Update requirements to avoid vulnerabilities

Tighten the version constraints to avoid known vulnerabilities for requests for standard pip/conda installs of this project.

Debian and RedHat packages will use whatever versions of the dependencies come with the distribution under the assumption that the distribution maintainers are actively patching serious vulnerabilities.