[lxc-devel] [pylxd/master] Update requests to minimum version 2.20.0

[ajkavanagh on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 406 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190117/38097fd5/attachment.bin>
-------------- next part --------------
From a3b551fe8a511e41329f99d4ed35376d11f72815 Mon Sep 17 00:00:00 2001
From: Alex Kavanagh <alex.kavanagh at canonical.com>
Date: Thu, 17 Jan 2019 14:29:57 +0000
Subject: [PATCH] Update requests to minimum version 2.20.0

This is due to a medium security alert: CVE-2018-18074.
https://nvd.nist.gov/vuln/detail/CVE-2018-18074
---
 requirements.txt | 2 +-
 setup.py         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 1098cc90..bb3c981b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@ pbr>=1.6
 python-dateutil>=2.4.2
 six>=1.9.0
 ws4py!=0.3.5,>=0.3.4  # 0.3.5 is broken for websocket support
-requests!=2.8.0,!=2.12.0,!=2.12.1,>=2.5.2
+requests>=2.20.0
 requests-unixsocket>=0.1.5
 requests-toolbelt>=0.8.0
 cryptography!=1.3.0,>=1.0
diff --git a/setup.py b/setup.py
index e770088b..ddfcb924 100644
--- a/setup.py
+++ b/setup.py
@@ -29,7 +29,7 @@
         'pbr>=1.8',
     ],
     install_requires=[
-        'requests!=2.8.0,>=2.5.2',
+        'requests>=2.20.0',
         # >= 0.1.5 needed for HTTP_PROXY support
         'requests-unixsocket>=0.1.5',
     ],