Scheduled daily dependency update on Wednesday

[pyup-bot]

Update twisted[tls] from 19.10.0 to 20.3.0.

Changelog

20.3.0

===========================

Bugfixes
--------

- twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected. (9756)


Improved Documentation
----------------------

- Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to. (9690)
- The documentation of the twisted.cred.checkers module has been extended and corrected. (9724)


Deprecations and Removals
-------------------------

- twisted.news is deprecated. (9405)


Misc
----

- 9634, 9701, 9707, 9710, 9715, 9726, 9727, 9728, 9729, 9735, 9737, 9757


Conch
-----

Features
~~~~~~~~

- twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). (6814)
- twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8.  ckeygen has a corresponding new --private-key-subtype=v1 option. (9683)


Bugfixes
~~~~~~~~

- twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH). (9682)


Misc
~~~~

- 9760


Web
---

Bugfixes
~~~~~~~~

- Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown (9596)
- twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value". (9646)
- twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+. (9678)
- twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. (9769)
- twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. (9770)


Mail
----

Misc
~~~~

- 9733


Words
-----

Bugfixes
~~~~~~~~

- Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream (9730)


Names
-----

Bugfixes
~~~~~~~~

- twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3. (9496)

Links

• PyPI: https://pypi.org/project/twisted
• Changelog: https://pyup.io/changelogs/twisted/
• Homepage: https://twistedmatrix.com/