Bump twisted from 19.10.0 to 22.4.0#18

Bumps [twisted](https://github.com/twisted/twisted) from 19.10.0 to 22.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/twisted/twisted/releases">twisted's releases</a>.</em></p> <blockquote> <h1>Twisted 22.4.0 (2022-04-11)</h1> <h2>Features</h2> <ul> <li>twisted.python.failure.Failure tracebacks now capture module information, improving compatibility with the Raven Sentry client. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/7796">#7796</a>)</li> <li>twisted.python.failure.Failure objects are now compatible with dis.distb, improving compatibility with post-mortem debuggers. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/9599">#9599</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10274">#10274</a>)</li> <li>twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10317">#10317</a>)</li> </ul> <h2>Conch</h2> <p>Features</p> <pre><code> - twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) when acting as a server. The rsa-sha2-512 and rsa-sha2-256 public key signature algorithms are automatically preferred over ssh-rsa if the client advertises support for them; the actual public keys do not need to change. ([#9765](https://github.com/twisted/twisted/issues/9765)) - twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, in order to support platforms that lack OpenSSL &gt;= 1.1.1b. The new &quot;conch_nacl&quot; extra has the necessary dependency. ([#10208](https://github.com/twisted/twisted/issues/10208)) <p>Misc</p> <pre><code> - ([#10313](https://github.com/twisted/twisted/issues/10313)) Web --- Features &lt;/code&gt;&lt;/pre&gt; &lt;ul&gt; &lt;li&gt;Twisted is now compatible with h2 4.x.x. (&lt;a href=&quot;https://github-redirect.dependabot.com/twisted/twisted/issues/10182&quot;&gt;#10182&lt;/a&gt;)&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Bugfixes&lt;/p&gt; &lt;pre&gt;&lt;code&gt; - twisted.web.http had several several defects in HTTP request parsing that could permit HTTP request smuggling. It now disallows signed Content-Length headers, forbids illegal characters in chunked extensions, forbids a ``0x`` prefix to chunk lengths, and only strips spaces and horizontal tab characters from header values. These changes address CVE-2022-24801 and GHSA-c2jg-hw38-jrqq. ([#10323](https://github.com/twisted/twisted/issues/10323)) Mail ---- &amp;lt;/tr&amp;gt;&amp;lt;/table&amp;gt; &lt;/code&gt;&lt;/pre&gt; &lt;/blockquote&gt; &lt;p&gt;... (truncated)&lt;/p&gt; &lt;/details&gt; &lt;details&gt; &lt;summary&gt;Changelog&lt;/summary&gt; &lt;p&gt;&lt;em&gt;Sourced from &lt;a href=&quot;https://github.com/twisted/twisted/blob/trunk/NEWS.rst&quot;&gt;twisted's changelog&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;h1&gt;Twisted 22.4.0 (2022-04-11)&lt;/h1&gt; &lt;h2&gt;Features&lt;/h2&gt; &lt;ul&gt; &lt;li&gt;twisted.python.failure.Failure tracebacks now capture module information, improving compatibility with the Raven Sentry client. (&lt;a href=&quot;https://github-redirect.dependabot.com/twisted/twisted/issues/7796&quot;&gt;#7796&lt;/a&gt;)&lt;/li&gt; &lt;li&gt;twisted.python.failure.Failure objects are now compatible with dis.distb, improving compatibility with post-mortem debuggers. (&lt;a href=&quot;https://github-redirect.dependabot.com/twisted/twisted/issues/9599&quot;&gt;#9599&lt;/a&gt;)&lt;/li&gt; &lt;/ul&gt; &lt;h2&gt;Bugfixes&lt;/h2&gt; &lt;ul&gt; &lt;li&gt;twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations. (&lt;a href=&quot;https://github-redirect.dependabot.com/twisted/twisted/issues/10274&quot;&gt;#10274&lt;/a&gt;)&lt;/li&gt; &lt;li&gt;twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes. (&lt;a href=&quot;https://github-redirect.dependabot.com/twisted/twisted/issues/10317&quot;&gt;#10317&lt;/a&gt;)&lt;/li&gt; &lt;/ul&gt; &lt;h2&gt;Conch&lt;/h2&gt; &lt;p&gt;Features&lt;/p&gt; &lt;pre&gt;&lt;code&gt; - twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) when acting as a server. The rsa-sha2-512 and rsa-sha2-256 public key signature algorithms are automatically preferred over ssh-rsa if the client advertises support for them; the actual public keys do not need to change. ([#9765](https://github.com/twisted/twisted/issues/9765)) - twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, in order to support platforms that lack OpenSSL &amp;gt;= 1.1.1b. The new &amp;quot;conch_nacl&amp;quot; extra has the necessary dependency. ([#10208](https://github.com/twisted/twisted/issues/10208)) Misc </code></pre> <ul> <li>(<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10313">#10313</a>)</li> </ul> <h2>Web</h2> <p>Features </code></pre></p> <ul> <li>Twisted is now compatible with h2 4.x.x. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10182">#10182</a>)</li> </ul> <p>Bugfixes</p> <pre><code> - twisted.web.http had several several defects in HTTP request parsing that could permit HTTP request smuggling. It now disallows signed Content-Length headers, forbids illegal characters in chunked extensions, forbids a ``0x`` prefix to chunk lengths, and only strips spaces and horizontal tab characters from header values. These changes address CVE-2022-24801 and GHSA-c2jg-hw38-jrqq. ([#10323](https://github.com/twisted/twisted/issues/10323)) <h2>Mail</h2> <p>&lt;/tr&gt;&lt;/table&gt; </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twisted/twisted/commit/ed86633aa46970d6c9c2c1389ceae296fb6114d8"><code>ed86633</code></a> Mark as misc.</li> <li><a href="https://github.com/twisted/twisted/commit/c8946174b7e8de8dc9d3e1b71d9bdaac00e5c932"><code>c894617</code></a> Update format for release notes item.</li> <li><a href="https://github.com/twisted/twisted/commit/5c5c0460f6cfe29c0a7f2ea77c1deaac1f6f29c8"><code>5c5c046</code></a> Revert coverage reporting changes.</li> <li><a href="https://github.com/twisted/twisted/commit/682f2c3e3a4dc9b4a47eb79bf8eccd4ef6abb2da"><code>682f2c3</code></a> Manual fix the news.</li> <li><a href="https://github.com/twisted/twisted/commit/dd98e9c2cb633a08db1f323b40f7bc2f57d92bf8"><code>dd98e9c</code></a> python -m incremental.update Twisted --newversion 22.4.0</li> <li><a href="https://github.com/twisted/twisted/commit/3eabae5812bef07bc5fcab0a8ae3219898734b2d"><code>3eabae5</code></a> Fix coverage reporting as codecov v1 was removed.</li> <li><a href="https://github.com/twisted/twisted/commit/a265267c71b51a1c28248c940a663590b1cae493"><code>a265267</code></a> Update after review.</li> <li><a href="https://github.com/twisted/twisted/commit/efac92c7f15aac2686189d887ed65617afd2bc22"><code>efac92c</code></a> tox -e towncrier</li> <li><a href="https://github.com/twisted/twisted/commit/5ece2d45275238cde937510b1b6d1f1637f844fb"><code>5ece2d4</code></a> python -m incremental.update Twisted --rc</li> <li><a href="https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac"><code>592217e</code></a> Merge pull request from GHSA-c2jg-hw38-jrqq</li> <li>Additional commits viewable in <a href="https://github.com/twisted/twisted/compare/twisted-19.10.0...twisted-22.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/adorum/reality/network/alerts). </details>