security: remove vulnerable Python 2 dependencies pyopenssl, pyasn1, ndg-httpsclient

ahsansheraz-bonial · claude · ahsansheraz-bonial · commit e39b279bca7d · 2026-03-24T16:27:28.000+01:00
These dependencies were only used for Python 2 SNI support (gated behind `sys.version_info < (3,)` in requests.py) and are unnecessary on Python 3, which handles SNI natively via the stdlib ssl module. Removes: - pyopenssl (CVE-2026-27459, fixed in 26.0.0) - pyasn1 (CVE-2026-30922, fixed in 0.6.3) - ndg-httpsclient (depends on both) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/pusher/requests.py b/pusher/requests.py
@@ -9,14 +9,9 @@
 from pusher.http import process_response
 
 import requests
-import sys
 import os
 
 
-if sys.version_info < (3,):
-    import urllib3.contrib.pyopenssl
-    urllib3.contrib.pyopenssl.inject_into_urllib3()
-
 CERT_PATH = os.path.dirname(os.path.abspath(__file__)) + '/cacert.pem'
 
 
diff --git a/setup.py b/setup.py
@@ -40,9 +40,6 @@
         'six',
         'requests>=2.3.0',
         'urllib3',
-        'pyopenssl',
-        'ndg-httpsclient',
-        'pyasn1',
         'pynacl'
     ],
 
