Upgrade urllib (CVE-2019-11324)

Probably not really affected because the staples need to be signed by the CA, in case of MITM they couldn't be unless they were hacked, in which case we would have worse problems, DOS is potentially maybe possible but unlikely under normal conditions and not very useful to an attacker.