Update requests

2.20.0 is almost two years old, so we can safely assume anyone wanting a
recent vdirsyncer can upgrade.

It's also the first version to include several upstream security fixes
which I'd rather we depend on too.

Author: Hugo Osvaldo Barrera

setup.py

@@ -18,14 +18,7 @@
     # https://github.com/pimutils/vdirsyncer/issues/478
     'click-threading>=0.2',
 
-    # !=2.9.0: https://github.com/kennethreitz/requests/issues/2930
-    #
-    # >=2.4.1: https://github.com/shazow/urllib3/pull/444
-    # Without the above pull request, `verify=False` also disables fingerprint
-    # validation. This is *not* what we want, and it's not possible to
-    # replicate vdirsyncer's current behavior (verifying fingerprints without
-    # verifying against CAs) with older versions of urllib3.
-    'requests >=2.4.1, !=2.9.0',
+    'requests >=2.20.0',
 
     # https://github.com/sigmavirus24/requests-toolbelt/pull/28
     # And https://github.com/sigmavirus24/requests-toolbelt/issues/54