perso/syncserver
Archived
4
0
Fork 0
Code Issues 1 Pull Requests 10 Actions Releases Wiki Activity

Update dependency requests to v2.34.2 #8

Open
jcabillot wants to merge 1 commits from renovate/requests-2.x into master
pull from: renovate/requests-2.x
merge into: perso:master
Conversation 0 Commits 1 Files Changed 1
+1 -1
jcabillot commented 2026-05-26 23:18:47 -04:00
Owner
Copy Link
Copy Source

This PR contains the following updates:

Package Update Change
requests (changelog) minor ==2.13==2.34.2

Release Notes

psf/requests (requests)

v2.34.2

Compare Source

  • Moved headers input type back to Mapping to avoid invariance issues
    with MutableMapping and inferred dict types. Users calling
    Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

  • Widened json input type from dict and list to Mapping
    and Sequence. (#​7436)
  • Changed headers input type to MutableMapping and removed None from
    Request.headers typing to improve handling for users. (#​7431)
  • Response.reason moved from str | None to str to improve handling
    for users. (#​7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations
    weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by
    typeshed. Public API types should be fully compatible with mypy, pyright,
    and ty. We believe types are comprehensive but if you find issues, please
    report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
    helping review and test the types ahead of the release. (#​7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify
    security considerations. (#​7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects
    should be able to start testing prior to its release in October. (#​7422)
  • Requests added support for Python 3.14t. (#​7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing
    accidental looping when traversing the history list. (#​7328)
  • Requests no longer performs greedy matching on no_proxy domains. The
    proxy_bypass implementation has been updated with CPython's fix from
    bpo-39057. (#​7427)
  • Requests no longer incorrectly strips duplicate leading slashes in
    URI paths. This should address user issues with specific presigned
    URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

v2.33.1

Compare Source

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
    files in the tmp directory. (#​7305)
  • Fixed Content-Type header parsing for malformed values. (#​7309)
  • Improved error consistency for malformed header values. (#​7308)

v2.33.0

Compare Source

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that
    uses Requests, please take a look at #​7271. Give it a try, and report
    any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
    contents to a non-deterministic location to prevent malicious file
    replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#​7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause
    malformed authentication to be applied to Requests on
    Python 3.11+. (#​7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#​7196)

Documentation

  • Various typo fixes and doc improvements.

v2.32.5

Compare Source

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created
    a new class of issues in Requests that have had negative impact across a number
    of use cases. The Requests team has decided to revert this feature as long term
    maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

v2.32.3

Compare Source

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
    HTTPAdapter. (#​6716)
  • Fixed issue where Requests started failing to run on Python versions compiled
    without the ssl module. (#​6724)

v2.32.2

Compare Source

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted
    by the CVE changes in 2.32.0, we've renamed _get_connection to
    a new public API, get_connection_with_tls_context. Existing custom
    HTTPAdapters will need to migrate their code to use this new API.
    get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease
    migration, but we strongly urge users to evaluate if their custom adapter
    is subject to the same issue described in CVE-2024-35195. (#​6710)

v2.32.1

Compare Source

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

Compare Source

Security

Improvements

  • verify=True now reuses a global SSLContext which should improve
    request time variance between first and subsequent requests. It should
    also minimize certificate load time on Windows systems when using a Python
    version built with OpenSSL 3.x. (#​6667)
  • Requests now supports optional use of character detection
    (chardet or charset_normalizer) when repackaged or vendored.
    This enables pip and other projects to minimize their vendoring
    surface area. The Response.text() and apparent_encoding APIs
    will default to utf-8 if neither library is present. (#​6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly
    calculated in the request content-length. (#​6589)
  • Fixed deserialization bug in JSONDecodeError. (#​6629)
  • Fixed bug where an extra leading / (path separator) could lead
    urllib3 to unnecessarily reparse the request URI. (#​6644)

Deprecations

  • Requests has officially added support for CPython 3.12 (#​6503)
  • Requests has officially added support for PyPy 3.9 and 3.10 (#​6641)
  • Requests has officially dropped support for CPython 3.7 (#​6642)
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#​6641)

Documentation

  • Various typo fixes and doc improvements.

