Skip to content

chore(deps): update dependency requests to v2.32.4 [security] #2403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency requests to v2.32.4 [security] #2403

wants to merge 1 commit into from

Conversation

renovate-bot
Copy link
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) ==2.32.3 -> ==2.32.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

Release Notes

psf/requests (requests)

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested a review from a team as a code owner June 10, 2025 09:11
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 10, 2025
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Jun 10, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 4e0e331 to c14a2eb Compare June 11, 2025 00:07
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from c14a2eb to 9f3368a Compare June 11, 2025 07:56
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 9f3368a to 8fa26d3 Compare June 11, 2025 16:57
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 8fa26d3 to 7e021f8 Compare June 12, 2025 03:16
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 7e021f8 to 0aebf10 Compare June 12, 2025 13:50
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 0aebf10 to 1502688 Compare June 12, 2025 22:46
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 1502688 to 0b6068f Compare June 13, 2025 05:40
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 0b6068f to 28bc3b0 Compare June 13, 2025 15:30
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 28bc3b0 to 1d37aaf Compare June 13, 2025 22:08
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 1d37aaf to 1a4a0ed Compare June 14, 2025 06:13
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 1a4a0ed to 690f972 Compare June 14, 2025 12:55
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 690f972 to 71be113 Compare June 14, 2025 22:13
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 71be113 to 53021c1 Compare June 15, 2025 05:38
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 53021c1 to eb8fb0b Compare June 15, 2025 14:10
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from eb8fb0b to 2f565d6 Compare June 16, 2025 05:47
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 16, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 16, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 2f565d6 to ad72538 Compare June 18, 2025 01:43
@trusted-contributions-gcf trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 18, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@vchudnov-g vchudnov-g

Labels
kokoro:force-run Add this label to force Kokoro to re-run the tests. size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @vchudnov-g