Bump aiohttp to 3.13.5 and ibroadcastaio to 0.6.0

[staticdev]

Closes music-assistant/support#5249

@marcelveldt @MarvinSchenkel it seems there is an issue with current version of aiohttp that was fixed in https://github.com/aio-libs/aiohttp/releases/tag/v3.13.5 that is causing the authentication issue some users are experiencing.

Note: it was required to bump ibroadcastaio since it was pinning to aiohttp 3.13.4.

[github-actions]

🔒 Dependency Security Report

📦 Modified Dependencies

music_assistant/providers/ibroadcast/manifest.json

Added:

• ✅ ibroadcastaio ==0.6.0

Removed:

• ❌ ibroadcastaio ==0.5.0

The following dependencies were added or modified:

diff --git a/requirements_all.txt b/requirements_all.txt
index 4afe4bb5..ba714854 100644
--- a/requirements_all.txt
+++ b/requirements_all.txt
@@ -6,7 +6,7 @@ Brotli>=1.0.9
 aioaudiobookshelf==0.1.20
 aiodns>=3.2.0
 aiofiles==24.1.0
-aiohttp==3.13.4
+aiohttp==3.13.5
 aiohttp_asyncmdnsresolver==0.1.1
 aiohttp-fast-zlib==0.3.0
 aiohttp-socks==0.11.0
@@ -38,7 +38,7 @@ duration-parser==1.0.1
 getmac==0.9.5
 gql[all]==4.0.0
 hass-client==1.2.3
-ibroadcastaio==0.5.0
+ibroadcastaio==0.6.0
 ifaddr==0.2.0
 liblistenbrainz==0.7.0
 librosa==0.11.0

New/modified packages to review:

• aiohttp==3.13.5
• ibroadcastaio==0.6.0

---

🔍 Vulnerability Scan Results

ERROR:pip_audit._virtual_env:internal pip failure: ERROR: Ignored the following versions that require a different python version: 0.10.0 Requires-Python >=3.10,<3.13; 0.9.0 Requires-Python >=3.8,<3.12; 0.9.1 Requires-Python >=3.8,<3.12
ERROR: Could not find a version that satisfies the requirement audible==0.10.0 (from versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6.0, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2)
ERROR: No matching distribution found for audible==0.10.0

ERROR:pip_audit._cli:Failed to install packages: ['/tmp/tmpgwu7tpqd/bin/python', '-m', 'pip', 'install', '--no-input', '--keyring-provider=subprocess', '--dry-run', '--report', '/tmp/tmp2y4efiuo/tmph431zft9', '-r', 'requirements_all.txt']

⚠️ Vulnerabilities detected! Please review the findings above.

---

Automated Security Checks

• ❌ Vulnerability Scan: Failed - Known vulnerabilities detected
• ✅ Trusted Sources: All packages have verified source repositories
• ✅ Typosquatting Check: No suspicious package names detected
• ✅ License Compatibility: All licenses are OSI-approved and compatible
• ✅ Supply Chain Risk: Passed - packages appear mature and maintained

Manual Review

Maintainer approval required:

• I have reviewed the changes above and approve these dependency updates

To approve: Comment /approve-dependencies or manually add the dependencies-reviewed label.

[MarvinSchenkel]

@robsonke Looks like you have an == pin in ibroadcastaio that is blocking this PR. Could you relax the version pin and push an update for this please?

[staticdev]

@MarvinSchenkel it anyway did not work since ibroadcastio is forcing version 3.13.4 here.

[robsonke]

Oops, I took the current version of MA to not get conflicts. Checking.
Edit: changed it to ^2.13.5 now. Can you include the change to 0.6.0 in this pr or shall I create a separate one? @staticdev

[staticdev]

Thanks @robsonke, it is already fixed in this PR.

Now we have a problem with audible
ERROR: Ignored the following versions that require a different python version: 0.10.0 Requires-Python >=3.10,<3.13; 0.9.0 Requires-Python >=3.8,<3.12; 0.9.1 Requires-Python >=3.8,<3.12
Indeed latest audible support up to Python 3.12 https://pypi.org/project/audible/0.10.0/
@MarvinSchenkel, not sure how to proceed here.