Update requests package, and others

This is primarily to resolve a vulnerability: CVE-2018-18074 [1] (It's not clear to me that an https-to-http redirect is very feasible, so this seems like a pretty difficult vulnerability to harness, but it's probably worth fixing anyway.) Since it's difficult [2] to upgrade just individual parts of the lockfile, and since it's not all that important to only upgrade `requests`, this commit upgrades everything. In particular, pyyaml is upgraded to 3.13 and jenkins-job-builder is upgraded from 3e7ad9692655450fe26371770ec87a17e2a0b23a to 1940ed63e06949d4224d64e12afae437d9d0c089. [1]: psf/requests#4716, https://github.com/CruGlobal/jenkins-jobs/network/alert/Pipfile.lock/requests/open [2]: pypa/pipenv#966 (Which is way too long of a thread, but the gist is pipenv now has a --selective-upgrade option but it doesn't work right)
CruGlobal · Oct 29, 2018 · 5f91a3c · 5f91a3c
1 parent 6cb2ad9
commit 5f91a3c
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 65 deletions.
diff --git a/Pipfile b/Pipfile
@@ -11,7 +11,7 @@ name = "pypi"
 
 [packages]
 
-requests = "*"
+requests = ">=2.20.0"
 pyyaml = "*"
 jenkins-job-builder = {ref = "modifications-for-cru-jenkins", git = "https://github.com/CruGlobal/jenkins-job-builder.git", editable = true}
 

diff --git a/Pipfile.lock b/Pipfile.lock