Packaging

  • Requests has started adopting some modern packaging practices.
    The source files for the projects (formerly requests) is now located
    in src/requests in the Requests sdist. (#​6506)
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
    using hatchling. This should not impact the average user, but extremely old
    versions of packaging utilities may have issues with the new packaging format.

v2.31.0

Compare Source

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
    forwarding of Proxy-Authorization headers to destination servers when
    following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests
    will construct a Proxy-Authorization header that is attached to the request to
    authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached
    the Proxy-Authorization header incorrectly, resulting in the value being
    sent through the tunneled connection to the destination server. Users who rely on
    defining their proxy credentials in the URL are strongly encouraged to upgrade
    to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
    credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through
    the user information portion of their proxy URL are not subject to this
    vulnerability.

    Full details can be read in our Github Security Advisory
    and CVE-2023-32681.

v2.30.0

Compare Source

Dependencies

v2.29.0

Compare Source

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve
    standardization. (#​6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#​6356)

v2.28.2

Compare Source

Dependencies

  • Requests now supports charset_normalizer 3.x. (#​6261)

Bugfixes

  • Updated MissingSchema exception to suggest https scheme rather than http. (#​6188)

v2.28.1

Compare Source

Improvements

  • Speed optimization in iter_content with transition to yield from. (#​6170)

Dependencies

  • Added support for chardet 5.0.0 (#​6179)
  • Added support for charset-normalizer 2.1.0 (#​6169)

v2.28.0

Compare Source

Deprecations

  • ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#​6091)
  • Requests has officially dropped support for Python 3.6 (including pypy3.6). (#​6091)

Improvements

  • Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
    an encoding to make json() API consistent. (#​6097)
  • Parse header components consistently, raising an InvalidHeader error in
    all invalid cases. (#​6154)
  • Added provisional 3.11 support with current beta build. (#​6155)
  • Requests got a makeover and we decided to paint it black. (#​6095)

Bugfixes

  • Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable
    cert verification. All Requests 2.x versions before 2.28.0 are affected. (#​6074)
  • Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with
    requests.exceptions.SSLError for content and iter_content. (#​6057)
  • Fixed issue where invalid Windows registry entries caused proxy resolution
    to raise an exception rather than ignoring the entry. (#​6149)
  • Fixed issue where entire payload could be included in the error message for
    JSONDecodeError. (#​6036)

v2.27.1

Compare Source

Bugfixes

  • Fixed parsing issue that resulted in the auth component being
    dropped from proxy URLs. (#​6028)

v2.27.0

Compare Source

Improvements

  • Officially added support for Python 3.10. (#​5928)

  • Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between
    Python 2 and 3. This gets raised in the response.json() method, and is
    backwards compatible as it inherits from previously thrown exceptions.
    Can be caught from requests.exceptions.RequestException as well. (#​5856)

  • Improved error text for misnamed InvalidSchema and MissingSchema
    exceptions. This is a temporary fix until exceptions can be renamed
    (Schema->Scheme). (#​6017)

  • Improved proxy parsing for proxy URLs missing a scheme. This will address
    recent changes to urlparse in Python 3.9+. (#​5917)

Bugfixes

  • Fixed defect in extract_zipped_paths which could result in an infinite loop
    for some paths. (#​5851)

  • Fixed handling for AttributeError when calculating length of files obtained
    by Tarfile.extractfile(). (#​5239)

  • Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with
    requests.exceptions.InvalidHeader. (#​5914)

  • Fixed bug where two Host headers were sent for chunked requests. (#​5391)

  • Fixed regression in Requests 2.26.0 where Proxy-Authorization was
    incorrectly stripped from all requests sent with Session.send. (#​5924)

