Update dependency requests to v2.20.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
requests (source, changelog)	==2.18.4 -> ==2.20.0

GitHub Vulnerability Alerts

CVE-2018-18074

The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

---

Release Notes

psf/requests (requests)

v2.20.0

Compare Source

Bugfixes

• Content-Type header parsing is now case-insensitive (e.g.
  charset=utf8 v Charset=utf8).
• Fixed exception leak where certain redirect urls would raise
  uncaught urllib3 exceptions.
• Requests removes Authorization header from requests redirected
  from https to http on the same hostname. (CVE-2018-18074)
• should_bypass_proxies now handles URIs without hostnames (e.g.
  files).

Dependencies

• Requests now supports urllib3 v1.24.

Deprecations

• Requests has officially stopped support for Python 2.6.

v2.19.1

Compare Source

Bugfixes

• Fixed issue where status_codes.py's init function failed trying
  to append to a __doc__ value of None.

v2.19.0

Compare Source

Improvements

• Warn user about possible slowdown when using cryptography version
  < 1.3.4
• Check for invalid host in proxy URL, before forwarding request to
  adapter.
• Fragments are now properly maintained across redirects. (RFC7231
  7.1.2)
• Removed use of cgi module to expedite library load time.
• Added support for SHA-256 and SHA-512 digest auth algorithms.
• Minor performance improvement to Request.content.
• Migrate to using collections.abc for 3.7 compatibility.

Bugfixes

• Parsing empty Link headers with parse_header_links() no longer
  return one bogus entry.
• Fixed issue where loading the default certificate bundle from a zip
  archive would raise an IOError.
• Fixed issue with unexpected ImportError on windows system which do
  not support winreg module.
• DNS resolution in proxy bypass no longer includes the username and
  password in the request. This also fixes the issue of DNS queries
  failing on macOS.
• Properly normalize adapter prefixes for url comparison.
• Passing None as a file pointer to the files param no longer
  raises an exception.
• Calling copy on a RequestsCookieJar will now preserve the cookie
  policy correctly.

Dependencies

• We now support idna v2.7.
• We now support urllib3 v1.23.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.