Merge pull request #497 from pypa/bugfix/491-requests-220

jaraco · web-flow · commit f3c1523df995 · 2019-09-22T21:34:24.000+02:00
Pin to requests 2.20 or later.
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -3,6 +3,8 @@
 =========
 Changelog
 =========
+* :bug:`491` Require requests 2.20 or later to avoid reported security
+  vulnerabilities in earlier releases.
 * :release:`1.15.0 <2019-09-17>`
 * :feature:`488` Improved output on ``check`` command:
   Prints a message when there are no distributions given to check.
diff --git a/setup.py b/setup.py
@@ -72,7 +72,7 @@
     install_requires=[
         "pkginfo >= 1.4.2",
         "readme_renderer >= 21.0",
-        "requests >= 2.5.0, != 2.15, != 2.16",
+        "requests >= 2.20",
         "requests-toolbelt >= 0.8.0, != 0.9.0",
         "setuptools >= 0.7.0",
         "tqdm >= 4.14",
