nickpegg
commented
5 years ago @narJH27 I completely forgot why I upgraded gunicorn to match the version we're running at Dropbox. I investigated because I thought it was to fix something, but I came up with a dead end, so I've removed that package upgrade from this PR. It only upgrades requests now, and I've updated the PR with the reason why.
This version of Requests includes a fix for CVE-2018-18074