Update requests requirement from ~=2.26 to ~=2.33 in /requirements

[dependabot]

Updates the requirements on requests to permit the latest version.

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.

... (truncated)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Greetings! The CI pipeline has delivered its findings. 🏗️

I've aggregated the results of the automated checks for this PR below.

🔍 Lint

The results are in the bag! 🎒

❌ ruff: issues found — see job log

📋 Repo Health

Ensuring the repo's skin is clear (aka linting errors). ✨

✅ All required files present.

Latest Version: 0.8.5

✅ ovos_utils/version.py — Version file
✅ README.md — README
✅ LICENSE — License file
✅ pyproject.toml — pyproject.toml
✅ CHANGELOG.md — Changelog
⚠️ requirements.txt — Requirements
✅ ovos_utils/version.py has valid version block markers

🔒 Security (pip-audit)

Ensuring our project remains safe and secure. 🛡️

✅ No known vulnerabilities found (45 packages scanned).

📊 Coverage

Is every line pullin' its weight? Let's check! 🏋️‍♂️

⚠️ Coverage data unavailable — check the job log.

⚠️ Some tests failed — coverage figures may be incomplete.

⚖️ License Check

Verifying the source of all binary files. 💾

✅ No license violations found (27 packages).

License distribution: 8× MIT License, 5× MIT, 3× Apache Software License, 2× BSD-3-Clause, 2× ISC License (ISCL), 1× Apache Software License; BSD License, 1× Apache-2.0, 1× Apache-2.0 OR BSD-2-Clause, +4 more

Full breakdown — 27 packages

Package	Version	License	URL
build	1.4.2	MIT	link
certifi	2026.2.25	Mozilla Public License 2.0 (MPL 2.0)	link
charset-normalizer	3.4.6	MIT	link
click	8.3.1	BSD-3-Clause	link
combo_lock	0.3.0	Apache Software License	link
filelock	3.25.2	MIT	link
idna	3.11	BSD-3-Clause	link
json-database	0.10.1	MIT	link
kthread	0.2.3	MIT License	link
markdown-it-py	4.0.0	MIT License	link
mdurl	0.1.2	MIT License	link
memory-tempfile	2.2.3	MIT License	link
ovos-utils	0.8.5	Apache-2.0	link
packaging	26.0	Apache-2.0 OR BSD-2-Clause	link
pexpect	4.9.0	ISC License (ISCL)	link
ptyprocess	0.7.0	ISC License (ISCL)	link
pyee	13.0.1	MIT License	link
Pygments	2.20.0	BSD-2-Clause	link
pyproject_hooks	1.2.0	MIT License	link
python-dateutil	2.9.0.post0	Apache Software License; BSD License	link
requests	2.33.1	Apache Software License	link
rich	13.9.4	MIT License	link
rich-click	1.9.7	MIT License

Copyright (c) 2022 Phil Ewels

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
| link |
| six | 1.17.0 | MIT License | link |
| typing_extensions | 4.15.0 | PSF-2.0 | link |
| urllib3 | 2.6.3 | MIT | link |
| watchdog | 6.0.0 | Apache Software License | link |

Policy: Apache 2.0 (universal donor). StrongCopyleft / NetworkCopyleft / WeakCopyleft / Other / Error categories fail. MPL allowed.

🏷️ Release Preview

Coming soon to a stable branch near you! 📽️

Current: 0.8.5 → Next: 0.8.6a1

Signal	Value
Label	dependencies, python
PR title	Update requests requirement from ~=2.26 to ~=2.33 in /requirements
Bump	alpha

⚠️ No conventional commit prefix — alpha-only bump.
Suggested: fix: update the thing or feat: update the thing

---

🚀 Release Channel Compatibility

Predicted next version: 0.8.6a1

Channel	Status	Note	Current Constraint
Stable	✅	Compatible	ovos-utils>=0.8.1,<0.9.0
Testing	❌	Too new (must be <0.8.5)	ovos-utils>=0.8.4,<0.8.5
Alpha	✅	Compatible	ovos-utils>=0.8.5

🔨 Build Tests

Checking the calibration of the build environment. ⚖️

✅ All versions pass

Python	Build	Install	Tests
3.10	✅	✅	✅
3.11	✅	✅	✅
3.12	✅	✅	✅
3.13	✅	✅	✅
3.14	✅	✅	✅

---

Keeping the repository healthy and happy. 😊