  • Fixed performance regression in 2.26.0 for hosts with a large number of
    proxies available in the environment. (#​5924)

  • Fixed idna exception leak, wrapping UnicodeError with
    requests.exceptions.InvalidURL for URLs with a leading dot (.) in the
    domain. (#​5414)

Deprecations

  • Requests support for Python 2.7 and 3.6 will be ending in 2022. While we
    don't have exact dates, Requests 2.27.x is likely to be the last release
    series providing support.

v2.26.0

Compare Source

Improvements

  • Requests now supports Brotli compression, if either the brotli or
    brotlicffi package is installed. (#​5783)

  • Session.send now correctly resolves proxy configurations from both
    the Session and Request. Behavior now matches Session.request. (#​5681)

Bugfixes

  • Fixed a race condition in zip extraction when using Requests in parallel
    from zip archive. (#​5707)

Dependencies

  • Instead of chardet, use the MIT-licensed charset_normalizer for Python3
    to remove license ambiguity for projects bundling requests. If chardet
    is already installed on your machine it will be used instead of charset_normalizer
    to keep backwards compatibility. (#​5797)

    You can also install chardet while installing requests by
    specifying [use_chardet_on_py3] extra as follows:

    pip install "requests[use_chardet_on_py3]"

    Python2 still depends upon the chardet module.

  • Requests now supports idna 3.x on Python 3. idna 2.x will continue to
    be used on Python 2 installations. (#​5711)

Deprecations

  • The requests[security] extra has been converted to a no-op install.
    PyOpenSSL is no longer the recommended secure option for Requests. (#​5867)

  • Requests has officially dropped support for Python 3.5. (#​5867)

v2.25.1

Compare Source

Bugfixes

  • Requests now treats application/json as utf8 by default. Resolving
    inconsistencies between r.text and r.json output. (#​5673)

Dependencies

  • Requests now supports chardet v4.x.

v2.25.0

Compare Source

Improvements

  • Added support for NETRC environment variable. (#​5643)

Dependencies

  • Requests now supports urllib3 v1.26.

Deprecations

  • Requests v2.25.x will be the last release series with support for Python 3.5.
  • The requests[security] extra is officially deprecated and will be removed
    in Requests v2.26.0.

v2.24.0

Compare Source

Improvements

  • pyOpenSSL TLS implementation is now only used if Python
    either doesn't have an ssl module or doesn't support
    SNI. Previously pyOpenSSL was unconditionally used if available.
    This applies even if pyOpenSSL is installed via the
    requests[security] extra (#​5443)

  • Redirect resolution should now only occur when
    allow_redirects is True. (#​5492)

  • No longer perform unnecessary Content-Length calculation for
    requests that won't use it. (#​5496)

v2.23.0

Compare Source

Improvements

  • Remove defunct reference to prefetch in Session __attrs__ (#​5110)

Bugfixes

  • Requests no longer outputs password in basic auth usage warning. (#​5099)

Dependencies

  • Pinning for chardet and idna now uses major version instead of minor.
    This hopefully reduces the need for releases every time a dependency is updated.

v2.22.0

Compare Source

Dependencies

  • Requests now supports urllib3 v1.25.2.
    (note: 1.25.0 and 1.25.1 are incompatible)

Deprecations

  • Requests has officially stopped support for Python 3.4.

v2.21.0

Compare Source

Dependencies

  • Requests now supports idna v2.8.

v2.20.1

Compare Source

Bugfixes

  • Fixed bug with unintended Authorization header stripping for
    redirects using default ports (http/80, https/443).

v2.20.0

Compare Source

Bugfixes

  • Content-Type header parsing is now case-insensitive (e.g.
    charset=utf8 v Charset=utf8).
  • Fixed exception leak where certain redirect urls would raise
    uncaught urllib3 exceptions.
  • Requests removes Authorization header from requests redirected
    from https to http on the same hostname. (CVE-2018-18074)
  • should_bypass_proxies now handles URIs without hostnames (e.g.
    files).

