Skip to content

Update requests to 2.33.1#196

Open
pyup-bot wants to merge 1 commit intomasterfrom
pyup-update-requests-2.32.3-to-2.33.1
Open

Update requests to 2.33.1#196
pyup-bot wants to merge 1 commit intomasterfrom
pyup-update-requests-2.32.3-to-2.33.1

Conversation

@pyup-bot
Copy link
Copy Markdown
Collaborator

@pyup-bot pyup-bot commented Mar 31, 2026

This PR updates requests from 2.32.3 to 2.33.1.

Changelog

2.33.1

-------------------

**Bugfixes**
- Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
files in the tmp directory. (7305)
- Fixed Content-Type header parsing for malformed values. (7309)
- Improved error consistency for malformed header values. (7308)

2.33.0

-------------------

**Announcements**
- 📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at 7271. Give it a try, and report
any gaps or feedback you may have in the issue. 📣

**Security**
- CVE-2026-25645 ``requests.utils.extract_zipped_paths`` now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.

**Improvements**
- Migrated to a PEP 517 build system using setuptools. (7012)

**Bugfixes**
- Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (7205)

**Deprecations**
- Dropped support for Python 3.9 following its end of support. (7196)

**Documentation**
- Various typo fixes and doc improvements.

2.32.5

-------------------

**Bugfixes**

- The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.

**Deprecations**
- Added support for Python 3.14.
- Dropped support for Python 3.8 following its end of support.

2.32.4

-------------------

**Security**
- CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

**Improvements**
- Numerous documentation improvements

**Deprecations**
- Added support for pypy 3.11 for Linux and macOS.
- Dropped support for pypy 3.9 following its end of support.
Links

@pyup-bot pyup-bot mentioned this pull request Mar 31, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pyup-bot