security: remove vulnerable Python 2 deps and drop Python 2 references

Remove pyopenssl (CVE-2026-27459), pyasn1 (CVE-2026-30922), and
ndg-httpsclient from install_requires. These were only needed for
Python 2 SNI support and are dead code on Python 3.

- Remove Python 2 pyopenssl injection in pusher/requests.py
- Remove 'Python :: 2' classifier from setup.py
- Update README to note Python 2 is no longer supported

Closes #252

Author: ahsansheraz-bonial

README.md

@@ -48,13 +48,7 @@ normally `easy_install` or `pip`. For example:
 pip install pusher
 ```
 
-Users on Python 2.x and older versions of pip may get a warning, due to pip compiling the optional `pusher.aiohttp` module, which uses Python 3 syntax. However, as `pusher.aiohttp` is not used by default, this does not affect the library's functionality. See [our Github issue](https://github.com/pusher/pusher-http-python/issues/52), as well as [this issue from Gunicorn](https://github.com/benoitc/gunicorn/issues/788) for more details.
-
-On Linux, you must ensure that OpenSSL is installed, e.g. on Debian/Ubuntu:
-
-```sh
-$ sudo apt-get install build-essential libssl-dev libffi-dev
-```
+**Note: Python 2 is no longer supported.** Python 2 reached end-of-life on January 1, 2020. This library requires Python 3.6+.
 
 ## Getting started
 

setup.py

@@ -26,8 +26,8 @@
         'Development Status :: 4 - Beta',
         'Intended Audience :: Developers',
         'Topic :: Internet :: WWW/HTTP',
-        'Programming Language :: Python :: 2',
         'Programming Language :: Python :: 3',
+        'Programming Language :: Python :: 3 :: Only',
     ],
     keywords='pusher rest realtime websockets service',
     license='MIT',