[Security] Bump urllib3 from 1.22 to 1.24.1

[dependabot-preview]

Bumps urllib3 from 1.22 to 1.24.1.

Changelog

Sourced from urllib3's changelog.

1.24.1 (2018-11-02)

• Remove quadratic behavior within GzipDecoder.decompress() (Issue #1467)

• Restored functionality of ciphers parameter for create_urllib3_context(). (Issue #1462)

1.24 (2018-10-16)

• Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)

• Test against Python 3.7 on AppVeyor. (Pull #1453)

• Early-out ipv6 checks when running on App Engine. (Pull #1450)

• Change ambiguous description of backoff_factor (Pull #1436)

• Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)

• Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).

• Add a server_hostname parameter to HTTPSConnection which allows for
  overriding the SNI hostname sent in the handshake. (Pull #1397)

• Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)

• Fixed bug where responses with header Content-Type: message/* erroneously
  raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)

• Move urllib3 to src/urllib3 (Pull #1409)

1.23 (2018-06-04)

• Allow providing a list of headers to strip from requests when redirecting
  to a different host. Defaults to the Authorization header. Different
  headers can be set via Retry.remove_headers_on_redirect. (Issue #1316)

• Fix util.selectors._fileobj_to_fd to accept long (Issue #1247).

• Dropped Python 3.3 support. (Pull #1242)

• Put the connection back in the pool when calling stream() or read_chunked() on
  a chunked HEAD response. (Issue #1234)

• Fixed pyOpenSSL-specific ssl client authentication issue when clients
  attempted to auth via certificate + chain (Issue #1060)

... (truncated)

Commits

• a6ec68a Merging new release version: 1.24.1
• 0cedb3b Restore context.set_ciphers() to create_urllib3_context() (#1463)
• 0aeba3b Use bytearray to accumulate bytes from gzip (#1468)
• f8d1c78 Uninstall oclint to ensure gcc can be brew upgraded (#1464)
• cd7cfa6 Resolve pytest pluggy version conflict (#1457)
• b548abc Update changelog for 1.24 release
• ef0c745 Merging new release version: 1.24
• a0964d9 Add missing key_server_hostname variable (#1449)
• 34d8298 Test against Python 3.7 on AppVeyor (#1453)
• 977c9ff Early-out ipv6 checks when running on App Engine (#1450)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[coveralls]

Coverage remained the same at 95.833% when pulling c27b80a on dependabot/pip/urllib3-1.24.1 into 2bf8731 on develop.

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Affected versions: ["< 1.23"]