Skip to content

deps(python)(deps): bump requests from 2.32.5 to 2.33.1#1002

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/main/requests-2.33.1
Apr 1, 2026
Merged

deps(python)(deps): bump requests from 2.32.5 to 2.33.1#1002
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/main/requests-2.33.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps requests from 2.32.5 to 2.33.1.

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits

@dependabot dependabot bot added dependencies Dependency updates (Dependabot) python Python pipeline / pip ecosystem labels Apr 1, 2026
@dependabot dependabot bot requested a review from ericsocrat as a code owner April 1, 2026 04:32
@dependabot dependabot bot added dependencies Dependency updates (Dependabot) python Python pipeline / pip ecosystem labels Apr 1, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tryvit Ready Ready Preview, Comment Apr 1, 2026 4:40am

@github-actions github-actions bot enabled auto-merge (squash) April 1, 2026 04:32
@dependabot
deps(python)(deps): bump requests from 2.32.5 to 2.33.1
4c3d80e 
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.1.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/main/requests-2.33.1 branch from ae2beb4 to 4c3d80e Compare April 1, 2026 04:37
@github-actions github-actions bot merged commit 79138ba into main Apr 1, 2026
13 of 15 checks passed
@dependabot dependabot bot deleted the dependabot/pip/main/requests-2.33.1 branch April 1, 2026 04:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericsocrat ericsocrat Awaiting requested review from ericsocrat ericsocrat is a code owner

Assignees

@ericsocrat ericsocrat

Labels

dependencies Dependency updates (Dependabot) python Python pipeline / pip ecosystem

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ericsocrat