Bump Twisted version requirement

Twisted 23.10.0 and later addresses a disordered pipeline response issue (CVE-2023-46137). Update the requirements list to include it. The compatibility issue that kept us from using Twisted releases after 23.8.0 (see eccd8a4) appears to have been fixed in the interim; it no longer causes "tox -e pipdeptree-requirements" to fail on Python 3.8.
fghaas · Apr 29, 2024 · d465b2e · d465b2e
1 parent 9d477f9
commit d465b2e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,6 @@
 Unreleased
 -------------------------
+* [Enhancement] Update to a newer Twisted version.
 * [Enhancement] Update to a newer Paramiko version.
 
 Version 7.10.1 (2024-04-23)

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -20,7 +20,7 @@ tenacity>=6.2,<8
 django<=4.2.8
 channels<=4.0.0
 daphne<=4.0.0
-twisted<23.8.0 # drop this restriction once we drop Python 3.8 and 3.9 support
+twisted<24 # drop this restriction once we drop Python 3.8 and 3.9 support
 mysqlclient<=2.2.1  # keep in sync with edx-platform
 jsonfield>=3.1.0,<4   # keep in sync with edx-platform
 pyguacamole>=0.11