Skip to content

Bump requests from 2.32.5 to 2.33.0 in the pip group across 1 directory#168

Merged
docktermj merged 1 commit intomainfrom
dependabot/pip/pip-aa7cb66ac2
Mar 27, 2026
Merged

Bump requests from 2.32.5 to 2.33.0 in the pip group across 1 directory#168
docktermj merged 1 commit intomainfrom
dependabot/pip/pip-aa7cb66ac2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026
edited by github-actions Bot
Loading

Bumps the pip group with 1 update in the / directory: requests.

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Resolves #7271
Resolves #7012
Resolves #7205
Resolves #7196
Resolves #2330
Resolves #7293
Resolves #7292
Resolves #7244
Resolves #6960
Resolves psf/requests#6865
Resolves psf/requests#7220
Resolves psf/requests#6960
Resolves psf/requests#7244
Resolves psf/requests#6553
Resolves psf/requests#7227

@dependabot
Bump requests from 2.32.5 to 2.33.0 in the pip group across 1 directory
572bf1d 
Bumps the pip group with 1 update in the / directory: [requests](https://github.com/psf/requests).


Updates `requests` from 2.32.5 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner March 26, 2026 15:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 26, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 26, 2026

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps requests from 2.32.5 to 2.33.0 in requirements.txt.

Code Quality

  • ✅ Single-line change, no style concerns
  • ✅ No commented-out code
  • ✅ No variable names to evaluate
  • ✅ DRY principle N/A
  • ✅ No defects — version bump only, no logic changes

Testing

  • ✅ No new functions or endpoints introduced; existing tests cover the dependency
  • ✅ No edge cases to address for a version bump

Documentation

  • CHANGELOG.md — Not included in this diff. A dependency version bump should typically be noted in the changelog.

Security

  • ✅ No hardcoded credentials
  • ✅ No input validation concerns
  • ✅ No sensitive data in logs
  • ✅ No license files checked in
  • requests 2.33.0 is a routine update (this appears to be an automated Dependabot bump); upgrading requests is generally a security-positive action as patch/minor releases often include CVE fixes

Overall: This is a straightforward automated dependency bump. The only minor gap is the absence of a CHANGELOG entry. Approve with low risk.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 26, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj merged commit fd14635 into main Mar 27, 2026
17 checks passed
@docktermj docktermj deleted the dependabot/pip/pip-aa7cb66ac2 branch March 27, 2026 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@kernelsam kernelsam

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@docktermj @kernelsam @senzingdevops