From d465b2ec3a7373701a9f692d10eec6f9dfccd1a1 Mon Sep 17 00:00:00 2001
From: Florian Haas <florian@cleura.com>
Date: Mon, 29 Apr 2024 12:06:43 +0200
Subject: [PATCH] Bump Twisted version requirement

Twisted 23.10.0 and later addresses a disordered pipeline response
issue (CVE-2023-46137). Update the requirements list to include it.

The compatibility issue that kept us from using Twisted releases after
23.8.0 (see eccd8a4b8b1fb8752f198508cb38e307c204e684) appears to have
been fixed in the interim; it no longer causes "tox -e
pipdeptree-requirements" to fail on Python 3.8.
---
 Changelog.md          | 1 +
 requirements/base.txt | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index 8f25c44..3013aa5 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,6 @@
 Unreleased
 -------------------------
+* [Enhancement] Update to a newer Twisted version.
 * [Enhancement] Update to a newer Paramiko version.
 
 Version 7.10.1 (2024-04-23)
diff --git a/requirements/base.txt b/requirements/base.txt
index 7361f40..94a47cc 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -20,7 +20,7 @@ tenacity>=6.2,<8
 django<=4.2.8
 channels<=4.0.0
 daphne<=4.0.0
-twisted<23.8.0 # drop this restriction once we drop Python 3.8 and 3.9 support
+twisted<24 # drop this restriction once we drop Python 3.8 and 3.9 support
 mysqlclient<=2.2.1  # keep in sync with edx-platform
 jsonfield>=3.1.0,<4   # keep in sync with edx-platform
 pyguacamole>=0.11