Dependencies

  • Requests now supports urllib3 v1.24.

Deprecations

  • Requests has officially stopped support for Python 2.6.

v2.19.1

Compare Source

Bugfixes

  • Fixed issue where status_codes.py's init function failed trying
    to append to a __doc__ value of None.

v2.19.0

Compare Source

Improvements

  • Warn user about possible slowdown when using cryptography version
    < 1.3.4
  • Check for invalid host in proxy URL, before forwarding request to
    adapter.
  • Fragments are now properly maintained across redirects. (RFC7231
    7.1.2)
  • Removed use of cgi module to expedite library load time.
  • Added support for SHA-256 and SHA-512 digest auth algorithms.
  • Minor performance improvement to Request.content.
  • Migrate to using collections.abc for 3.7 compatibility.

Bugfixes

  • Parsing empty Link headers with parse_header_links() no longer
    return one bogus entry.
  • Fixed issue where loading the default certificate bundle from a zip
    archive would raise an IOError.
  • Fixed issue with unexpected ImportError on windows system which do
    not support winreg module.
  • DNS resolution in proxy bypass no longer includes the username and
    password in the request. This also fixes the issue of DNS queries
    failing on macOS.
  • Properly normalize adapter prefixes for url comparison.
  • Passing None as a file pointer to the files param no longer
    raises an exception.
  • Calling copy on a RequestsCookieJar will now preserve the cookie
    policy correctly.

Dependencies

  • We now support idna v2.7.
  • We now support urllib3 v1.23.

v2.18.4

Compare Source

Improvements

  • Error messages for invalid headers now include the header name for
    easier debugging

Dependencies

  • We now support idna v2.6.

v2.18.3

Compare Source

Improvements

  • Running $ python -m requests.help now includes the installed
    version of idna.

Bugfixes

  • Fixed issue where Requests would raise ConnectionError instead of
    SSLError when encountering SSL problems when using urllib3 v1.22.

v2.18.2

Compare Source

Bugfixes

  • requests.help no longer fails on Python 2.6 due to the absence of
    ssl.OPENSSL_VERSION_NUMBER.

Dependencies

  • We now support urllib3 v1.22.

v2.18.1

Compare Source

Bugfixes

  • Fix an error in the packaging whereby the *.whl contained
    incorrect data that regressed the fix in v2.17.3.

v2.18.0

Compare Source

Improvements

  • Response is now a context manager, so can be used directly in a
    with statement without first having to be wrapped by
    contextlib.closing().

Bugfixes

  • Resolve installation failure if multiprocessing is not available
  • Resolve tests crash if multiprocessing is not able to determine the
    number of CPU cores
  • Resolve error swallowing in utils set_environ generator

v2.17.3

Compare Source

Improvements

  • Improved packages namespace identity support, for monkeypatching
    libraries.

v2.17.2

Compare Source

Improvements

  • Improved packages namespace identity support, for monkeypatching
    libraries.

v2.17.1

Compare Source

Improvements

  • Improved packages namespace identity support, for monkeypatching
    libraries.

v2.17.0

Compare Source

Improvements

  • Removal of the 301 redirect cache. This improves thread-safety.

v2.16.5

Compare Source

  • Improvements to $ python -m requests.help.

v2.16.4

Compare Source

  • Introduction of the $ python -m requests.help command, for
    debugging with maintainers!

v2.16.3

Compare Source

  • Further restored the requests.packages namespace for compatibility
    reasons.

v2.16.2

Compare Source

  • Further restored the requests.packages namespace for compatibility
    reasons.

No code modification (noted below) should be necessary any longer.

v2.16.1

Compare Source

  • Restored the requests.packages namespace for compatibility
    reasons.
  • Bugfix for urllib3 version parsing.

Note: code that was written to import against the
requests.packages namespace previously will have to import code that
rests at this module-level now.

