dependabot[bot] opened a new pull request, #1140: URL: https://github.com/apache/pulsar-site/pull/1140
Bumps [twisted](https://github.com/twisted/twisted) from 24.7.0 to 26.4.0rc2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/twisted/twisted/releases";>twisted's releases</a>.</em></p> <blockquote> <h1>Twisted 26.4.0rc2 (2026-04-29)</h1> <p>This is the last release with support for Python 3.9.</p> <h2>Security</h2> <ul> <li>twisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. Reported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (<a href="https://redirect.github.com/twisted/twisted/issues/12626";>#12626</a>)</li> </ul> <h2>Features</h2> <ul> <li>twisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (<a href="https://redirect.github.com/twisted/twisted/issues/4887";>#4887</a>)</li> <li>twisted.internet.endpoints.serverFromString now supports the <code>tls</code> endpoint type, which allows you to do <code>twist web --listen=tls:.../certbot-dir/config/live</code> pointed at a certbot live configuration directory and have your certbot certificates automatically discovered and served appropriately. (<a href="https://redirect.github.com/twisted/twisted/issues/9885";>#9885</a>)</li> <li><code>twisted.internet.reactor</code> now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (<a href="https://redirect.github.com/twisted/twisted/issues/9909";>#9909</a>)</li> <li>twisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types "<a href="mailto:[email protected]";>[email protected]</a>" and "<a href="mailto:[email protected]";>[email protected]</a>" and extracting the <code>application</code> property from these new key types. (<a href="https://redirect.github.com/twisted/twisted/issues/12212";>#12212</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>twisted.internet.mail will now return a meaningful Failure when TLS validation fails. (<a href="https://redirect.github.com/twisted/twisted/issues/10210";>#10210</a>)</li> <li>TLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (<a href="https://redirect.github.com/twisted/twisted/issues/10232";>#10232</a>)</li> <li>A potential reference cycle that might cause intermittent memory spikes while using twisted.internet.defer.inlineCallbacks was removed. (<a href="https://redirect.github.com/twisted/twisted/issues/12120";>#12120</a>)</li> <li>Trial no longer emits the error <code>RuntimeWarning: TestResult has no addDuration method</code> when running PyUnit tests. (<a href="https://redirect.github.com/twisted/twisted/issues/12229";>#12229</a>)</li> <li>twisted.python.rebuild.rebuild() now handles changes to <code>sys.modules</code> gracefully. Prior to the change, it could possibly raise a "dictionary changed size during iteration" error if the module list changed. (<a href="https://redirect.github.com/twisted/twisted/issues/12458";>#12458</a>)</li> <li>twisted.internet.protocol.ReconnectingClientFactory: Don't multiply by <code>factor</code> for initial delay, but use <code>initialDelay</code> directly. (<a href="https://redirect.github.com/twisted/twisted/issues/12478";>#12478</a>)</li> <li>twisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (<a href="https://redirect.github.com/twisted/twisted/issues/12500";>#12500</a>)</li> <li><code>twisted.internet.testing.MemoryReactor.callWhenRunning</code> now invokes the callback immediately, if already started. (<a href="https://redirect.github.com/twisted/twisted/issues/12514";>#12514</a>)</li> <li>Twisted now correctly detects EOF on OpenSSL 4. (<a href="https://redirect.github.com/twisted/twisted/issues/12632";>#12632</a>)</li> </ul> <h2>Improved Documentation</h2> <ul> <li>The example code from the documentation describing how to create a custom DNS server was updated to Python3. (<a href="https://redirect.github.com/twisted/twisted/issues/12480";>#12480</a>)</li> <li>Type annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (<a href="https://redirect.github.com/twisted/twisted/issues/12556";>#12556</a>)</li> </ul> <h2>Deprecations and Removals</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/twisted/twisted/blob/trunk/NEWS.rst";>twisted's changelog</a>.</em></p> <blockquote> <p>This file contains the release notes for Twisted.</p> <p>It only contains high-level changes that are of interest to Twisted library users. Users of Twisted should check the notes before planning an upgrade.</p> <p>Ticket numbers in this file can be looked up by visiting <a href="https://twisted.org/trac/ticket/";>https://twisted.org/trac/ticket/</a><!