From 813ca0ed10a83b08402b7e4a7c67ec83a437e7d9 Mon Sep 17 00:00:00 2001
From: Jasper Woudenberg <mail@jasperwoudenberg.com>
Date: Fri, 18 Jan 2019 12:54:24 +0000
Subject: [PATCH] Upgrade requirements.txt dependencies

We were dependent on the requests library version 2.12.0, which is
vulnerable to CVE-2018-18074. This upgrades us to a version with a fix.

I regenerated the `requirements.txt` file by running the `pip-compile`
command it mentioned. This did not result in any changes, so I removed
the file, then reran the command. This time multiple changes were made,
including an upgrade of the `requests` package to a safe version.
---
 requirements.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 28a509b..b639c58 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,4 +4,8 @@
 #
 #    pip-compile --output-file requirements.txt requirements.in
 #
-requests==2.12.0
+certifi==2018.11.29       # via requests
+chardet==3.0.4            # via requests
+idna==2.8                 # via requests
+requests==2.21.0
+urllib3==1.24.1           # via requests