Bump six and requests dependency versions

[sersorrel]

cwltool itself doesn't require these versions, but its dependencies do.

Since Pip doesn't have a backtracking dependency resolver yet, it can fail to find a correct solution if the package being installed has low requirements that are already installed, but a dependency has a higher requirement. For example, cwltool requires six 1.8.0, but prov requires six 1.9.0; Debian Jessie packages six 1.8.0, so pip install cwltool sees that the installed six meets cwltool's requirements, but it isn't able to determine that it should install a newer version of six once it scans prov's dependencies. (More recent versions of Pip will at least print a warning in this case.)

The Requests version bump is to work around an issue with old Requests versions and CacheControl (psf/cachecontrol#137).

See #872.

[codecov]

Codecov Report

Merging #877 into master will increase coverage by 0.18%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##           master    #877      +/-   ##
=========================================
+ Coverage   72.61%   72.8%   +0.18%     
=========================================
  Files          34      34              
  Lines        6401    6401              
  Branches     1617    1617              
=========================================
+ Hits         4648    4660      +12     
+ Misses       1305    1295      -10     
+ Partials      448     446       -2

Impacted Files	Coverage Δ
cwltool/executors.py	77.77% <0%> (+1.11%)	⬆️
cwltool/sandboxjs.py	55.12% <0%> (+4.27%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f49b225...e0c6772. Read the comment docs.

[mr-c]

Thanks!