Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pusher/pusher-http-python
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: security/bump-python-deps
Choose a base ref
...
head repository: pusher/pusher-http-python
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 6 commits
  • 4 files changed
  • 4 contributors

Commits on Mar 19, 2026

  1. Merge pull request #250 from pusher/security/bump-python-deps 

    Bump Python 3.10+ dependencies to resolve known vulnerabilities (v3.3.4)
    @Keith-wright
    Keith-wright authored Mar 19, 2026
    Configuration menu
    Copy the full SHA
    57eee77 View commit details
    Browse the repository at this point in the history

Commits on Mar 24, 2026

  1. security: remove vulnerable Python 2 dependencies pyopenssl, pyasn1, … 

    …ndg-httpsclient

These dependencies were only used for Python 2 SNI support (gated behind
`sys.version_info < (3,)` in requests.py) and are unnecessary on Python 3,
which handles SNI natively via the stdlib ssl module.

Removes:
- pyopenssl (CVE-2026-27459, fixed in 26.0.0)
- pyasn1 (CVE-2026-30922, fixed in 0.6.3)
- ndg-httpsclient (depends on both)
    @ahsansheraz-bonial
    ahsansheraz-bonial committed Mar 24, 2026
    Configuration menu
    Copy the full SHA
    8463644 View commit details
    Browse the repository at this point in the history

  2. security: remove vulnerable Python 2 deps and drop Python 2 references 

    Remove pyopenssl (CVE-2026-27459), pyasn1 (CVE-2026-30922), and
ndg-httpsclient from install_requires. These were only needed for
Python 2 SNI support and are dead code on Python 3.

- Remove Python 2 pyopenssl injection in pusher/requests.py
- Remove 'Python :: 2' classifier from setup.py
- Update README to note Python 2 is no longer supported

Closes #252
    @ahsansheraz-bonial
    ahsansheraz-bonial committed Mar 24, 2026
    Configuration menu
    Copy the full SHA
    d2bae00 View commit details
    Browse the repository at this point in the history

Commits on Apr 3, 2026

  1. chore: consolidate dependabot security updates 

    - aiohttp 3.13.3 -> 3.13.4
- cryptography 46.0.5 -> 46.0.6 (CVE-2026-34073)
- requests 2.32.4 -> 2.33.0 (CVE-2026-25645)
    @git-wright
    git-wright committed Apr 3, 2026
    Configuration menu
    Copy the full SHA
    09a124b View commit details
    Browse the repository at this point in the history

Commits on Apr 7, 2026

  1. Merge pull request #251 from AhsanSheraz/security/remove-vulnerable-p… 

    …y2-deps

security: remove vulnerable Python 2 deps (pyopenssl, pyasn1, ndg-httpsclient)
    @aonemd
    aonemd authored Apr 7, 2026
    Configuration menu
    Copy the full SHA
    1b18c80 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #256 from pusher/chore/consolidate-dependabot-updates 

    chore: consolidate dependabot security updates
    @aonemd
    aonemd authored Apr 7, 2026
    Configuration menu
    Copy the full SHA
    bc1d69c View commit details
    Browse the repository at this point in the history
Loading