fix(security): upgrade aiohttp to fix zip bomb and other CVEs

[sergioestebance]

Summary

• Upgrades aiohttp from 3.12.13 to 3.13.5 in python/uv.lock to fix multiple high-severity Dependabot alerts
• chore: add missing config files for typescript quickstart in the readme #119: HTTP Parser auto_decompress feature is vulnerable to zip bomb
• Multiple additional aiohttp CVEs (feat: add gtag #112, chore(main): release javascript 0.2.11 #120-chore(main): release javascript 0.2.13 #126, chore(main): release python 0.7.18 #252-fix: add timeout to EventBus.drain() to prevent test hangs #261)

Part of #400

Test plan

• uv lock succeeds
• CI passes

[sergioestebance]

Dependency Impact Assessment: aiohttp 3.12.13 → 3.13.5

1. WHERE IS THIS DEPENDENCY USED?

Searched the entire codebase for import aiohttp / from aiohttp:

Location	Type	Files
python/examples/test_testing_remote_agents_sse.py	Example/test	✅
python/examples/test_testing_remote_agents_streaming.py	Example/test	✅
python/examples/test_testing_remote_agents_stateful.py	Example/test	✅
python/examples/test_testing_remote_agents_json.py	Example/test	✅
docs/docs/pages/agent-integration/https.mdx	Documentation	✅
docs/docs/pages/testing-guides/blackbox-testing.mdx	Documentation	✅

⚠️ NOT imported anywhere in production code (python/scenario/). Zero hits in the core library.

2. PRODUCTION CODE IMPACT

aiohttp is NOT imported in any production code. The python/scenario/ directory has zero references to aiohttp.

However, aiohttp IS a transitive runtime dependency via litellm (confirmed in uv.lock: litellm 1.81.13 depends on aiohttp). So it IS present at runtime in production environments, but we don't call any aiohttp APIs directly from production code.

3. EXAMPLES/TESTS/DOCS USAGE

All direct usage is in examples and docs only. The APIs used are:

• aiohttp.ClientSession() — stable core API
• aiohttp.ClientTimeout(total=30) — stable core API
• aiohttp.web.Application() — stable core API
• aiohttp.web.AppRunner() — stable core API
• aiohttp.web.TCPSite() — stable core API
• aiohttp.web.Request, web.Response, web.StreamResponse — stable core API
• aiohttp.web.json_response() — stable core API

All of these are foundational aiohttp APIs that have been stable across major versions. None are deprecated or experimental.

4. VERSION JUMP SIZE

3.12.13 → 3.13.5 — This is a minor version bump (3.12 → 3.13), not a major version change.

Within the 3.x series, aiohttp maintains backward compatibility. The 3.13.x line includes security fixes (the CVEs motivating this PR) and bug fixes. No breaking API changes are expected in a minor bump.

5. PINNED VERSION COMMENTS

None found. Searched the entire codebase for comments mentioning aiohttp with version pins, constraints, or upgrade warnings. No results.

6. TRANSITIVE vs DIRECT

Transitive only. aiohttp is NOT listed in python/pyproject.toml as a direct dependency. It appears in uv.lock only because litellm depends on it.

The version bump happened because the lockfile was regenerated (likely via uv lock --upgrade-package aiohttp or a full lock refresh), pulling in the latest compatible version.

7. OTHER LOCKFILE CHANGES

This PR also bumps several other transitive dependencies in uv.lock as part of the lock refresh. Key changes include:

• aiohttp: 3.12.13 → 3.13.5 (target of this PR)
• litellm: version unchanged (1.81.13)
• Various other transitive deps updated to latest compatible versions

FINAL VERDICT: LOW RISK ✅

Classification: LOW RISK

Rationale:

• Not a direct dependency — only transitive via litellm
• Zero production code imports — no code in python/scenario/ references aiohttp
• Only used in examples/tests/docs — and only stable, core APIs (ClientSession, web.Application, etc.)
• Minor version bump (3.12 → 3.13), not a major version change
• No pinned version constraints found anywhere in the codebase
• Security-motivated — fixes CVEs including zip bomb vulnerability

Recommendation: Safe to merge once CI passes. The examples that use aiohttp should continue to work since they only use stable core APIs. If CI includes running the example tests, those will validate compatibility automatically.

[sergioestebance]

CI Status

Check	Status
Analyze (javascript-typescript)	✅ Pass
Analyze (python)	✅ Pass
Validate PR Title	✅ Pass
Semantic PR	✅ Pass
Evaluate	✅ Pass
test (3.12)	❌ Fail — flaky, unrelated to this PR

Failure Analysis

The single failure is examples/test_running_in_parallel.py::test_user_is_hungry — an LLM-based scenario test where the simulated agent "refused to provide a recipe with meat." This is not caused by our dependency bump.

Evidence this is a known flaky test:

• Main branch run 25116859800 (Apr 29): same test suite failed (test_running_in_parallel.py::test_vegetarian_recipe_agent)
• Main branch run 25102940778 (Apr 29): same test suite failed (test_running_in_parallel_with_arun.py::test_vegetarian_recipe_agent_via_arun)
• Most recent main runs (May 1): both passed — confirming intermittent/flaky behavior
• The failure is LLM non-determinism (agent behavior varies run-to-run), not a code regression

All code-related checks pass. The aiohttp example tests (test_testing_remote_agents_json, test_testing_remote_agents_sse, test_testing_remote_agents_stateful, test_testing_remote_agents_streaming) all passed, confirming compatibility with aiohttp 3.13.5.

Ready for review.

[sergioestebance]

Rebased onto latest main. No conflicts. CI re-running.

[github-actions]

Automated low-risk assessment

This PR was evaluated against the repository's Low-Risk Pull Requests procedure and does not qualify as low risk.

This PR updates third‑party dependencies (aiohttp and aiosignal) in the python/uv.lock file, changing runtime HTTP library versions and many wheel/sdist entries which can alter networking, request parsing, or other behavioral/security characteristics. Dependency upgrades are not listed as explicitly low risk and can impact authentication, integrations or business logic, so this requires a normal review and CI verification before merging.

This PR requires a manual review before merging.

[Aryansharma28]

Reviewed locally: aiohttp 3.12.13 → 3.13.5 is a minor-line bump within the 3.x stable line. Verified 468 unit tests + 207 red-team tests pass on the bumped lockfile. Consumer is litellm (the only direct user of aiohttp), and uv lock --check resolved cleanly proving litellm's pin allows 3.13. CI's full test (3.12) job (6m14s including examples) already passes. Closes multiple high-severity CVEs (#119 zip bomb + others). Pure transitive bump, no source code changes.