Skip to content

Commit fe0853c

Browse files
committed
Merge branch 'main' into edit-14
2 parents 5547eef + 6f66281 commit fe0853c

53 files changed

Lines changed: 1697 additions & 898 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/AI_POLICY.md

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
# Generative AI / LLM Policy
2+
3+
We appreciate that we can't realistically police how you author your pull requests, which includes whether you employ large-language model (LLM)-based development tools.
4+
So, we don't.
5+
6+
However, due to both legal and human reasons, we have to establish boundaries.
7+
8+
> [!CAUTION]
9+
> **TL;DR:**
10+
> - We take the responsibility for this project very seriously and we expect you to take your responsibility for your contributions seriously, too.
11+
> This used to be a given, but it changed now that a pull request is just one prompt away.
12+
>
13+
> - Every contribution has to be backed by a human who unequivocally owns the copyright for all changes.
14+
> No LLM bots in `Co-authored-by:`s.
15+
>
16+
> - DoS-by-slop leads to a permanent ban.
17+
>
18+
> - Absolutely **no** unsupervised agentic tools like OpenClaw.
19+
>
20+
> ---
21+
>
22+
> By submitting a pull request, you certify that:
23+
>
24+
> - You are the author of the contribution or have the legal right to submit it.
25+
> - You either hold the copyright to the changes or have explicit legal authorization to contribute them under this project's license.
26+
> - You understand the code.
27+
> - You accept full responsibility for it.
28+
29+
30+
## Legal
31+
32+
There is ongoing legal uncertainty regarding the copyright status of LLM-generated works and their provenance.
33+
Since we do not have a formal [Contributor License Agreement](https://en.wikipedia.org/wiki/Contributor_license_agreement) (CLA), you retain your copyright to your changes to this project.
34+
35+
Therefore, allowing contributions by LLMs has unpredictable consequences for the copyright status of this project – even when leaving aside possible copyright violations due to plagiarism.
36+
37+
38+
## Human
39+
40+
As the makers of software that is used by millions of people worldwide and with a reputation for high-quality maintenance, we take our responsibility to our users very seriously.
41+
No matter what LLM vendors or boosters on LinkedIn tell you, we have to manually review every change before merging, because it's **our responsibility** to keep the project stable.
42+
43+
Please understand that by opening low-quality pull requests you're not helping anyone.
44+
Worse, you're [poisoning the open source ecosystem](https://lwn.net/Articles/1058266/) that was precarious even before the arrival of LLM tools.
45+
Having to wade through plausible-looking-but-low-quality pull requests and trying to determine which ones are legit is extremely demoralizing and has already burned out many good maintainers.
46+
47+
Put bluntly, we have no time or interest to become part of your vibe coding loop where you drop LLM slop at our door, we spend time and energy to review it, and you just feed it back into the LLM for another iteration.
48+
49+
This dynamic is especially pernicious because it poisons the well for mentoring new contributors which we are committed to.
50+
51+
52+
## Summary
53+
54+
In practice, this means:
55+
56+
- Pull requests that have an LLM product listed as co-author can't be merged and will be closed without further discussion.
57+
We cannot risk the copyright status of this project.
58+
59+
If you used LLM tools during development, you may still submit – but you must remove any LLM co-author tags and take full ownership of every line.
60+
61+
- By submitting a pull request, **you** take full **technical and legal** responsibility for the contents of the pull request and promise that **you** hold the copyright for the changes submitted.
62+
63+
"An LLM wrote it" is **not** an acceptable response to questions or critique.
64+
**If you cannot explain and defend the changes you submit, do not submit them** and open a high-quality bug report/feature request instead.
65+
66+
- Accounts that exercise bot-like behavior – like automated mass pull requests – will be permanently banned, whether they belong to a human or not.
67+
68+
- Do **not** post LLM-generated review comments – we can prompt LLMs ourselves should we desire their wisdom.
69+
Do **not** post summaries unless you've fact-checked them and take responsibility for 100% of their content.
70+
Remember that *all* LLM output *looks* **plausible**.
71+
When using these tools, it's **your** responsibility to ensure that it's also **correct** and has a reasonable signal-to-noise ratio.
72+
73+
---
74+
75+
# Credits, Attribution
76+
77+
The original version of this can be found in [pyca/service-identity][] and is
78+
used with permission from Hynek Schlawack.
79+
80+
[pyca/service-identity]:
81+
https://github.com/pyca/service-identity/blob/fa91bf55cfda64145aa3d202cc84059befb98af4/.github/AI_POLICY.md

.github/CONTRIBUTING.md

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
# Contribution Guidelines
22

33
Before opening any issues or proposing any pull requests, please read
4-
our [Contributor's Guide](https://requests.readthedocs.io/en/latest/dev/contributing/).
4+
our [Contributor's Guide](https://requests.readthedocs.io/en/latest/dev/contributing/)
5+
as well as our [AI Policy](./AI_POLICY.md).
56

