Skip to content

Update requests requirement from ~=2.32.5 to ~=2.33.0#290

Merged
DefinetlyNotAI merged 1 commit intomainfrom
dependabot/pip/requests-approx-eq-2.33.0
Mar 26, 2026
Merged

Update requests requirement from ~=2.32.5 to ~=2.33.0#290
DefinetlyNotAI merged 1 commit intomainfrom
dependabot/pip/requests-approx-eq-2.33.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026

Updates the requirements on requests to permit the latest version.

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update requests requirement from ~=2.32.5 to ~=2.33.0
c74fbaf 
Updates the requirements on [requests](https://github.com/psf/requests) to permit the latest version.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the type/Dependencies Pull requests that update a dependency file label Mar 26, 2026
@dependabot dependabot bot requested a review from DefinetlyNotAI as a code owner March 26, 2026 05:26
@dependabot dependabot bot added the type/Dependencies Pull requests that update a dependency file label Mar 26, 2026
@pull-request-size pull-request-size bot added the size/XS Extra Small size pr label Mar 26, 2026
@github-actions
Copy link

github-actions bot commented Mar 26, 2026

Hi! Thanks for contributing for the first time to Logicytics 🤗 We hope it goes as smoothly as possible and appreciate your valuable contribution.

@DefinetlyNotAI DefinetlyNotAI self-assigned this Mar 26, 2026
@github-project-automation github-project-automation bot moved this from Todo to Waiting on Review in Issue Board Mar 26, 2026
@DefinetlyNotAI DefinetlyNotAI merged commit ba9e494 into main Mar 26, 2026
9 checks passed
@github-project-automation github-project-automation bot moved this from Waiting on Review to Done in Issue Board Mar 26, 2026
@DefinetlyNotAI DefinetlyNotAI deleted the dependabot/pip/requests-approx-eq-2.33.0 branch March 26, 2026 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DefinetlyNotAI DefinetlyNotAI DefinetlyNotAI approved these changes

Assignees

@DefinetlyNotAI DefinetlyNotAI

Labels

size/XS Extra Small size pr type/Dependencies Pull requests that update a dependency file

Projects

Issue Board
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DefinetlyNotAI