Fixed dependency versions

[NF997]

Is there a particular reason that the dependency versions are fixed:

install_requires=[
        'click==4.0',
        'python-owasp-zap-v2.4==0.0.14',
        'requests==2.20.1',
        'tabulate==0.7.5',
        'termcolor==1.1.0',
        'six==1.10.0',
    ]

When using zap-cli together with other packages, it would be much more convenient to specify minimum versions like this:

install_requires=[
        'click>=4.0',
        'python-owasp-zap-v2.4>=0.0.14',
        'requests>=2.20.1',
        'tabulate>=0.7.5',
        'termcolor>=1.1.0',
        'six>=1.10.0',
    ]

[NF997]

@Grunny Any thoughts about this?

[Grunny]

Hi @NF997! Sounds good. The only one I want o pin is python-owasp-zap-v2.4, since it has had backwards incompatible changes released before as it's not following semantic versioning, and I don't want things to suddenly break for people. So, I think in your PR, you can just pin that one to the latest, and we'll keep bumping it after testing for each release. What do you think?

[NF997]

I updated the PR accordingly 👍

[tspearconquest]

Hi @NF997 could you possibly update this to use requests version 2.25.0 or higher? There is a new vulnerability found in urllib3 versions before v1.26.5. The requests module v2.25.0 is the earliest version with the dependency requirements that will allow urllib3 v1.26.5 to be installed and used with zap-cli.

I have also filed #104 to request the same update but if you can do that, then my issue filing can be closed when this is merged.

@Grunny please merge this. Thank you both.