Bump Python 3.10+ dependencies to resolve known vulnerabilities (v3.3.4)

- cryptography: 41.0.0 -> 46.0.5
- requests: 2.27.1 -> 2.32.4
- urllib3: 1.26.9 -> 2.6.3 (major version bump, tested compatible)
- aiohttp: 3.8.1 -> 3.13.3
- pynacl: 1.5.0 -> 1.6.2
- Updated transitive deps: aiosignal, async-timeout, attrs, certifi,
  charset-normalizer, frozenlist, idna, multidict, propcache, pycparser,
  six, yarl

Python < 3.10 pinned versions unchanged.

Author: git-wright

CHANGELOG.md

@@ -1,12 +1,16 @@
 # Changelog
 
+## 3.3.4
+
+- [FIXED] Bump Python 3.10+ dependencies to resolve known vulnerabilities: cryptography (41.0.0 → 46.0.5), requests (2.27.1 → 2.32.4), urllib3 (1.26.9 → 2.6.3), aiohttp (3.8.1 → 3.13.3), pynacl (1.5.0 → 1.6.2)
+
 ## 3.3.2
 
-- [CHANGED] Utilities no longer escape non ascii characters. 
+- [CHANGED] Utilities no longer escape non ascii characters. 
 
 ## 3.3.1
 
-- [ADDED] Allow Client to accept float as a timeout
+- [ADDED] Allow Client to accept float as a timeout
 - [CHANGED] the maximum event payload size permitted by this library has been increased. This change affects the library only: the Channels API still maintains a 10kb size limit and will return an error if the payload is too large.
 
 ## 3.3.0

pusher/version.py

@@ -1,2 +1,2 @@
 # Don't change the format of this line: the version is extracted by ../setup.py
-VERSION = '3.3.3'
+VERSION = '3.3.4'

requirements.txt

@@ -16,30 +16,31 @@ pyOpenSSL==19.0.0; python_version < '3.10'
 requests==2.22.0; python_version < '3.10'
 six==1.12.0; python_version < '3.10'
 urllib3==1.25.9; python_version < '3.10'
-aiohttp==3.5.4; python_version >= '3.5' and python_version < '3.10'
-aiohttp==3.8.1; python_version >= '3.10'
-aiosignal==1.2.0; python_version >= '3.10'
+aiohappyeyeballs==2.6.1; python_version >= '3.10'
+aiohttp==3.13.3; python_version >= '3.10'
+aiosignal==1.4.0; python_version >= '3.10'
 async-timeout==3.0.1; python_version >= '3.5' and python_version < '3.10'
-async-timeout==4.0.2; python_version >= '3.10'
+async-timeout==5.0.1; python_version >= '3.10'
 attrs==19.1.0; python_version >= '3.5' and python_version < '3.10'
-attrs==21.4.0; python_version >= '3.10'
-certifi==2021.10.8; python_version >= '3.10'
-charset-normalizer==2.0.12; python_version >= '3.10'
-cryptography==41.0.0; python_version >= '3.10'
-frozenlist==1.3.0; python_version >= '3.10'
+attrs==25.4.0; python_version >= '3.10'
+certifi==2026.2.25; python_version >= '3.10'
+charset-normalizer==3.4.6; python_version >= '3.10'
+cryptography==46.0.5; python_version >= '3.10'
+frozenlist==1.8.0; python_version >= '3.10'
 httpretty==1.1.4; python_version >= '3.10'
 idna-ssl==1.1.0; python_version >= '3.5' and python_version < '3.7'
-idna==3.3; python_version >= '3.10'
+idna==3.11; python_version >= '3.10'
 multidict==4.5.2; python_version >= '3.5' and python_version < '3.10'
-multidict==6.0.2; python_version >= '3.10'
+multidict==6.7.1; python_version >= '3.10'
+propcache==0.4.1; python_version >= '3.10'
 py==1.11.0; python_version >= '3.10'
-pycparser==2.21; python_version >= '3.10'
-PyNaCl==1.5.0; python_version >= '3.10'
+pycparser==2.23; python_version >= '3.10'
+PyNaCl==1.6.2; python_version >= '3.10'
 pyparsing==3.0.8; python_version >= '3.10'
-requests==2.27.1; python_version >= '3.10'
-six==1.16.0; python_version >= '3.10'
+requests==2.32.4; python_version >= '3.10'
+six==1.17.0; python_version >= '3.10'
 tornado==5.1.1; python_version < '3.5'
 tornado==6.0.2; python_version >= '3.5' and python_version < '3.10'
-urllib3==1.26.9; python_version >= '3.10'
+urllib3==2.6.3; python_version >= '3.10'
 yarl==1.3.0; python_version >= '3.5' and python_version < '3.10'
-yarl==1.7.2; python_version >= '3.10'
+yarl==1.22.0; python_version >= '3.10'