fix: update aiohttp to resolve CVE-2026 vulnerabilities

[dannyneira]

Summary

• Updated aiohttp in uv.lock from 3.13.3 to 3.13.5.
• Resolves the selected direct runtime aiohttp Dependabot alert batch in uv.lock.
• uv lock also refreshed the editable oz-agent-sdk package version metadata from 0.4.0 to the current pyproject.toml version, 0.13.0.

Dependabot alerts resolved

• Alert docs: add environment and config usage documentation #2: CVE-2026-22815 (moderate) — aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage
  Advisory: GHSA-w2fm-2cpv-w7v5
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/2
• Alert release: 0.1.1 #3: CVE-2026-34513 (low) — AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
  Advisory: GHSA-hcc4-c3v8-rx92
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/3
• Alert release: 0.2.0 #4: CVE-2026-34514 (low) — AIOHTTP has CRLF injection through multipart part content type header construction
  Advisory: GHSA-2vrm-gr82-f7m5
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/4
• Alert release: 0.2.1 #5: CVE-2026-34515 (moderate) — AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
  Advisory: GHSA-p998-jp59-783m
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/5
• Alert Listing tasks fails to filter on a list of states #6: CVE-2026-34516 (moderate) — AIOHTTP has a Multipart Header Size Bypass
  Advisory: GHSA-m5qp-6w8w-w647
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/6
• Alert release: 0.3.0 #7: CVE-2026-34517 (low) — AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
  Advisory: GHSA-3wq7-rqq7-wx6j
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/7
• Alert docs(dev): Add WARP.md file #8: CVE-2026-34518 (low) — AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
  Advisory: GHSA-966j-vmvw-g2g9
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/8
• Alert release: 0.4.0 #9: CVE-2026-34519 (low) — AIOHTTP has HTTP response splitting via \r in reason phrase
  Advisory: GHSA-mwh4-6h8g-pg8w
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/9
• Alert Add CLI demo app example #10: CVE-2026-34520 (low) — AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
  Advisory: GHSA-63hf-3vf5-4wqf
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/10
• Alert release: 0.5.0 #11: CVE-2026-34525 (moderate) — AIOHTTP accepts duplicate Host headers
  Advisory: GHSA-c427-h43c-vf67
  Dependabot: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/11

Verification

• uv run python -m pip check
• uv build
• ./scripts/lint
• ./scripts/test
• pip-audit -r /tmp/aiohttp-requirement.txt -f json for aiohttp==3.13.5 reported No known vulnerabilities found and aiohttp_vulnerability_count=0.

Conversation: https://staging.warp.dev/conversation/9f7f7f26-e227-4754-8733-4d2049d946e2
Run: https://oz.staging.warp.dev/runs/019e7476-c7bc-7acb-96bd-ac2f33751fa5
This PR was generated with Oz.