[Security] Bump requests from 2.19.1 to 2.20.1

[dependabot-preview[bot]]

Bumps requests from 2.19.1 to 2.20.1. This update includes security fixes.

Vulnerabilities fixed

*Sourced from The GitHub Security Advisory Database.* > **Moderate severity vulnerability that affects requests** > The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. > > Affected versions: <= 2.19.1

Changelog

*Sourced from [requests's changelog](https://github.com/requests/requests/blob/master/HISTORY.md).* > 2.20.1 (2018-11-08) > ------------------- > > **Bugfixes** > > - Fixed bug with unintended Authorization header stripping for > redirects using default ports (http/80, https/443). > > 2.20.0 (2018-10-18) > ------------------- > > **Bugfixes** > > - Content-Type header parsing is now case-insensitive (e.g. > charset=utf8 v Charset=utf8). > - Fixed exception leak where certain redirect urls would raise > uncaught urllib3 exceptions. > - Requests removes Authorization header from requests redirected > from https to http on the same hostname. (CVE-2018-18074) > - `should_bypass_proxies` now handles URIs without hostnames (e.g. > files). > > **Dependencies** > > - Requests now supports urllib3 v1.24. > > **Deprecations** > > - Requests has officially stopped support for Python 2.6.

Commits

- [`6cfbe1a`](https://github.com/requests/requests/commit/6cfbe1aedd56f8c2f9ff8b968efe65b22669795b) v2.20.1 - [`c501ec9`](https://github.com/requests/requests/commit/c501ec986daa4961cd9dee370b5d45ff2e524b37) Merge pull request [#4853](https://github-redirect.dependabot.com/requests/requests/issues/4853) from mainanick/master - [`045b706`](https://github.com/requests/requests/commit/045b706b378df07fabe24562972eabde2424e19b) Merge pull request [#2](https://github-redirect.dependabot.com/requests/requests/issues/2) from requests/master - [`ccbffe5`](https://github.com/requests/requests/commit/ccbffe5a533182e721be2e04bb201039e73bbdae) Incorrect ValueError Message - [`eaab47f`](https://github.com/requests/requests/commit/eaab47f033cae3bd443abb6707dfc30ae3482c36) Merge pull request [#4851](https://github-redirect.dependabot.com/requests/requests/issues/4851) from requests/default_port_handling - [`ea9436a`](https://github.com/requests/requests/commit/ea9436a5d6a5934a906e91202349aabf9af75d15) proper handling for default ports in auth stripping - [`3a831be`](https://github.com/requests/requests/commit/3a831be413f956195a7fa6933ddb42f30dd6e4bb) Merge pull request [#1](https://github-redirect.dependabot.com/requests/requests/issues/1) from requests/master - [`7c812e9`](https://github.com/requests/requests/commit/7c812e919b3cd3267c2159be96ad63fff3dd1260) Merge pull request [#4839](https://github-redirect.dependabot.com/requests/requests/issues/4839) from rabdill/patch-1 - [`5fdc25b`](https://github.com/requests/requests/commit/5fdc25b029b582464e90c0374ce3b3297a3ccd60) Reverting redirect examples back to intended URLs - [`d2962f1`](https://github.com/requests/requests/commit/d2962f1d55a211a4606d8387b6333de7a21e630d) update maintainer contact info - Additional commits viewable in [compare view](https://github.com/requests/requests/compare/v2.19.1...v2.20.1)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #212.