For example:

from requests.packages.urllib3.poolmanager import PoolManager

Will need to be re-written to be:

from requests.packages import urllib3
urllib3.poolmanager.PoolManager

Or, even better:

from urllib3.poolmanager import PoolManager

v2.16.0

Compare Source

  • Unvendor ALL the things!

v2.15.1

Compare Source

  • Everyone makes mistakes.

v2.15.0

Compare Source

Improvements

  • Introduction of the Response.next property, for getting the next
    PreparedResponse from a redirect chain (when
    allow_redirects=False).
  • Internal refactoring of __version__ module.

Bugfixes

  • Restored once-optional parameter for
    requests.utils.get_environ_proxies().

v2.14.2

Compare Source

Bugfixes

  • Changed a less-than to an equal-to and an or in the dependency
    markers to widen compatibility with older setuptools releases.

v2.14.1

Compare Source

Bugfixes

  • Changed the dependency markers to widen compatibility with older pip
    releases.

v2.14.0

Compare Source

Improvements

  • It is now possible to pass no_proxy as a key to the proxies
    dictionary to provide handling similar to the NO_PROXY environment
    variable.
  • When users provide invalid paths to certificate bundle files or
    directories Requests now raises IOError, rather than failing at
    the time of the HTTPS request with a fairly inscrutable certificate
    validation error.
  • The behavior of SessionRedirectMixin was slightly altered.
    resolve_redirects will now detect a redirect by calling
    get_redirect_target(response) instead of directly querying
    Response.is_redirect and Response.headers['location']. Advanced
    users will be able to process malformed redirects more easily.
  • Changed the internal calculation of elapsed request time to have
    higher resolution on Windows.
  • Added win_inet_pton as conditional dependency for the [socks]
    extra on Windows with Python 2.7.
  • Changed the proxy bypass implementation on Windows: the proxy bypass
    check doesn't use forward and reverse DNS requests anymore
  • URLs with schemes that begin with http but are not http or
    https no longer have their host parts forced to lowercase.

Bugfixes

  • Much improved handling of non-ASCII Location header values in
    redirects. Fewer UnicodeDecodeErrors are encountered on Python 2,
    and Python 3 now correctly understands that Latin-1 is unlikely to
    be the correct encoding.
  • If an attempt to seek file to find out its length fails, we now
    appropriately handle that by aborting our content-length
    calculations.
  • Restricted HTTPDigestAuth to only respond to auth challenges made
    on 4XX responses, rather than to all auth challenges.
  • Fixed some code that was firing DeprecationWarning on Python 3.6.
  • The dismayed person emoticon (/o\\) no longer has a big head. I'm
    sure this is what you were all worrying about most.

