Update requests

2.20.0 is almost two years old, so we can safely assume anyone wanting a recent vdirsyncer can upgrade. It's also the first version to include several upstream security fixes which I'd rather we depend on too.
2026-03-25 08:55:50 +00:00 · 2020-06-08 18:30:17 +02:00 · 2020-06-08 18:30:17 +02:00 · eece9a6bde
commit eece9a6bde
parent a26d3bb58c
1 changed files with 1 additions and 8 deletions
--- a/setup.py
+++ b/setup.py
@ -18,14 +18,7 @@ requirements = [
    # https://github.com/pimutils/vdirsyncer/issues/478
    'click-threading>=0.2',

-    # !=2.9.0: https://github.com/kennethreitz/requests/issues/2930
-    #
-    # >=2.4.1: https://github.com/shazow/urllib3/pull/444
-    # Without the above pull request, `verify=False` also disables fingerprint
-    # validation. This is *not* what we want, and it's not possible to
-    # replicate vdirsyncer's current behavior (verifying fingerprints without
-    # verifying against CAs) with older versions of urllib3.
-    'requests >=2.4.1, !=2.9.0',
+    'requests >=2.20.0',

    # https://github.com/sigmavirus24/requests-toolbelt/pull/28
    # And https://github.com/sigmavirus24/requests-toolbelt/issues/54