From 11895b575dcbabb3086fa56bbe4afa1536cc0a7f Mon Sep 17 00:00:00 2001
From: deacon-mp <mperry@mitre.org>
Date: Mon, 22 Jun 2026 13:14:46 -0400
Subject: [PATCH] build(deps): bump aiohttp 3.13.4->3.14.1 and cryptography
 46.0.7->48.0.1

Clears pip-audit findings on master: aiohttp 3.13.4 (11 CVEs, fixed in
3.14.x) and cryptography 46.0.7 (GHSA-537c-gmf6-5ccf, fixed in 48.0.1).
Target versions match the upstream Dependabot proposals
(dependabot/pip/aiohttp-3.14.1, dependabot/pip/cryptography-48.0.1).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 96c9caa98..17bd2a435 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,12 @@
 aiohttp-jinja2==1.5.1
-aiohttp==3.13.4
+aiohttp==3.14.1
 aiohttp_session==2.12.0
 aiohttp-security==0.4.0
 aiohttp-apispec==3.0.0b2
 argon2-cffi==25.1.0
 jinja2==3.1.6
 pyyaml==6.0.1
-cryptography==46.0.7
+cryptography==48.0.1
 websockets==15.0
 Sphinx==7.1.2
 sphinx_rtd_theme==1.3.0