Bump the pip group across 1 directory with 3 updates

[dependabot[bot]]

Bumps the pip group with 3 updates in the / directory: aiohttp, cryptography and twisted.

Updates aiohttp from 3.9.5 to 3.10.2

Release notes

Sourced from aiohttp's releases.

3.10.2

Bug fixes

• Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

  Related issues and pull requests on GitHub: #8565.

• Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8597.

• Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8611.

• Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

  Related issues and pull requests on GitHub: #8632.

• Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

  There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

  Related issues and pull requests on GitHub: #8641.

• Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

  Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.2 (2024-08-08)

Bug fixes

• Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

  Related issues and pull requests on GitHub: :issue:8565.

• Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8597.

• Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8611.

• Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:8632.

• Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

  There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

  Related issues and pull requests on GitHub: :issue:8641.

• Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

... (truncated)

Commits

• 491106e Release 3.10.2 (#8655)
• ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
• 6a77806 [PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...
• 1f92213 [PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...
• 2ef14a6 [PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...
• 68e8496 [PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...
• 72f41aa [PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...
• bf83dbe [PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...
• 4815765 [PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...
• 266608d [PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)
• Additional commits viewable in compare view

Updates cryptography from 42.0.8 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20

• BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.
• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
• Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
• :func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.
• :func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.
• Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.
• Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
• Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)
• Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.
• Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
• Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.
• Added support for parsing empty DN string in

... (truncated)

Commits

• a773387 bump for 43.0.1 (#11533)
• 0393fef Backport setuptools version ban (#11526)
• 6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
• ebf14f2 bump for 43.0.0 and update changelog (#11311)
• 42788a0 Fix exchange with keys that had Q automatically computed (#11309)
• 2dbdfb8 don't assign unused name (#11310)
• ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
• 4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
• f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
• a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
• Additional commits viewable in compare view

Updates twisted from 24.3.0 to 24.7.0

Release notes

Sourced from twisted's releases.

Twisted 24.7.0 (2024-08-08)

24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) No other changes since 24.7.0.rc2

Features

• twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
• twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
• twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
• twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
• twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
• Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
• twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
• twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)

Bugfixes

• Fixed unreleased regression caused by PR #12109. (#12279)
• twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
• Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
• twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
• twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)

Improved Documentation

• The IRC server example found in the documentation was updated for readability. (#12097)
• Remove contextvars from list of optional dependencies. (#12128)
• The documentation for installing Twisted was moved into a single page. (#12145)
• The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
• Updated imap4client.py example, it no longer references Python 2. (#12252)

Deprecations and Removals

• twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)
• The twisted-iocpsupport is no longer a hard dependency on Windows. The IOCP support is now installed together with the other Windows soft dependencies via twisted[windows-platform]. (#11893)
• twisted.python.deprecate helper function will now always strip whitespaces from the docstrings. This is done to have the same behaviour as with Python 3.13. (#12063)
• twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse async argument, deprecated since 18.9.0, has been removed. (#12130)
• twisted.web.soap was removed.

... (truncated)

Changelog

Sourced from twisted's changelog.

Twisted 24.7.0 (2024-08-08)

24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) No other changes since 24.7.0.rc2

Security Advisories

• twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839)
• The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)

Features

• twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
• twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
• twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
• twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
• twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
• Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
• twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
• twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)

Bugfixes

• twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
• Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
• twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
• twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)

Improved Documentation

• The IRC server example found in the documentation was updated for readability. (#12097)
• Remove contextvars from list of optional dependencies. (#12128)
• The documentation for installing Twisted was moved into a single page. (#12145)
• The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
• Updated imap4client.py example, it no longer references Python 2. (#12252)

Deprecations and Removals

• twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)

... (truncated)

Commits

• 8cb7d2b python -m incremental.update Twisted --newversion 24.7.0
• 05b4a87 Update news.
• a30fcf6 Fix conflict.
• db61dbb tox -e towncrier
• 34dc72e python -m incremental.update Twisted --rc
• 4814526 Fix regression in CopiedFailure
• b51c186 Move securitu fixes to a separate security advisories.
• c0b035c Fix typos
• 6970f5c Fix typo.
• 6d157ca tox -e towncrier
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.