From eece9a6bde47be250035d27a954c6bb0876bf909 Mon Sep 17 00:00:00 2001
From: Hugo Osvaldo Barrera <hugo@barrera.io>
Date: Mon, 8 Jun 2020 18:30:17 +0200
Subject: [PATCH] Update requests

2.20.0 is almost two years old, so we can safely assume anyone wanting a
recent vdirsyncer can upgrade.

It's also the first version to include several upstream security fixes
which I'd rather we depend on too.
---
 setup.py | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/setup.py b/setup.py
index 552165f..0a976c9 100644
--- a/setup.py
+++ b/setup.py
@@ -18,14 +18,7 @@ requirements = [
     # https://github.com/pimutils/vdirsyncer/issues/478
     'click-threading>=0.2',
 
-    # !=2.9.0: https://github.com/kennethreitz/requests/issues/2930
-    #
-    # >=2.4.1: https://github.com/shazow/urllib3/pull/444
-    # Without the above pull request, `verify=False` also disables fingerprint
-    # validation. This is *not* what we want, and it's not possible to
-    # replicate vdirsyncer's current behavior (verifying fingerprints without
-    # verifying against CAs) with older versions of urllib3.
-    'requests >=2.4.1, !=2.9.0',
+    'requests >=2.20.0',
 
     # https://github.com/sigmavirus24/requests-toolbelt/pull/28
     # And https://github.com/sigmavirus24/requests-toolbelt/issues/54