Skip to content

Update dependency requests to v2.34.2#3474

Merged
plengauer merged 1 commit into
mainfrom
renovate/requests-2.x
May 23, 2026
Merged

Update dependency requests to v2.34.2#3474
plengauer merged 1 commit into
mainfrom
renovate/requests-2.x

Conversation

@plengauer
Copy link
Copy Markdown
Owner

@plengauer plengauer commented May 20, 2026

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (changelog) ==2.32.5==2.34.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

psf/requests (requests)

v2.34.2

Compare Source

  • Moved headers input type back to Mapping to avoid invariance issues
    with MutableMapping and inferred dict types. Users calling
    Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

  • Widened json input type from dict and list to Mapping
    and Sequence. (#​7436)
  • Changed headers input type to MutableMapping and removed None from
    Request.headers typing to improve handling for users. (#​7431)
  • Response.reason moved from str | None to str to improve handling
    for users. (#​7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations
    weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by
    typeshed. Public API types should be fully compatible with mypy, pyright,
    and ty. We believe types are comprehensive but if you find issues, please
    report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
    helping review and test the types ahead of the release. (#​7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify
    security considerations. (#​7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects
    should be able to start testing prior to its release in October. (#​7422)
  • Requests added support for Python 3.14t. (#​7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing
    accidental looping when traversing the history list. (#​7328)
  • Requests no longer performs greedy matching on no_proxy domains. The
    proxy_bypass implementation has been updated with CPython's fix from
    bpo-39057. (#​7427)
  • Requests no longer incorrectly strips duplicate leading slashes in
    URI paths. This should address user issues with specific presigned
    URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

v2.33.1

Compare Source

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
    files in the tmp directory. (#​7305)
  • Fixed Content-Type header parsing for malformed values. (#​7309)
  • Improved error consistency for malformed header values. (#​7308)

v2.33.0

Compare Source

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that
    uses Requests, please take a look at #​7271. Give it a try, and report
    any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
    contents to a non-deterministic location to prevent malicious file
    replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#​7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause
    malformed authentication to be applied to Requests on
    Python 3.11+. (#​7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#​7196)

Documentation

  • Various typo fixes and doc improvements.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled because a matching PR was automerged previously.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@plengauer plengauer requested a review from moflwi as a code owner May 20, 2026 01:10
Copilot AI review requested due to automatic review settings May 20, 2026 01:10
Copilot AI reviewed May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates the Python dependency requests to a newer patch/minor release within the opentelemetry_shell component.

Changes:

  • Bump requests from 2.32.5 to 2.34.2 in pinned requirements

Comment thread src/opt/opentelemetry_shell/requirements.txt
@plengauer plengauer force-pushed the renovate/requests-2.x branch from 7fcf909 to 75f3981 Compare May 20, 2026 18:31
@plengauer plengauer force-pushed the renovate/requests-2.x branch from 75f3981 to 4a0948d Compare May 22, 2026 10:31
@plengauer plengauer merged commit aea3292 into main May 23, 2026
2290 of 2300 checks passed
@plengauer plengauer deleted the renovate/requests-2.x branch May 23, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@moflwi moflwi moflwi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@plengauer @moflwi @renovate-bot