Bump requests from 2.32.5 to 2.33.1 by dependabot[bot] · Pull Request #942 · KnowledgeCaptureAndDiscovery/somef

dependabot · 2026-03-31T09:50:18Z

Bumps requests from 2.32.5 to 2.33.1.

Release notes

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

New Contributors

@ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

111d2b7 v2.33.1
f0198e6 Fix malformed value parsing for Content-Type (#7309)
bc7dd0f Fix cosmetic header validity parsing regex (#7308)
4443b1a Fix unintended test extra (#7306)
389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
7407309 Packaging: DRY out extras definition (#7277)
bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.1. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.1) --- updated-dependencies: - dependency-name: requests dependency-version: 2.33.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-11T09:14:13Z

Superseded by #1021.

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 31, 2026

dependabot Bot force-pushed the dependabot/pip/dev/requests-2.33.1 branch from 895eb08 to 8ef28f6 Compare April 23, 2026 09:12

dependabot Bot closed this Jun 11, 2026

dependabot Bot deleted the dependabot/pip/dev/requests-2.33.1 branch June 11, 2026 09:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump requests from 2.32.5 to 2.33.1#942

Bump requests from 2.32.5 to 2.33.1#942
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/requests-2.33.1

dependabot Bot commented on behalf of github Mar 31, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.33.1

2.33.1 (2026-03-30)

New Contributors

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.1 (2026-03-30)

2.33.0 (2026-03-25)

Uh oh!

dependabot Bot commented on behalf of github Jun 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Mar 31, 2026 •

edited

Loading