chore(deps): update dependency requests to v2.33.1 #47

Open

renovate-bot wants to merge 1 commit from renovate/requests-2.x into master

pull from: renovate/requests-2.x

merge into: ForgeFlux:master

ForgeFlux:master

ForgeFlux:renovate/charset-normalizer-3.x

ForgeFlux:renovate/urllib3-2.x

ForgeFlux:renovate/frozendict-2.x

ForgeFlux:renovate/rpds-py-0.x

ForgeFlux:renovate/referencing-0.x

ForgeFlux:renovate/lxml-5.x

ForgeFlux:renovate/cachetools-5.x

ForgeFlux:renovate/certifi-2024.x

ForgeFlux:renovate/attrs-24.x

Conversation 0 Commits 1 Files changed 1 +2 -2

renovate-bot commented 2026-03-23 05:17:55 +05:30

Member

Copy link

This PR contains the following updates:

Package	Change	Age	Confidence
requests (changelog)	==2.32.3 -> ==2.33.1

---

Release Notes

psf/requests (requests)

v2.33.1

Compare Source

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
  files in the tmp directory. (#​7305)
• Fixed Content-Type header parsing for malformed values. (#​7309)
• Improved error consistency for malformed header values. (#​7308)

v2.33.0

Compare Source

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that
  uses Requests, please take a look at #​7271. Give it a try, and report
  any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
  contents to a non-deterministic location to prevent malicious file
  replacement. This does not affect default usage of Requests, only
  applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#​7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause
  malformed authentication to be applied to Requests on
  Python 3.11+. (#​7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#​7196)

Documentation

• Various typo fixes and doc improvements.

v2.32.5

Compare Source

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created
  a new class of issues in Requests that have had negative impact across a number
  of use cases. The Requests team has decided to revert this feature as long term
  maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
  environment will retrieve credentials for the wrong hostname/machine from a
  netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [requests](https://github.com/psf/requests) ([changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | `==2.32.3` -> `==2.33.1` |  |  | --- ### Release Notes <details> <summary>psf/requests (requests)</summary> ### [`v2.33.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2331-2026-03-30) [Compare Source](https://github.com/psf/requests/compare/v2.33.0...v2.33.1) **Bugfixes** - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. ([#&#8203;7305](https://github.com/psf/requests/issues/7305)) - Fixed Content-Type header parsing for malformed values. ([#&#8203;7309](https://github.com/psf/requests/issues/7309)) - Improved error consistency for malformed header values. ([#&#8203;7308](https://github.com/psf/requests/issues/7308)) ### [`v2.33.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2330-2026-03-25) [Compare Source](https://github.com/psf/requests/compare/v2.32.5...v2.33.0) **Announcements** - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at [#&#8203;7271](https://github.com/psf/requests/issues/7271). Give it a try, and report any gaps or feedback you may have in the issue. 📣 **Security** - CVE-2026-25645 `requests.utils.extract_zipped_paths` now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. **Improvements** - Migrated to a PEP 517 build system using setuptools. ([#&#8203;7012](https://github.com/psf/requests/issues/7012)) **Bugfixes** - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. ([#&#8203;7205](https://github.com/psf/requests/issues/7205)) **Deprecations** - Dropped support for Python 3.9 following its end of support. ([#&#8203;7196](https://github.com/psf/requests/issues/7196)) **Documentation** - Various typo fixes and doc improvements. ### [`v2.32.5`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2325-2025-08-18) [Compare Source](https://github.com/psf/requests/compare/v2.32.4...v2.32.5) **Bugfixes** - The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration. **Deprecations** - Added support for Python 3.14. - Dropped support for Python 3.8 following its end of support. ### [`v2.32.4`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2324-2025-06-10) [Compare Source](https://github.com/psf/requests/compare/v2.32.3...v2.32.4) **Security** - CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. **Improvements** - Numerous documentation improvements **Deprecations** - Added support for pypy 3.11 for Linux and macOS. - Dropped support for pypy 3.9 following its end of support. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41Mi44IiwidXBkYXRlZEluVmVyIjoiNDIuNTIuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJyZW5vdmF0ZS1ib3QiXX0=-->

renovate-bot added the

renovate-bot

label 2026-03-23 05:17:55 +05:30

renovate-bot added 1 commit 2026-03-23 05:17:55 +05:30

chore(deps): update dependency requests to v2.32.5 dac3646c60

renovate-bot changed title from chore(deps): update dependency requests to v2.32.5 to chore(deps): update dependency requests to v2.33.0 2026-03-30 05:23:16 +05:30

renovate-bot force-pushed renovate/requests-2.x from dac3646c60 to 9d302ae118 2026-03-30 05:23:17 +05:30 Compare

renovate-bot changed title from chore(deps): update dependency requests to v2.33.0 to chore(deps): update dependency requests to v2.33.1 2026-04-06 05:18:39 +05:30

renovate-bot force-pushed renovate/requests-2.x from 9d302ae118 to 1b14b51b10 2026-04-06 05:18:40 +05:30 Compare

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/requests-2.x:renovate/requests-2.x

git switch renovate/requests-2.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master

git merge --no-ff renovate/requests-2.x

git switch renovate/requests-2.x

git rebase master

git switch master

git merge --ff-only renovate/requests-2.x

git switch renovate/requests-2.x

git rebase master

git switch master

git merge --no-ff renovate/requests-2.x

git switch master

git merge --squash renovate/requests-2.x

git switch master

git merge --ff-only renovate/requests-2.x

git switch master

git merge renovate/requests-2.x

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

  

renovate-bot

  

renovate-security

  

security

No labels

renovate-bot

renovate-security

security

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ForgeFlux/nodeinfo-test!47

No description provided.