). Both are fixed only in 3.14.0; there is no 3.13.x backport. - anthropic 0.86.0 -> 0.87.0 (anthropic extra) — CVE-2026-34450 / CVE-2026-34452. lazy_deps provider.anthropic was already 0.87.0; the extra pin had drifted back to the vulnerable 0.86.0, so this realigns it. - cryptography pinned explicitly at 46.0.7 in core deps — CVE-2026-39892, CVE-2026-34073. It only arrives transitively via PyJWT[crypto]; the explicit floor keeps the WeCom/Weixin crypto paths from drifting below the fix. uv.lock regenerated; only aiohttp / anthropic moved (cryptography already resolved to 46.0.7). Verified 3.14.0 satisfies discord.py 2.7.1 (aiohttp>=3.7.4,<4) and slack-sdk 3.40.1 (aiohttp>=3.7.3,<4). --- pyproject.toml | 13 ++++++++----- tools/lazy_deps.py | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index b1ef9062d..278c7d515 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -87,6 +87,9 @@ dependencies = [ # urllib3 2.7.0 fixes GHSA-mf9v-mfxr-j63j (decompression-bomb bypass) # and GHSA-qccp-gfcp-xxvc (header leak across origins). "urllib3>=2.7.0,<3", + # cryptography is pulled in transitively by PyJWT[crypto]; pin it explicitly + # so the WeCom/Weixin crypto paths can't drift below the CVE-fixed floor. + "cryptography==46.0.7", # CVE-2026-39892, CVE-2026-34073 # Windows has no IANA tzdata shipped with the OS, so Python's ``zoneinfo`` # (PEP 615) raises ``ZoneInfoNotFoundError`` for every non-UTC timezone # out of the box. ``tzdata`` ships the Olson database as a data package @@ -155,9 +158,9 @@ modal = ["modal==1.3.4"] daytona = ["daytona==0.155.0"] hindsight = ["hindsight-client==0.6.1"] dev = ["debugpy==1.8.20", "pytest==9.0.2", "pytest-asyncio==1.3.0", "mcp==1.26.0", "starlette==1.0.1", "ty==0.0.21", "ruff==0.15.10", "setuptools==81.0.0"] # starlette: CVE-2026-48710; setuptools: latest <82 (torch >=2.11 caps setuptools<82) -messaging = ["python-telegram-bot[webhooks]==22.6", "discord.py[voice]==2.7.1", "aiohttp==3.13.4", "brotlicffi==1.2.0.1", "slack-bolt==1.27.0", "slack-sdk==3.40.1", "qrcode==7.4.2"] # aiohttp: CVE-2026-34513/34518/34519/34520/34525 +messaging = ["python-telegram-bot[webhooks]==22.6", "discord.py[voice]==2.7.1", "aiohttp==3.14.0", "brotlicffi==1.2.0.1", "slack-bolt==1.27.0", "slack-sdk==3.40.1", "qrcode==7.4.2"] # aiohttp 3.14.0: CVE-2026-34513/34518/34519/34520/34525 + 34993(RCE)/47265 cron = [] # croniter is now a core dependency; this extra kept for back-compat -slack = ["slack-bolt==1.27.0", "slack-sdk==3.40.1", "aiohttp==3.13.4"] +slack = ["slack-bolt==1.27.0", "slack-sdk==3.40.1", "aiohttp==3.14.0"] matrix = ["mautrix[encryption]==0.21.0", "aiosqlite==0.22.1", "asyncpg==0.31.0", "aiohttp-socks==0.11.0"] # WeCom callback-mode adapter — parses untrusted XML POST bodies from # WeCom-controlled callback endpoints, so we use defusedxml (drop-in @@ -203,9 +206,9 @@ vision = [] # a vulnerable pre-1.0.1 transitive. Bump in lockstep with uv.lock. mcp = ["mcp==1.26.0", "starlette==1.0.1"] # starlette: CVE-2026-48710 nemo-relay = ["nemo-relay==0.3"] -homeassistant = ["aiohttp==3.13.4"] -sms = ["aiohttp==3.13.4"] -teams = ["microsoft-teams-apps==2.0.13.4", "aiohttp==3.13.4"] +homeassistant = ["aiohttp==3.14.0"] +sms = ["aiohttp==3.14.0"] +teams = ["microsoft-teams-apps==2.0.13.4", "aiohttp==3.14.0"] # aiohttp 3.14.0: CVE-2026-34993(RCE)/47265 + 34513/34518/34519/34520/34525 # Computer use — macOS background desktop control via cua-driver (MCP stdio). # The cua-driver binary itself is installed via `hermes tools` post-setup # (curl install script); this extra just pins the MCP client used to talk diff --git a/tools/lazy_deps.py b/tools/lazy_deps.py index 0bf3424c0..5aa25063d 100644 --- a/tools/lazy_deps.py +++ b/tools/lazy_deps.py @@ -158,7 +158,7 @@ LAZY_DEPS: dict[str, tuple[str, ...]] = { "platform.slack": ( "slack-bolt==1.27.0", "slack-sdk==3.40.1", - "aiohttp==3.13.4", # CVE-2026-34513/34518/34519/34520/34525 + "aiohttp==3.14.0", # CVE-2026-34513/34518/34519/34520/34525 + 34993(RCE)/47265 ), "platform.matrix": ( "mautrix[encryption]==0.21.0",