Skip to content

chore(deps): update dependency requests to v2.33.1#34

Merged
l50 merged 2 commits into
mainfrom
renovate/requests-2.x-lockfile
Mar 31, 2026
Merged

chore(deps): update dependency requests to v2.33.1#34
l50 merged 2 commits into
mainfrom
renovate/requests-2.x-lockfile

Conversation

@dreadnode-renovate-bot
Copy link
Copy Markdown
Contributor

@dreadnode-renovate-bot dreadnode-renovate-bot Bot commented Mar 30, 2026

This PR contains the following updates:

Package Change Age Confidence
requests (changelog) 2.32.32.33.1 age confidence

Release Notes

psf/requests (requests)

v2.33.1

Compare Source

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
    files in the tmp directory. (#​7305)
  • Fixed Content-Type header parsing for malformed values. (#​7309)
  • Improved error consistency for malformed header values. (#​7308)

v2.33.0

Compare Source

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that
    uses Requests, please take a look at #​7271. Give it a try, and report
    any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
    contents to a non-deterministic location to prevent malicious file
    replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#​7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause
    malformed authentication to be applied to Requests on
    Python 3.11+. (#​7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#​7196)

Documentation

  • Various typo fixes and doc improvements.

v2.32.5

Compare Source

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created
    a new class of issues in Requests that have had negative impact across a number
    of use cases. The Requests team has decided to revert this feature as long term
    maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@dreadnode-renovate-bot
chore(deps): update dependency requests to v2.33.1
b58a11b 
| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| pypi       | requests | 2.32.3 | 2.33.1 |
@dreadnode-renovate-bot dreadnode-renovate-bot Bot added renovate area/python Changes made to Python application code labels Mar 30, 2026
@l50 l50 merged commit e9abc9a into main Mar 31, 2026
1 check passed
@l50 l50 deleted the renovate/requests-2.x-lockfile branch March 31, 2026 04:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/python Changes made to Python application code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l50