chore(deps): update dependency requests to v2.32.4 [security] by renovate-bot · Pull Request #2403 · googleapis/gapic-generator-python

renovate-bot · 2025-06-10T09:11:45Z

This PR contains the following updates:

Package	Change	Age	Confidence
requests (source, changelog)	`==2.32.3` -> `==2.32.4`

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

Release Notes

psf/requests (requests)

`v2.32.4`

Compare Source

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.
Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

forking-renovate · 2025-08-28T14:46:54Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate-bot requested a review from a team June 10, 2025 09:11

trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 10, 2025

product-auto-label bot added the size: xs Pull request size is extra small. label Jun 10, 2025

blunderbuss-gcf bot assigned vchudnov-g Jun 10, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 4e0e331 to c14a2eb Compare June 11, 2025 00:07

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from c14a2eb to 9f3368a Compare June 11, 2025 07:56

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 9f3368a to 8fa26d3 Compare June 11, 2025 16:57

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 8fa26d3 to 7e021f8 Compare June 12, 2025 03:16

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 7e021f8 to 0aebf10 Compare June 12, 2025 13:50

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 0aebf10 to 1502688 Compare June 12, 2025 22:46

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 1502688 to 0b6068f Compare June 13, 2025 05:40

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 0b6068f to 28bc3b0 Compare June 13, 2025 15:30

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 53021c1 to eb8fb0b Compare June 15, 2025 14:10

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 15, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from eb8fb0b to 2f565d6 Compare June 16, 2025 05:47

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 16, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 16, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 2f565d6 to ad72538 Compare June 18, 2025 01:43

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 18, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 18, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from ad72538 to 38b254b Compare July 14, 2025 13:03

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 14, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 14, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 38b254b to 372d8c1 Compare July 14, 2025 19:32

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 14, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 14, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 372d8c1 to 4e16cdd Compare July 15, 2025 02:38

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 15, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 15, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 4e16cdd to 383d420 Compare July 15, 2025 09:52

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 15, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 15, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 383d420 to 71e6d03 Compare July 15, 2025 22:42

trusted-contributions-gcf bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 15, 2025

gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 15, 2025

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 71e6d03 to 6f03261 Compare July 16, 2025 08:38

renovate-bot and others added 2 commits August 28, 2025 14:16

chore(deps): update dependency requests to v2.32.4 [security]

c75e34a

Merge branch 'main' into renovate/pypi-requests-vulnerability

172248b

parthea approved these changes Aug 28, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency requests to v2.32.4 [security]#2403

chore(deps): update dependency requests to v2.32.4 [security]#2403
parthea merged 2 commits intogoogleapis:mainfrom
renovate-bot:renovate/pypi-requests-vulnerability

renovate-bot commented Jun 10, 2025 •

edited

Loading

Uh oh!

forking-renovate bot commented Aug 28, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

renovate-bot commented Jun 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Workarounds

References

Release Notes

v2.32.4

Configuration

Uh oh!

forking-renovate bot commented Aug 28, 2025

Edited/Blocked Notification

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

renovate-bot commented Jun 10, 2025 •

edited

Loading

`v2.32.4`