Require Twisted 20.3.0 in gettor's requirements.txt
Twisted has a HTTP request splitting vulnerability, GetTor is probably affected.
Please update your requirements.txt to depend on Twisted 20.3.0 or later. (And any downstream packages.)
The GitHub alert is: https://github.com/torproject/gettor/network/alert/requirements.txt/Twisted/open
The relevant CVEs are: CVE-2020-10108 https://github.com/advisories/GHSA-h96w-mmrf-2h6v CVE-2020-10109 https://github.com/advisories/GHSA-p5xh-vx83-mxcj