From 55571857326eccef62dd3b524ee29bfaeead3bde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Gro=C3=9F?= <jan@grossit.de>
Date: Tue, 6 Nov 2018 13:21:54 +0100
Subject: [PATCH] Update requests version because of CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index ce7fcd2..d601371 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,7 +12,7 @@ Jinja2==2.9.6
 MarkupSafe==1.0
 python-engineio==1.7.0
 python-socketio==1.7.6
-requests==2.18.1
+requests>=2.20.0
 six==1.10.0
 urllib3==1.21.1
 Werkzeug==0.12.2