Update dependency requests to >=2.33.1 #475

Merged

tobru merged 1 commit from renovate/requests-2.x into main

2026-04-16 05:29:23 +00:00

renovate commented

2026-04-01 03:01:30 +00:00

Member

This PR contains the following updates:

Package	Change	Age	Confidence
requests (changelog)	`>=2.32.5` → `>=2.33.1`

Release Notes

psf/requests (requests)

`v2.33.1`

Compare Source

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory. (#7305)
Fixed Content-Type header parsing for malformed values. (#7309)
Improved error consistency for malformed header values. (#7308)

`v2.33.0`

Compare Source

Announcements

📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at #7271. Give it a try, and report
any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [requests](https://github.com/psf/requests) ([changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | `>=2.32.5` → `>=2.33.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.33.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.32.5/2.33.1?slim=true) | --- ### Release Notes <details> <summary>psf/requests (requests)</summary> ### [`v2.33.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2331-2026-03-30) [Compare Source](https://github.com/psf/requests/compare/v2.33.0...v2.33.1) **Bugfixes** - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. ([#7305](https://github.com/psf/requests/issues/7305)) - Fixed Content-Type header parsing for malformed values. ([#7309](https://github.com/psf/requests/issues/7309)) - Improved error consistency for malformed header values. ([#7308](https://github.com/psf/requests/issues/7308)) ### [`v2.33.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2330-2026-03-25) [Compare Source](https://github.com/psf/requests/compare/v2.32.5...v2.33.0) **Announcements** - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at [#7271](https://github.com/psf/requests/issues/7271). Give it a try, and report any gaps or feedback you may have in the issue. 📣 **Security** - CVE-2026-25645 `requests.utils.extract_zipped_paths` now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. **Improvements** - Migrated to a PEP 517 build system using setuptools. ([#7012](https://github.com/psf/requests/issues/7012)) **Bugfixes** - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. ([#7205](https://github.com/psf/requests/issues/7205)) **Deprecations** - Dropped support for Python 3.9 following its end of support. ([#7196](https://github.com/psf/requests/issues/7196)) **Documentation** - Various typo fixes and doc improvements. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).