Did you know that our version of requests was from 2015? Phwoar!
This bumps `jinja2`, `py`, `pyyaml`, `requests` and `urllib3`.
There's significant risk for regressions due to breaking changes,
though due to the dynamic nature of Python, they're tricky to track
down.
The potential breaking changes I'm expecting to potentially affect
us are:
* `requests@2.11.0`: No longer accepts non-strings as header values.
* `requests@2.16.0`: `requests.packages` namespace was removed due to
packages no longer being vendored. The namespace has been
incrementally restored over future releases, but it's unclear to
what degree.
* `requests@2.24.0`: Redirect resolution now only happens when
`allow_redirects` is `True`.
* `requests` version of `urllib3` was bumped from `1.13.1` to `1.26`,
unsure what repercussions that will have.
This also added dependencies to `flake8_requirements`. This is because
the vendored `importlib-metadata` update (and the new
`typing-extensions` dependency) is found by `pip`, but the
vendored `typing-extensions` is _not_ discovered (perhaps due to
details around "eggs" and the way we add vendored code to the sys.path).
So, `pip` tries to install it manually and fails when it finds no hash.
By re-compiling `flake8_requirements`, the necessary hashes are made
available.
Differential Revision: https://phabricator.services.mozilla.com/D108526