Update dependency requests to v2.34.2#166
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
May 21, 2024 02:14
9f17fa8 to
1ba30cb
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
May 22, 2024 02:57
1ba30cb to
9dc46df
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
May 29, 2024 16:19
9dc46df to
0ccc115
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
July 9, 2024 13:45
0ccc115 to
36aac1a
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
2 times, most recently
from
September 16, 2024 10:59
a2cf7cf to
b1c4e83
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
September 17, 2024 12:39
b1c4e83 to
4658b9a
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 8, 2025 15:22
4658b9a to
63de953
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 27, 2025 12:04
63de953 to
8cc730e
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 27, 2025 12:10
8cc730e to
6c033f7
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 27, 2025 12:15
6c033f7 to
558e811
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 27, 2025 12:18
558e811 to
af07baa
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
March 20, 2025 16:09
af07baa to
b60ab25
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
March 25, 2025 19:03
b60ab25 to
637e1fa
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
2 times, most recently
from
June 6, 2025 21:50
eaf1bdd to
00f2d67
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
June 9, 2025 19:33
00f2d67 to
a33c75e
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
June 25, 2025 14:11
a33c75e to
92b7752
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
August 18, 2025 21:12
92b7752 to
c3174ee
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
September 18, 2025 10:21
c3174ee to
c33e874
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
October 27, 2025 15:04
c33e874 to
e93756d
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 6, 2026 17:48
e93756d to
65aea90
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
January 7, 2026 21:38
65aea90 to
365d05d
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
2 times, most recently
from
March 30, 2026 17:36
0661a8d to
19ac0cd
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
May 11, 2026 20:50
19ac0cd to
fd449bf
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
May 13, 2026 20:46
fd449bf to
84e65dc
Compare
renovate
Bot
force-pushed
the
renovate/requests-2.x
branch
from
May 14, 2026 22:02
84e65dc to
e39162d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.31.0→==2.34.2Release Notes
psf/requests (requests)
v2.34.2Compare Source
headersinput type back toMappingto avoid invariance issueswith
MutableMappingand inferred dict types. Users callingRequest.headers.update()may need to narrow typing in their code. (#7441)v2.34.1Compare Source
Bugfixes
jsoninput type fromdictandlisttoMappingand
Sequence. (#7436)headersinput type to MutableMapping and removedNonefromRequest.headerstyping to improve handling for users. (#7431)Response.reasonmoved fromstr | Nonetostrto improve handlingfor users. (#7437)
__getattr__implementationsweren't being properly detected as Iterables. (#7433)
v2.34.0Compare Source
Announcements
Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy, pyright,
and ty. We believe types are comprehensive but if you find issues, please
report them to the pinned tracking issue.
Special thanks to @bastimeyer, @cthoyt, @edgarrmondragon, and @srittau for
helping review and test the types ahead of the release. (#7272)
Improvements
usedforsecurity=Falseto clarifysecurity considerations. (#7310)
should be able to start testing prior to its release in October. (#7422)
Bugfixes
Response.historyno longer contains a reference to itself, preventingaccidental looping when traversing the history list. (#7328)
proxy_bypass implementation has been updated with CPython's fix from
bpo-39057. (#7427)
URI paths. This should address user issues with specific presigned
URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
v2.33.1Compare Source
Bugfixes
files in the tmp directory. (#7305)
v2.33.0Compare Source
Announcements
uses Requests, please take a look at #7271. Give it a try, and report
any gaps or feedback you may have in the issue. 📣
Security
requests.utils.extract_zipped_pathsnow extractscontents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
Improvements
Bugfixes
malformed authentication to be applied to Requests on
Python 3.11+. (#7205)
Deprecations
Documentation
v2.32.5Compare Source
Bugfixes
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.
Deprecations
v2.32.4Compare Source
Security
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.
Improvements
Deprecations
v2.32.3Compare Source
Bugfixes
HTTPAdapter. (#6716)
without the
sslmodule. (#6724)v2.32.2Compare Source
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed
_get_connectiontoa new public API,
get_connection_with_tls_context. Existing customHTTPAdapters will need to migrate their code to use this new API.
get_connectionis considered deprecated in all versions of Requests>=2.32.0.A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1Compare Source
Bugfixes
v2.32.0Compare Source
Security
verify=Falseon the first request from aSession will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of
verify.(GHSA-9wx4-h78v-vm56)
Improvements
verify=Truenow reuses a global SSLContext which should improverequest time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
(
chardetorcharset_normalizer) when repackaged or vendored.This enables
pipand other projects to minimize their vendoringsurface area. The
Response.text()andapparent_encodingAPIswill default to
utf-8if neither library is present. (#6702)Bugfixes
calculated in the request content-length. (#6589)
/(path separator) could leadurllib3 to unnecessarily reparse the request URI. (#6644)
Deprecations
Documentation
Packaging
The source files for the projects (formerly
requests) is now locatedin
src/requestsin the Requests sdist. (#6506)using
hatchling. This should not impact the average user, but extremely oldversions of packaging utilities may have issues with the new packaging format.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.