fix: dev to main - Update aiohttp version to 3.14.1 in requirements files

[Pavan1-Microsoft]

Purpose

This pull request updates various dependencies across Python and JavaScript projects to address bug fixes, security patches, and compatibility improvements. The main focus is on upgrading library versions in requirements and lock files to keep the codebase up-to-date and stable.

Dependency updates:

Python dependency updates:

• Upgraded aiohttp from 3.14.0 to 3.14.1 in both infra/scripts/agent_scripts/requirements.txt and src/api/requirements.txt for improved stability and bug fixes. [1] [2]
• Updated pypdf from 6.12.0 to 6.13.3 in infra/scripts/index_scripts/requirements.txt for the latest features and bug fixes.

JavaScript dependency updates (package-lock.json):

• Upgraded multiple Babel packages (e.g., @babel/core, @babel/generator, @babel/types, etc.) from 7.29.x to 7.29.7 for improved parsing, transformation, and compatibility. [1] [2] [3] [4] [5] [6] [7]
• Updated browser compatibility and build tools packages:
  • baseline-browser-mapping to 2.10.38,
  • browserslist to 4.28.2,
  • caniuse-lite to 1.0.30001799,
  • electron-to-chromium to 1.5.376,
  • node-releases to 2.0.48,
  • vite to 6.4.3.
    These updates ensure support for the latest browser versions and improved build performance. [1] [2] [3] [4] [5] [6] [7]
• Adjusted the placement of the semver dependency in the lock file to reflect the new dependency tree.

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
src/api/services
chat_service.py	176	12	93%	66–67, 238–241, 245, 248, 259–260, 280–281
src/api/services/_patches
agent_framework_search_citations.py	87	64	26%	54–55, 59, 63, 69, 74, 79, 83–84, 89–97, 99–113, 118, 122–132, 135–136, 141–150, 156–161, 163
TOTAL	1404	216	84%

Tests	Skipped	Failures	Errors	Time
163	0 💤	0 ❌	0 🔥	5.084s ⏱️

[Copilot]

Pull request overview

This pull request updates pinned dependency versions across the Python backend/scripts and the frontend’s npm lockfile to pick up patch-level fixes and updated transitive dependency metadata.

Changes:

• Bumps aiohttp from 3.14.0 to 3.14.1 in src/api/requirements.txt and infra/scripts/agent_scripts/requirements.txt.
• Bumps pypdf from 6.12.0 to 6.13.3 in infra/scripts/index_scripts/requirements.txt.
• Updates src/App/package-lock.json with newer resolved versions for several Babel-related packages, browser-compat tooling packages, and vite (plus related dependency tree adjustments such as semver placement).

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
src/App/package-lock.json	Updates JS dependency resolutions/metadata to newer patch versions (Babel ecosystem, browserslist/caniuse data, vite) and reflects the updated dependency tree.
src/api/requirements.txt	Pins aiohttp to 3.14.1 for the API’s Python dependencies.
infra/scripts/index_scripts/requirements.txt	Pins pypdf to 6.13.3 for indexing scripts.
infra/scripts/agent_scripts/requirements.txt	Pins aiohttp to 3.14.1 for agent scripts.

Files not reviewed (1)

• src/App/package-lock.json: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Files not reviewed (1)

• src/App/package-lock.json: Generated file