Bump aiohttp to CVE free version

Author: onmete

pdm.lock

@@ -91,6 +91,7 @@ description = "OpenShift Lightspeed is an AI powered assistant that runs on Open
 authors = []
 # NOTE: langchain bumps causes mypy issues
 dependencies = [
+    "aiohttp>=3.12.14",  # CVE free version
     "pdm>=2.21.0",
     "httpx>=0.27.2",
     "fastapi>=0.115.6",
@@ -111,7 +112,7 @@ dependencies = [
     "kubernetes>=30.1.0",
     "psycopg2-binary>=2.9.9",
     "azure-identity>=1.18.0",
-    "langchain-community>0.3.27",  # CVE version
+    "langchain-community>0.3.27",  # CVE free version
     "sqlalchemy>=2.0.35",
     "ibm-watsonx-ai>=1.3.6",
     "certifi>=2024.8.30",
@@ -124,7 +125,7 @@ dependencies = [
     "requests>=2.32.2",
     "transformers>=4.50.3",
     "langchain-mcp-adapters>=0.0.11",
-    "mcp>=1.10.0",  # CVEs in lower version
+    "mcp>=1.10.0",  # CVE free version
 ]
 requires-python = ">=3.11.1,<=3.12.10"
 readme = "README.md"