Update requests version because of CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
This commit is contained in:
Jan Groß
@@ -12,7 +12,7 @@ Jinja2==2.9.6
|
||||
MarkupSafe==1.0
|
||||
python-engineio==1.7.0
|
||||
python-socketio==1.7.6
|
||||
requests==2.18.1
|
||||
requests>=2.20.0
|
||||
six==1.10.0
|
||||
urllib3==1.21.1
|
||||
Werkzeug==0.12.2
|
||||
|
||||
Reference in New Issue
Block a user