Skip to content

chore(deps): update dependency requests to v2.33.0#85

Open
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/requests-2.x
Open

chore(deps): update dependency requests to v2.33.0#85
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/requests-2.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 5, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
requests (source, changelog) ==2.32.3==2.33.0 age confidence

Release Notes

psf/requests (requests)

v2.33.0

Compare Source

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that
    uses Requests, please take a look at #​7271. Give it a try, and report
    any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
    contents to a non-deterministic location to prevent malicious file
    replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#​7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause
    malformed authentication to be applied to Requests on
    Python 3.11+. (#​7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#​7196)

Documentation

  • Various typo fixes and doc improvements.

v2.32.5

Compare Source

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created
    a new class of issues in Requests that have had negative impact across a number
    of use cases. The Requests team has decided to revert this feature as long term
    maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update dependency requests to v2.32.5 chore(deps): update dependency requests to v2.33.0 Mar 25, 2026
@renovate renovate bot force-pushed the renovate/requests-2.x branch from 6b22c0d to 2189c92 Compare March 25, 2026 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants