Hi folks! Thanks for supporting the community with this tool.
Would it be possible to update aiohttp to a version >=3.14.0
There are two known vulnerabilities with the version that checkov installs:
|
aiohttp = ">=3.8.0,<3.14.0" |
pip-audit output:
Found 2 known vulnerabilities in 1 package
Name Version ID Fix Versions
------- ------- -------------- ------------
aiohttp 3.13.5 CVE-2026-34993 3.14.0
aiohttp 3.13.5 CVE-2026-47265 3.14.0
Thanks!
Hi folks! Thanks for supporting the community with this tool.
Would it be possible to update
aiohttpto a version>=3.14.0There are two known vulnerabilities with the version that checkov installs:
checkov/Pipfile
Line 71 in 807eb13
checkov/Pipfile.lock
Line 161 in 807eb13
pip-auditoutput:Thanks!