Merge pull request #998 from umarfarouk98/master Deprecation notice about urllib3[secure]

removed urllib3[secure] updated with urllib3

Require urllib>=1.23, because of CVE-2018-20060

Enable SSL verification for `urllib3` By default, `urllib3` does not verify HTTPS requests. As recommended in the `urllib3` documentation [0], SSL verification is enabled by including the `certifi` package which comes with Mozilla's root certificate bundle. This silences an `InsecureRequestWarning` otherwise issued by `urllib3`. Before Python 2.7.9, the `ssl` module lacks SNI support and may lag behind in security updates [1, 2, 3, 4]. The recommended approach by `urllib3` is to use pyOpenSSL as a replacement for those versions. This silences `InsecurePlatformWarning` and `SNIMissingWarning` otherwise issued by `urllib3` when run on these versions. [0]: https://urllib3.readthedocs.io/en/latest/user-guide.html#certificate-verification [1]: https://urllib3.readthedocs.io/en/latest/user-guide.html#certificate-verification-in-python-2 [2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365 [3]: https://www.python.org/dev/peps/pep-0476/ [4]: https://www.python.org/dev/peps/pep-0493/

Replace `urllib2` HTTP requests with `urllib3` `dulwich.client.default_urllib2_opener` has been replaced by `dulwich.client.default_urllib3_manager` with otherwise similar input arguments, returning a `urllib3.PoolManager` or `urllib3.ProxyManager`, depending on whether a proxy configuration is given. The `opener` argument to `dulwich.client.HttpGitClient` that took a `urllib2` opener instance has been replaced by a `pool_manager` argument that takes a `urllib3` pool manager instance. Initially tested with `urllib3` version 1.21, but anything later in the 1.x series should work. Added a `requirements.txt` as a common convention for local setup with a known working version. Pinned it to the latest available `urllib3` version at the time.