-- raw HTML omitted --></p> <p>.. towncrier release notes start</p> <h1>Twisted 25.5.0 (2025-06-07)</h1> <p>This is the last release with support for Python 3.8. No changes since 25.5.0.rc1.</p> <h2>Bugfixes</h2> <ul> <li>twisted.internet.runner.procmon.ProcessMonitor: startProcess() catches exceptions raised by reactor.spawnProcess() and attempts to restart the failed process. (<a href="https://redirect.github.com/twisted/twisted/issues/12421";>#12421</a>)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>twisted.trial.unittest.TestCase.deferSetUp, twisted.trial.unittest.TestCase.deferTestMethod, twisted.trial.unittest.TestCase.deferTearDown, and twisted.trial.unittest.TestCase.deferRunCleanups were removed and converted to private methods. These functions expose so much of the internal structure of TestCase that it makes the code hard to change. (<a href="https://redirect.github.com/twisted/twisted/issues/12388";>#12388</a>)</li> <li>twisted.internet.defer.waitForDeferred twisted.internet.defer.deferredGenerator have been removed. They have been deprecated since Twisted 15.0.0 (<a href="https://redirect.github.com/twisted/twisted/issues/12404";>#12404</a>)</li> <li>twisted.internet.defer.Deferred.callbacks attribute has been deprecated. (<a href="https://redirect.github.com/twisted/twisted/issues/12407";>#12407</a>)</li> </ul> <h2>Misc</h2> <ul> <li><a href="https://redirect.github.com/twisted/twisted/issues/12375";>#12375</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12383";>#12383</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12384";>#12384</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12392";>#12392</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12419";>#12419</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12434";>#12434</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12440";>#12440</a>, <a href="https://redirect.github.com/twisted/twisted/issues/12441";>#12441</a></li> </ul> <h2>Conch</h2> <p>Bugfixes</p> <pre><code> - twisted.conch.client.direct.SSHClientTransport.verifyHostKey no longer crashes with an encoding error while attempting to verify the peer's IP address. This means that the `conch` command-line tool will no longer fail host key verification with 'bad host key' when using a known hosts file containing only plaintext, rather than hashed, hostnames. ([#12414](https://github.com/twisted/twisted/issues/12414)) <h2>Web</h2> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twisted/twisted/commit/b69a0c7fabeb1f273cb45d48651c3435f85f806e";><code>b69a0c7</code></a> Update version.</li> <li><a href="https://github.com/twisted/twisted/commit/b32c6611c3ab8738f4453e245f32b105fb7f6380";><code>b32c661</code></a> Fix tag check.</li> <li><a href="https://github.com/twisted/twisted/commit/819185e068aab1f9b0f9a2a5e08aa942038733d9";><code>819185e</code></a> Fix mypy.</li> <li><a href="https://github.com/twisted/twisted/commit/290cbf54bf4caad6d7d59b7e5aa0deac38b280f2";><code>290cbf5</code></a> [pre-commit.ci] auto fixes from pre-commit.com hooks</li> <li><a href="https://github.com/twisted/twisted/commit/cb9783cbc580482395663886d31a3f3bd15fb739";><code>cb9783c</code></a> Manual updates for release notes.</li> <li><a href="https://github.com/twisted/twisted/commit/ac504cc8088734e0bcb8c9b372d52534bf9252e9";><code>ac504cc</code></a> Prepare the rellease.</li> <li><a href="https://github.com/twisted/twisted/commit/2d196123264efb0027eecfe1b430be4a9babdbd8";><code>2d19612</code></a> Merge commit from fork</li> <li><a href="https://github.com/twisted/twisted/commit/44c11c744887b623d6e02f92a341287727ea0ead";><code>44c11c7</code></a> Merge branch 'trunk' into advisory-fix-1</li> <li><a href="https://github.com/twisted/twisted/commit/9ca319ebf61386dd33354c4ade3946ef84ad58fb";><code>9ca319e</code></a> Update src/twisted/names/newsfragments/12626.bugfix</li> <li><a href="https://github.com/twisted/twisted/commit/46f0e5c656f5af5f90e7762e3729ae3a37becd42";><code>46f0e5c</code></a> <a href="https://redirect.github.com/twisted/twisted/issues/12566";>#12566</a> Revert the removal of assertEquals and assertNotEquals. (<a href="https://redirect.github.com/twisted/twisted/issues/12628";>#12628</a>)</li> <li>Additional commits viewable in <a href="https://github.com/twisted/twisted/compare/twisted-24.7.0...twisted-26.4.0rc2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/pulsar-site/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