67
To get the greatest chance of helpful responses, please also observe the
78
following additional notes.
@@ -52,3 +53,14 @@ Please be aware of the following things when filing bug reports:
5253
If you do not provide all of these things, it will take us much longer to
5354
fix your problem. If we ask you to clarify these and you never respond, we
5455
will close your issue without fixing it.
56+
57+
## Good Pull Requests
58+
59+
1. Avoid raising duplicate pull requests. *Please* use the GitHub pull request
60+
search feature to check whether someone else has already filed a pull
61+
request.
62+
2. When filing a pull request, always include tests that fail without your
63+
changes thus preventing the fix from regressing.
64+
3. Always run the test suite locally
65+
4. Write commit messages that explain _why_ a change was made beyond "Fixes
66+
#NNNN". Why is this the right fix? What other options were ruled out? etc.

.github/dependabot.yml

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,27 @@
11
version: 2
22
updates:
3-
- package-ecosystem: github-actions
4-
directory: /
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
55
schedule:
6-
interval: weekly
6+
interval: "weekly"
77
ignore:
88
# Ignore all patch releases as we can manually
99
# upgrade if we run into a bug and need a fix.
1010
- dependency-name: "*"
1111
update-types: ["version-update:semver-patch"]
1212
cooldown:
1313
default-days: 7
14+
groups:
15+
actions:
16+
patterns:
17+
- "*"
18+
- package-ecosystem: "pre-commit"
19+
directory: "/"
20+
schedule:
21+
interval: "weekly"
22+
cooldown:
23+
default-days: 7
24+
groups:
25+
pre-commit:
26+
patterns:
27+
- "*"

.github/workflows/codeql-analysis.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646

4747
# Initializes the CodeQL tools for scanning.
4848
- name: Initialize CodeQL
49-
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
49+
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
5050
with:
5151
languages: "python"
5252
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
5757
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5858
# If this step fails, then you should remove it and run the build manually (see below)
5959
- name: Autobuild
60-
uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
60+
uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
6161

6262
# ℹ️ Command-line programs to run using the OS shell.
6363
# 📚 https://git.io/JvXDl
@@ -71,4 +71,4 @@ jobs:
7171
# make release
7272

7373
- name: Perform CodeQL Analysis
74-
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
74+
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0

.github/workflows/publish.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ jobs:
6767
path: "dist/"
6868

6969
- name: "Publish dists to PyPI"
70-
uses: "pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e" # v1.13.0
70+
uses: "pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b" # v1.14.0
7171
with:
7272
attestations: true
7373

@@ -89,7 +89,7 @@ jobs:
8989
path: "dist/"
9090

9191
- name: "Publish dists to Test PyPI"
92-
uses: "pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e" # v1.13.0
92+
uses: "pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b" # v1.14.0
9393
with:
9494
repository-url: https://test.pypi.org/legacy/
9595
attestations: true

.github/workflows/run-tests.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,11 @@ permissions:
88
jobs:
99
build:
1010
runs-on: ${{ matrix.os }}
11-
continue-on-error: ${{ matrix.python-version == '3.15-dev' }}
1211
timeout-minutes: 10
1312
strategy:
1413
fail-fast: false
1514
matrix:
16-
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14", "3.15-dev", "pypy-3.11"]
15+
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14", "3.14t", "3.15-dev", "pypy-3.11"]
1716
os: [ubuntu-22.04, macOS-latest, windows-latest]
1817
# Pypy-3.11 can't install openssl-sys with rust
1918
# which prevents us from testing in GHA.

.github/workflows/typecheck.yml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
name: Type Check
2+
3+
on: [push, pull_request]
4+
5+
permissions:
6+
contents: read
7+
8+
jobs:
9+
typecheck:
10+
runs-on: ubuntu-24.04
11+
timeout-minutes: 10
12+
strategy:
13+
matrix:
14+
python-version: ["3.10", "3.14"]
15+
16+
steps:
17+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18+
with:
19+
persist-credentials: false
20+
21+
- name: Set up Python
22+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
23+
with:
24+
python-version: ${{ matrix.python-version }}
25+
26+
- name: Install dependencies
27+
run: |
28+
python -m pip install pip==26.0.1
29+
python -m pip install -e . --group typecheck
30+
31+
- name: Run pyright
32+
run: python -m pyright src/requests/

.pre-commit-config.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,20 @@ exclude: 'docs/|ext/'
22

33
repos:
44
- repo: https://github.com/pre-commit/pre-commit-hooks
5-
rev: v4.4.0
5+
rev: v6.0.0
66
hooks:
7+
- id: check-case-conflict
8+
- id: check-merge-conflict
9+
- id: check-toml
710
- id: check-yaml
811
- id: end-of-file-fixer
12+
- id: mixed-line-ending
13+
args: [--fix=auto]
914
- id: trailing-whitespace
1015
- repo: https://github.com/astral-sh/ruff-pre-commit
11-
rev: v0.9.3
16+
rev: v0.15.15
1217
hooks:
13-
- id: ruff
18+
- id: ruff-check
1419
args: [--fix]
1520
- id: ruff-format
1621
exclude: tests/test_lowlevel.py

HISTORY.md

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,58 @@ dev
66

77
- \[Short description of non-trivial change.\]
88

9+
10+
2.34.2 (2026-05-14)
11+
-------------------
12+
- Moved `headers` input type back to `Mapping` to avoid invariance issues
13+
with `MutableMapping` and inferred dict types. Users calling
14+
`Request.headers.update()` may need to narrow typing in their code. (#7441)
15+
16+
17+
2.34.1 (2026-05-13)
18+
-------------------
19+
20+
**Bugfixes**
21+
- Widened `json` input type from `dict` and `list` to `Mapping`
22+
and `Sequence`. (#7436)
23+
- Changed `headers` input type to MutableMapping and removed `None` from
24+
`Request.headers` typing to improve handling for users. (#7431)
25+
- `Response.reason` moved from `str | None` to `str` to improve handling
26+
for users. (#7437)
27+
- Fixed a bug where some bodies with custom `__getattr__` implementations
28+
weren't being properly detected as Iterables. (#7433)
29+
30+
31+
2.34.0 (2026-05-11)
32+
-------------------
33+
34+
**Announcements**
35+
- Requests 2.34.0 introduces inline types, replacing those provided by
36+
typeshed. Public API types should be fully compatible with mypy, pyright,
37+
and ty. We believe types are comprehensive but if you find issues, please
38+
report them to the pinned tracking issue.
39+
40+
Special thanks to @bastimeyer, @cthoyt, @edgarrmondragon, and @srittau for
41+
helping review and test the types ahead of the release. (#7272)
42+
43+
**Improvements**
44+
- Digest Auth hashing algorithms have added `usedforsecurity=False` to clarify
45+
security considerations. (#7310)
46+
- Requests added support for Python 3.15 based on beta1. Downstream projects
47+
should be able to start testing prior to its release in October. (#7422)
48+
- Requests added support for Python 3.14t. (#7419)
49+
50+
**Bugfixes**
51+
- ``Response.history`` no longer contains a reference to itself, preventing
52+
accidental looping when traversing the history list. (#7328)
53+
- Requests no longer performs greedy matching on no_proxy domains. The
54+
proxy_bypass implementation has been updated with CPython's fix from
55+
bpo-39057. (#7427)
56+
- Requests no longer incorrectly strips duplicate leading slashes in
57+
URI paths. This should address user issues with specific presigned
58+
URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
59+
60+
961
2.33.1 (2026-03-30)
1062
-------------------
1163

README.md

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
[![Supported Versions](https://img.shields.io/pypi/pyversions/requests.svg)](https://pypi.org/project/requests)
55
[![Downloads](https://static.pepy.tech/badge/requests/month)](https://pepy.tech/project/requests)
66
[![Contributors](https://img.shields.io/github/contributors/psf/requests.svg)](https://github.com/psf/requests/graphs/contributors)
7+
[![Documentation](https://readthedocs.org/projects/requests/badge/?version=latest)](https://requests.readthedocs.io)
78

89
**Requests** is a simple, yet elegant, HTTP library.
910

@@ -24,7 +25,7 @@
2425

2526
Requests allows you to send HTTP/1.1 requests extremely easily. There’s no need to manually add query strings to your URLs, or to form-encode your `PUT` & `POST` data — but nowadays, just use the `json` method!
2627

27-
Requests is one of the most downloaded Python packages today, pulling in around `30M downloads / week`— according to GitHub, Requests is currently [depended upon](https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D) by `1,000,000+` repositories. You may certainly put your trust in this code.
28+
Requests is one of the most downloaded Python packages today, pulling in around `300M downloads / week` — according to GitHub, Requests is currently [depended upon](https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D) by `4,000,000+` repositories.
2829

2930
## Installing Requests and Supported Versions
3031

@@ -54,10 +55,6 @@ Requests is ready for the demands of building robust and reliable HTTP–speakin
5455
- Automatic honoring of `.netrc`
5556
- Chunked HTTP Requests
5657

57-
## API Reference and User Guide available on [Read the Docs](https://requests.readthedocs.io)
58-
59-
[![Read the Docs](https://raw.githubusercontent.com/psf/requests/main/ext/ss.png)](https://requests.readthedocs.io)
60-
6158
## Cloning the repository
6259

6360
When cloning the Requests repository, you may need to add the `-c

0 commit comments

Comments
 (0)