lmazuel
commented
3 years ago Hi @makononov We do not wish to constraint our set of dependencies, as a customer could have a reason to use an old requests for reason that are beyond my scope to understand. By default, you will get the latest one from PyPI anyway, nothing prevents you to organize your dependencies to use the exact set you need. Thanks nonetheless for the contribution :)
Requests versions prior to 2.20 are vulnerable to https://cve.circl.lu/cve/CVE-2018-18074. This change updates the version of Requests used.