Please, release new version with twisted version restriction fix

[foobic]

Hey, could you please release new version with this patch ? Honestly I am asking this because of this snyk alert. I need to use twisted 23.10.0 or higher, while scrapy doesn't allow this.

Thanks.

[holymonson]

FYI, this also blocks scrapy with python-3.12 on conda, because the only twisted build with python-3.12 is 23.10.0 .

                linux_64_python3.12.____cpython: Could not solve for environment specs
The following packages are incompatible
├─ python_abi 3.12.* *_cp312 is requested and can be installed;
└─ twisted >=18.9.0,<23.8.0  is not installable because there are no viable options
   ├─ twisted [18.9.0|19.10.0|19.2.0|19.2.1|19.7.0] would require
   │  └─ python_abi * *_cp27mu, which conflicts with any installable versions previously reported;
   ├─ twisted [18.9.0|19.10.0|19.2.0|19.2.1|19.7.0] would require
   │  └─ python_abi * *_cp36m, which conflicts with any installable versions previously reported;
   ├─ twisted [18.9.0|19.10.0|19.2.0|19.2.1|19.7.0] would require
   │  └─ python_abi * *_cp37m, which conflicts with any installable versions previously reported;
   ├─ twisted [19.10.0|19.7.0] would require
   │  └─ python_abi * *_cp38, which conflicts with any installable versions previously reported;
   ├─ twisted [20.3.0|21.2.0] would require
   │  └─ python_abi 3.6 *_pypy36_pp73, which conflicts with any installable versions previously reported;
   ├─ twisted [20.3.0|21.2.0|21.7.0] would require
   │  └─ python_abi 3.6.* *_cp36m, which conflicts with any installable versions previously reported;
   ├─ twisted [20.3.0|21.2.0|...|22.8.0] would require
   │  └─ python_abi 3.7.* *_cp37m, which conflicts with any installable versions previously reported;
   ├─ twisted [20.3.0|21.2.0|...|22.4.0] would require
   │  └─ python_abi 3.7 *_pypy37_pp73, which conflicts with any installable versions previously reported;
   ├─ twisted [20.3.0|21.2.0|...|22.8.0] would require
   │  └─ python_abi 3.8.* *_cp38, which conflicts with any installable versions previously reported;
   ├─ twisted [20.3.0|21.2.0|...|22.8.0] would require
   │  └─ python_abi 3.9.* *_cp39, which conflicts with any installable versions previously reported;
   ├─ twisted [21.7.0|22.1.0|...|22.8.0] would require
   │  └─ python_abi 3.10.* *_cp310, which conflicts with any installable versions previously reported;
   └─ twisted [22.10.0|22.8.0] would require
      └─ python_abi 3.11.* *_cp311, which conflicts with any installable versions previously reported.

[wRAR]

We plan to release 2.11.1 with this change soon, but without a set date so far.

[foobic]

Hey @wRAR, any updates on this?

[wRAR]

@foobic we hope to release it early next week.

[holymonson]

@wRAR Hi, is it possible release a new version before Christmas?

[wRAR]

@holymonson hopefully!

[tom-price]

Same issue here with scrapy 2.11.0 depends on Twisted<23.8.0 and >=18.9.0. Any updates @wRAR?

[RyouMon]

Hey @wRAR, any updates on this?

[czechnology]

Hello, scrapers! Still eagerly waiting for a new version to get rid of the Twisted vulnerability.
Hope it might appear soon, thanks! 🙏

[Gallaecio]

We are working on it.

However, GHSA-xc8x-vp79-p3wm seems to be about a server issue, in which case it would not affect Scrapy.

[foobic]

Hey guys @Gallaecio @wRAR, sorry for chasing, but is there any plan to release new version with the fix this month? Thanks.

[Gallaecio]

It is in progress, but it is taking longer than expected. It could happen any day now. I would say definitely this month, but I have the same confidence I had when I thought we would have the release before 2024 😅

[Gallaecio]

2.11.1 is out! 🎉