Skip to content

build(deps): bump requests from 2.32.3 to 2.32.5#4363

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/requests-2.32.5
Closed

build(deps): bump requests from 2.32.3 to 2.32.5#4363
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/requests-2.32.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps requests from 2.32.3 to 2.32.5.

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)
Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.
Commits
  • b25c87d v2.32.5
  • 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
  • b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
  • 46e939b Update publish workflow to use artifact-id instead of name
  • 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
  • 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
  • 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
  • fec96cd Update Makefile rules (#6996)
  • d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
  • 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 26, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 26, 2026 09:17
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 26, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 10, 2026

This PR has been automatically marked as stale because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 days of this comment.
If you're still working on this, please add a comment or push new commits.

@github-actions github-actions Bot added the Stale label Apr 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/requests-2.32.5 branch from 5563bea to acdac91 Compare April 10, 2026 08:01
@github-actions github-actions Bot removed the Stale label Apr 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/requests-2.32.5 branch 3 times, most recently from daa2cb1 to 1f8bfa6 Compare April 20, 2026 10:20
@dependabot
build(deps): bump requests from 2.32.3 to 2.32.5
c0cbe32 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.5.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.3...v2.32.5)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/requests-2.32.5 branch from 1f8bfa6 to c0cbe32 Compare April 22, 2026 11:23
@xrmx xrmx mentioned this pull request May 11, 2026
Merged
11 tasks
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 12, 2026

This PR has been automatically marked as stale because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 days of this comment.
If you're still working on this, please add a comment or push new commits.

@github-actions github-actions Bot added the Stale label May 12, 2026
@xrmx xrmx closed this in #4565 May 12, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 12, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/uv/requests-2.32.5 branch May 12, 2026 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code Stale

Projects

Python PR digest
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants