Skip to content

chore(deps): update dependency requests to v2.34.2#42

Open
renovate[bot] wants to merge 1 commit into
alphafrom
renovate/requests-2.x-lockfile
Open

chore(deps): update dependency requests to v2.34.2#42
renovate[bot] wants to merge 1 commit into
alphafrom
renovate/requests-2.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Jun 14, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
requests (changelog) 2.32.32.34.2 age confidence

Release Notes

psf/requests (requests)

v2.34.2

Compare Source

  • Moved headers input type back to Mapping to avoid invariance issues
    with MutableMapping and inferred dict types. Users calling
    Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

  • Widened json input type from dict and list to Mapping
    and Sequence. (#​7436)
  • Changed headers input type to MutableMapping and removed None from
    Request.headers typing to improve handling for users. (#​7431)
  • Response.reason moved from str | None to str to improve handling
    for users. (#​7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations
    weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by
    typeshed. Public API types should be fully compatible with mypy, pyright,
    and ty. We believe types are comprehensive but if you find issues, please
    report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
    helping review and test the types ahead of the release. (#​7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify
    security considerations. (#​7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects
    should be able to start testing prior to its release in October. (#​7422)
  • Requests added support for Python 3.14t. (#​7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing
    accidental looping when traversing the history list. (#​7328)
  • Requests no longer performs greedy matching on no_proxy domains. The
    proxy_bypass implementation has been updated with CPython's fix from
    bpo-39057. (#​7427)
  • Requests no longer incorrectly strips duplicate leading slashes in
    URI paths. This should address user issues with specific presigned
    URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

v2.33.1

Compare Source

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
    files in the tmp directory. (#​7305)
  • Fixed Content-Type header parsing for malformed values. (#​7309)
  • Improved error consistency for malformed header values. (#​7308)

v2.33.0

Compare Source

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that
    uses Requests, please take a look at #​7271. Give it a try, and report
    any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
    contents to a non-deterministic location to prevent malicious file
    replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#​7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause
    malformed authentication to be applied to Requests on
    Python 3.11+. (#​7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#​7196)

Documentation

  • Various typo fixes and doc improvements.

v2.32.5

Compare Source

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created
    a new class of issues in Requests that have had negative impact across a number
    of use cases. The Requests team has decided to revert this feature as long term
    maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@sourcery-ai

sourcery-ai Bot commented Jun 14, 2025

Copy link
Copy Markdown

Reviewer's Guide

Regenerate the Poetry lockfile to update the requests dependency from v2.32.3 to v2.32.4, including refreshed hashes and metadata.

File-Level Changes

Change Details Files
Bump requests library to v2.32.4
  • Updated requests version entry
  • Refreshed dependency checksum hashes
  • Regenerated lockfile metadata
poetry.lock

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch 2 times, most recently from fea6a1a to bbc807f Compare July 14, 2025 19:01
@renovate renovate Bot changed the title fix(deps): update dependency requests to v2.32.4 fix(deps): update dependency requests to v2.32.5 Aug 19, 2025
@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch from bbc807f to 3215a88 Compare August 19, 2025 01:38
@renovate renovate Bot changed the title fix(deps): update dependency requests to v2.32.5 chore(deps): update dependency requests to v2.32.5 Sep 25, 2025
@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.32.5 chore(deps): update dependency requests to v2.32.5 - abandoned Nov 12, 2025
@renovate

renovate Bot commented Nov 12, 2025

Copy link
Copy Markdown
Contributor Author

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.32.5 - abandoned chore(deps): update dependency requests to v2.32.5 Nov 13, 2025
@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.32.5 chore(deps): update dependency requests to v2.33.0 Mar 25, 2026
@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch from 3215a88 to f2ff8d5 Compare March 25, 2026 17:22
@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.33.0 chore(deps): update dependency requests to v2.33.1 Mar 30, 2026
@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch from f2ff8d5 to 74ca967 Compare March 30, 2026 17:14
@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch from 74ca967 to f0994da Compare May 11, 2026 21:09
@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.33.1 chore(deps): update dependency requests to v2.34.0 May 11, 2026
@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch from f0994da to 9387b7a Compare May 13, 2026 20:50
@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.34.0 chore(deps): update dependency requests to v2.34.1 May 13, 2026
| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| pypi       | requests | 2.32.3 | 2.34.2 |
@renovate
renovate Bot force-pushed the renovate/requests-2.x-lockfile branch from 9387b7a to 7ab3013 Compare May 14, 2026 21:43
@renovate renovate Bot changed the title chore(deps): update dependency requests to v2.34.1 chore(deps): update dependency requests to v2.34.2 May 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants