upgrade aiohttp to 3.13.3 to prevent zip bomb DoS

rpancham · rpancham · commit 4b8169a891b4 · 2026-01-21T10:16:22.000+05:30
diff --git a/Dockerfile b/Dockerfile
@@ -31,8 +31,8 @@ ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
 RUN /caikit/.venv/bin/pip install --no-cache-dir "urllib3>=2.6.0"
 
-RUN /caikit/.venv/bin/pip install --no-cache-dir "fastapi==0.123.7" "starlette>=0.49.1,<0.51.0"
-
+RUN /caikit/.venv/bin/pip install --no-cache-dir \
+    "fastapi==0.123.7" "starlette>=0.49.1,<0.51.0" "aiohttp>=3.13.3,<4.0.0"
 RUN groupadd --system caikit --gid 1001 && \
     adduser --system --uid 1001 --gid 0 --groups caikit \
     --create-home --home-dir /caikit --shell /sbin/nologin \
