requests is pinned to <2.30, but requests prior to 2.32 is subject to CVE-2024-35195

[SamStephens]

Describe the issue

Requests was pinned to <2.30 by a commit that does not explain why that pin was introduced. Requests prior to 2.32 is subject to CVE-2024-35195.

What is the path to getting the dropbox client back to tracking the latest version of requests?

[SamStephens]

Also CVE-2023-32681.

[maxbelanger]

Thanks for reporting this! A fix is available in v12.0.1.