Bump aiohttp min version to avoid CVE-2024-23829 and CVE-2024-23334 (#…

…37110)

(cherry picked from commit 0c4210a)

airflow/providers/apache/livy/provider.yaml

@@ -49,7 +49,7 @@ versions:
 dependencies:
   - apache-airflow>=2.6.0
   - apache-airflow-providers-http
-  - aiohttp
+  - aiohttp>=3.9.2
   - asgiref
 
 integrations:

airflow/providers/databricks/provider.yaml

@@ -65,7 +65,7 @@ dependencies:
   # it needs to be excluded. See https://github.com/databricks/databricks-sql-python/issues/190
   # The 2.9.1 (to be released soon) already contains the fix
   - databricks-sql-connector>=2.0.0, <3.0.0, !=2.9.0
-  - aiohttp>=3.6.3, <4
+  - aiohttp>=3.9.2, <4
 
 additional-extras:
   # pip install apache-airflow-providers-databricks[sdk]

airflow/providers/dbt/cloud/provider.yaml

@@ -49,7 +49,7 @@ dependencies:
   - apache-airflow>=2.6.0
   - apache-airflow-providers-http
   - asgiref
-  - aiohttp
+  - aiohttp>=3.9.2
 
 integrations:
   - integration-name: dbt Cloud

airflow/providers/http/provider.yaml

@@ -56,7 +56,7 @@ dependencies:
   # release it as a requirement for airflow
   - requests>=2.26.0
   - requests_toolbelt
-  - aiohttp
+  - aiohttp>=3.9.2
   - asgiref
 
 integrations:

generated/provider_dependencies.json

@@ -196,7 +196,7 @@
   },
   "apache.livy": {
     "deps": [
-      "aiohttp",
+      "aiohttp>=3.9.2",
       "apache-airflow-providers-http",
       "apache-airflow>=2.6.0",
       "asgiref"
@@ -377,7 +377,7 @@
   },
   "databricks": {
     "deps": [
-      "aiohttp>=3.6.3, <4",
+      "aiohttp>=3.9.2, <4",
       "apache-airflow-providers-common-sql>=1.10.0",
       "apache-airflow>=2.6.0",
       "databricks-sql-connector>=2.0.0, <3.0.0, !=2.9.0",
@@ -404,7 +404,7 @@
   },
   "dbt.cloud": {
     "deps": [
-      "aiohttp",
+      "aiohttp>=3.9.2",
       "apache-airflow-providers-http",
       "apache-airflow>=2.6.0",
       "asgiref"
@@ -621,7 +621,7 @@
   },
   "http": {
     "deps": [
-      "aiohttp",
+      "aiohttp>=3.9.2",
       "apache-airflow>=2.6.0",
       "asgiref",
       "requests>=2.26.0",

pyproject.toml

@@ -528,7 +528,7 @@ winrm = [
 # If you want to modify these - modify the corresponding provider.yaml instead.
 #############################################################################################################
 # START OF GENERATED DEPENDENCIES
-# Hash of dependencies: 075c71a1a959e8c8920312a25b494d3e
+# Hash of dependencies: 53a2ae7faf2f7c2af1d4b7005782f907
 airbyte = [ # source: airflow/providers/airbyte/provider.yaml
   "apache-airflow[http]",
 ]
@@ -599,7 +599,7 @@ apache-kylin = [ # source: airflow/providers/apache/kylin/provider.yaml
   "kylinpy>=2.6",
 ]
 apache-livy = [ # source: airflow/providers/apache/livy/provider.yaml
-  "aiohttp",
+  "aiohttp>=3.9.2",
   "apache-airflow[http]",
   "asgiref",
 ]
@@ -651,7 +651,7 @@ common-sql = [ # source: airflow/providers/common/sql/provider.yaml
   "sqlparse>=0.4.2",
 ]
 databricks = [ # source: airflow/providers/databricks/provider.yaml
-  "aiohttp>=3.6.3, <4",
+  "aiohttp>=3.9.2, <4",
   "apache-airflow[common_sql]",
   "databricks-sql-connector>=2.0.0, <3.0.0, !=2.9.0",
   "requests>=2.27,<3",
@@ -662,7 +662,7 @@ datadog = [ # source: airflow/providers/datadog/provider.yaml
   "datadog>=0.14.0",
 ]
 dbt-cloud = [ # source: airflow/providers/dbt/cloud/provider.yaml
-  "aiohttp",
+  "aiohttp>=3.9.2",
   "apache-airflow[http]",
   "asgiref",
 ]
@@ -762,7 +762,7 @@ hashicorp = [ # source: airflow/providers/hashicorp/provider.yaml
   "hvac>=1.1.0",
 ]
 http = [ # source: airflow/providers/http/provider.yaml
-  "aiohttp",
+  "aiohttp>=3.9.2",
   "asgiref",
   "requests>=2.26.0",
   "requests_toolbelt",