Upgrade requests to version 2.20.0. See: CVE-2018-18074

overcat · overcat · commit c07bf79ffe61 · 2018-10-30T22:12:10.000+08:00
Vulnerable code is not actually used https://nvd.nist.gov/vuln/detail/CVE-2018-18074
diff --git a/Pipfile b/Pipfile
@@ -8,7 +8,7 @@ name = "pypi"
 "ed25519" = "~=1.4"
 mnemonic = "~=0.18"
 numpy = "~=1.14"
-requests = "~=2.18"
+requests = ">=2.20.0"
 toml = "~=0.9.4"
 six = "~=1.11.0"
 stellar-base-sseclient = "==0.0.21"
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/requirements.txt b/requirements.txt
@@ -1,7 +1,7 @@
 crc16==0.1.1; sys_platform != "win32" and sys_platform != "cygwin"
 pure25519==0.0.1; sys_platform == "win32" or sys_platform == "cygwin"
 ed25519==1.4; sys_platform != "win32" and sys_platform != "cygwin"
-requests==2.19.1
+requests==2.20.0
 six==1.11.0
 stellar-base-sseclient==0.0.21
 numpy==1.15.0
