Skip to content

chore(deps): bump twisted from 24.11.0 to 26.4.0rc2 in /server#161

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/server/twisted-26.4.0rc2
Open

chore(deps): bump twisted from 24.11.0 to 26.4.0rc2 in /server#161
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/server/twisted-26.4.0rc2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited
Loading

Bumps twisted from 24.11.0 to 26.4.0rc2.

Release notes

Sourced from twisted's releases.

Twisted 26.4.0rc2 (2026-04-29)

This is the last release with support for Python 3.9.

Security

  • twisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. Reported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (#12626)

Features

  • twisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (#4887)
  • twisted.internet.endpoints.serverFromString now supports the tls endpoint type, which allows you to do twist web --listen=tls:.../certbot-dir/config/live pointed at a certbot live configuration directory and have your certbot certificates automatically discovered and served appropriately. (#9885)
  • twisted.internet.reactor now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (#9909)
  • twisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types "sk-ecdsa-sha2-nistp256@openssh.com" and "sk-ssh-ed25519@openssh.com" and extracting the application property from these new key types. (#12212)

Bugfixes

  • twisted.internet.mail will now return a meaningful Failure when TLS validation fails. (#10210)
  • TLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (#10232)
  • A potential reference cycle that might cause intermittent memory spikes while using twisted.internet.defer.inlineCallbacks was removed. (#12120)
  • Trial no longer emits the error RuntimeWarning: TestResult has no addDuration method when running PyUnit tests. (#12229)
  • twisted.python.rebuild.rebuild() now handles changes to sys.modules gracefully. Prior to the change, it could possibly raise a "dictionary changed size during iteration" error if the module list changed. (#12458)
  • twisted.internet.protocol.ReconnectingClientFactory: Don't multiply by factor for initial delay, but use initialDelay directly. (#12478)
  • twisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (#12500)
  • twisted.internet.testing.MemoryReactor.callWhenRunning now invokes the callback immediately, if already started. (#12514)
  • Twisted now correctly detects EOF on OpenSSL 4. (#12632)

Improved Documentation

  • The example code from the documentation describing how to create a custom DNS server was updated to Python3. (#12480)
  • Type annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (#12556)

Deprecations and Removals

... (truncated)

Changelog

Sourced from twisted's changelog.

This file contains the release notes for Twisted.

It only contains high-level changes that are of interest to Twisted library users. Users of Twisted should check the notes before planning an upgrade.

Ticket numbers in this file can be looked up by visiting https://twisted.org/trac/ticket/

.. towncrier release notes start

Twisted 26.4.0 (2026-05-11)

This is the last release with support for Python 3.9. No changes since 26.4.0rc2.

Security

  • twisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. Reported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (#12626)

Features

  • twisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (#4887)
  • twisted.internet.endpoints.serverFromString now supports the tls endpoint type, which allows you to do twist web --listen=tls:.../certbot-dir/config/live pointed at a certbot live configuration directory and have your certbot certificates automatically discovered and served appropriately. (#9885)
  • twisted.internet.reactor now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (#9909)
  • twisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types "sk-ecdsa-sha2-nistp256@openssh.com" and "sk-ssh-ed25519@openssh.com" and extracting the application property from these new key types. (#12212)

Bugfixes

  • twisted.mail.smtp will now return a meaningful Failure when TLS validation fails. (#10210)
  • TLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (#10232)
  • A potential reference cycle that might cause intermittent memory spikes while using twisted.internet.defer.inlineCallbacks was removed. (#12120)
  • Trial no longer emits the error RuntimeWarning: TestResult has no addDuration method when running PyUnit tests. (#12229)
  • twisted.python.rebuild.rebuild() now handles changes to sys.modules gracefully. Prior to the change, it could possibly raise a "dictionary changed size during iteration" error if the module list changed. (#12458)
  • twisted.internet.protocol.ReconnectingClientFactory: Don't multiply by factor for initial delay, but use initialDelay directly. (#12478)
  • twisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (#12500)
  • twisted.internet.testing.MemoryReactor.callWhenRunning now invokes the callback immediately, if already started. (#12514)
  • Twisted now correctly detects EOF on OpenSSL 4. (#12632)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/server/twisted-26.4.0rc2 branch from c53afe2 to 6dff5b8 Compare May 11, 2026 13:34
@dependabot
chore(deps): bump twisted from 24.11.0 to 26.4.0rc2 in /server
10c60fa 
Bumps [twisted](https://github.com/twisted/twisted) from 24.11.0 to 26.4.0rc2.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](twisted/twisted@twisted-24.11.0...twisted-26.4.0rc2)

---
updated-dependencies:
- dependency-name: twisted
  dependency-version: 26.4.0rc2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/server/twisted-26.4.0rc2 branch from 6dff5b8 to 10c60fa Compare May 13, 2026 11:57
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 13, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants