chore(deps): update dependency dnspython to v2.6.1 [security]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dnspython	`==2.4.2` -> `==2.6.1`

GitHub Vulnerability Alerts

CVE-2023-29483

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

Release Notes

rthalley/dnspython (dnspython)

### [`v2.6.1`](https://togithub.com/rthalley/dnspython/releases/tag/v2.6.1): dnspython 2.6.1 [Compare Source](https://togithub.com/rthalley/dnspython/compare/v2.6.0...v2.6.1) See [What's New](https://dnspython.readthedocs.io/en/latest/whatsnew.html) for details. This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP. This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired. Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington. ### [`v2.6.0`](https://togithub.com/rthalley/dnspython/releases/tag/v2.6.0): dnspython 2.6.0 [Compare Source](https://togithub.com/rthalley/dnspython/compare/v2.5.0...v2.6.0) See [What's New](https://dnspython.readthedocs.io/en/latest/whatsnew.html) for details. This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired. Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington. ### [`v2.5.0`](https://togithub.com/rthalley/dnspython/releases/tag/v2.5.0): dnspython 2.5.0 [Compare Source](https://togithub.com/rthalley/dnspython/compare/v2.4.2...v2.5.0) See the [What's New](https://dnspython.readthedocs.io/en/stable/whatsnew.html) page for a summary of this release. Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

devsoc-unsw / structs.sh