Bump aiohttp from 3.13.5 to 3.14.0 in the pip group across 1 directory

[dependabot]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Dependency-only bump affecting the async HTTP stack; review aiohttp 3.14 release notes for behavioral changes, but no direct code edits in this PR.

Overview
Bumps the aiohttp dependency from 3.13.5 to 3.14.0 by tightening pyproject.toml to >=3.14.0,<4.0.0 and refreshing poetry.lock.

The lockfile reflects aiohttp 3.14’s packaging changes: minimum Python for that package is now 3.10 (aligned with this repo), cp39 wheels are gone, and new platform wheels (e.g. win_arm64, Android/iOS) appear. Lock metadata also picks up aiohttp’s added typing_extensions dependency on Python < 3.13 and updated optional speedups markers excluding Android/iOS.

No application or test source files change; the pool HTTP server in chia-pool/server/farmer_rpc.py still depends on aiohttp only via the declared version.

^{Reviewed by Cursor Bugbot for commit 7258b08. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pypi/​aiohttp@​3.13.5 ⏵ 3.14.0	+1	+3

View full report

[coveralls]

Coverage Report for CI Build 27171389416

Coverage remained the same at 94.584%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	1663
Covered Lines:	1571
Line Coverage:	94.47%
Relevant Branches:	91
Covered Branches:	88
Branch Coverage:	96.7%
Branches in Coverage %:	Yes
Coverage Strength:	1.89 hits per line

---

💛 - Coveralls