Skip to content

Bump requests from 2.32.5 to 2.33.0#5

Open
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/uv/requests-2.33.0
Open

Bump requests from 2.32.5 to 2.33.0#5
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/uv/requests-2.33.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 28, 2026

Bumps requests from 2.32.5 to 2.33.0.

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

RaghavChamadiya and others added 2 commits March 28, 2026 19:32
@RaghavChamadiya
Add CODEOWNERS, security policy, and governance files (#3)
5137cee 
* Add open source governance files and clean up tracked files

- CODEOWNERS: @RaghavChamadiya and @swati510 as code owners
- SECURITY.md: vulnerability reporting policy
- CONTRIBUTING.md: setup guide and PR workflow
- Issue and PR templates
- Gitignore local dev scripts, API keys, and internal docs

* Fix security vulnerabilities and restore uv.lock for CI

- Upgrade next-mdx-remote 5.0.0 → 6.0.0 (arbitrary code execution fix)
- Upgrade next 15.5.13 → 15.5.14 (image cache growth fix)
- Fix picomatch, brace-expansion, yaml transitive vulnerabilities
- Pin next to ~15.5.14 to prevent accidental major version jumps
- Re-track uv.lock (needed by CI for reproducible Python installs)

* Restore [project] tables in sub-package pyproject.toml for uv sync

uv sync --all-packages requires a [project] table when package = true.
Added minimal project metadata to core, cli, and server sub-packages.

* Fix ruff lint errors and skip tests for missing optional deps

- Fix all ruff lint violations across packages/ and tests/
- Add pytest.importorskip for anthropic and openai test modules
  so CI passes without optional provider SDKs installed

* Update uv.lock after sub-package pyproject.toml changes

* Disable mypy strict mode in CI until type annotations are cleaned up

Relax mypy config and skip mypy CI step — the codebase has 38 type
annotation issues that need proper fixes. Ruff still catches the
important lint and formatting errors.

* Fix test failures: skip optional SDK tests, fix version assertion

- Add pytest.importorskip for gemini and openai embedder test modules
- Update test_version assertion from 0.1.0 to 0.1.2

* Add ESLint config to prevent next lint interactive prompt on CI
@dependabot
Bump requests from 2.32.5 to 2.33.0
e4fea2d 
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 28, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 28, 2026
@RaghavChamadiya
Copy link
Copy Markdown
Collaborator

RaghavChamadiya commented Apr 6, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 6, 2026

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaghavChamadiya RaghavChamadiya Awaiting requested review from RaghavChamadiya RaghavChamadiya is a code owner

@swati510 swati510 Awaiting requested review from swati510 swati510 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RaghavChamadiya