Miscellaneous

  • Updated bundled urllib3 to v1.21.1.
  • Updated bundled chardet to v3.0.2.
  • Updated bundled idna to v2.5.
  • Updated bundled certifi to 2017.4.17.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [requests](https://github.com/psf/requests) ([changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | minor | `==2.13` → `==2.34.2` | --- ### Release Notes <details> <summary>psf/requests (requests)</summary> ### [`v2.34.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2342-2026-05-14) [Compare Source](https://github.com/psf/requests/compare/v2.34.1...v2.34.2) - Moved `headers` input type back to `Mapping` to avoid invariance issues with `MutableMapping` and inferred dict types. Users calling `Request.headers.update()` may need to narrow typing in their code. ([#&#8203;7441](https://github.com/psf/requests/issues/7441)) ### [`v2.34.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2341-2026-05-13) [Compare Source](https://github.com/psf/requests/compare/v2.34.0...v2.34.1) **Bugfixes** - Widened `json` input type from `dict` and `list` to `Mapping` and `Sequence`. ([#&#8203;7436](https://github.com/psf/requests/issues/7436)) - Changed `headers` input type to MutableMapping and removed `None` from `Request.headers` typing to improve handling for users. ([#&#8203;7431](https://github.com/psf/requests/issues/7431)) - `Response.reason` moved from `str | None` to `str` to improve handling for users. ([#&#8203;7437](https://github.com/psf/requests/issues/7437)) - Fixed a bug where some bodies with custom `__getattr__` implementations weren't being properly detected as Iterables. ([#&#8203;7433](https://github.com/psf/requests/issues/7433)) ### [`v2.34.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2340-2026-05-11) [Compare Source](https://github.com/psf/requests/compare/v2.33.1...v2.34.0) **Announcements** - Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue. Special thanks to [@&#8203;bastimeyer](https://github.com/bastimeyer), [@&#8203;cthoyt](https://github.com/cthoyt), [@&#8203;edgarrmondragon](https://github.com/edgarrmondragon), and [@&#8203;srittau](https://github.com/srittau) for helping review and test the types ahead of the release. ([#&#8203;7272](https://github.com/psf/requests/issues/7272)) **Improvements** - Digest Auth hashing algorithms have added `usedforsecurity=False` to clarify security considerations. ([#&#8203;7310](https://github.com/psf/requests/issues/7310)) - Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. ([#&#8203;7422](https://github.com/psf/requests/issues/7422)) - Requests added support for Python 3.14t. ([#&#8203;7419](https://github.com/psf/requests/issues/7419)) **Bugfixes** - `Response.history` no longer contains a reference to itself, preventing accidental looping when traversing the history list. ([#&#8203;7328](https://github.com/psf/requests/issues/7328)) - Requests no longer performs greedy matching on no\_proxy domains. The proxy\_bypass implementation has been updated with CPython's fix from bpo-39057. ([#&#8203;7427](https://github.com/psf/requests/issues/7427)) - Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. ([#&#8203;7315](https://github.com/psf/requests/issues/7315)) ### [`v2.33.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2331-2026-03-30) [Compare Source](https://github.com/psf/requests/compare/v2.33.0...v2.33.1) **Bugfixes** - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. ([#&#8203;7305](https://github.com/psf/requests/issues/7305)) - Fixed Content-Type header parsing for malformed values. ([#&#8203;7309](https://github.com/psf/requests/issues/7309)) - Improved error consistency for malformed header values. ([#&#8203;7308](https://github.com/psf/requests/issues/7308)) ### [`v2.33.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2330-2026-03-25) [Compare Source](https://github.com/psf/requests/compare/v2.32.5...v2.33.0) **Announcements** - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at [#&#8203;7271](https://github.com/psf/requests/issues/7271). Give it a try, and report any gaps or feedback you may have in the issue. 📣 **Security** - CVE-2026-25645 `requests.utils.extract_zipped_paths` now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. **Improvements** - Migrated to a PEP 517 build system using setuptools. ([#&#8203;7012](https://github.com/psf/requests/issues/7012)) **Bugfixes** - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. ([#&#8203;7205](https://github.com/psf/requests/issues/7205)) **Deprecations** - Dropped support for Python 3.9 following its end of support. ([#&#8203;7196](https://github.com/psf/requests/issues/7196)) **Documentation** - Various typo fixes and doc improvements. ### [`v2.32.5`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2325-2025-08-18) [Compare Source](https://github.com/psf/requests/compare/v2.32.4...v2.32.5) **Bugfixes** - The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration. **Deprecations** - Added support for Python 3.14. - Dropped support for Python 3.8 following its end of support. ### [`v2.32.4`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2324-2025-06-10) [Compare Source](https://github.com/psf/requests/compare/v2.32.3...v2.32.4) **Security** - CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. **Improvements** - Numerous documentation improvements **Deprecations** - Added support for pypy 3.11 for Linux and macOS. - Dropped support for pypy 3.9 following its end of support. ### [`v2.32.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2323-2024-05-29) [Compare Source](https://github.com/psf/requests/compare/v2.32.2...v2.32.3) **Bugfixes** - Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. ([#&#8203;6716](https://github.com/psf/requests/issues/6716)) - Fixed issue where Requests started failing to run on Python versions compiled without the `ssl` module. ([#&#8203;6724](https://github.com/psf/requests/issues/6724)) ### [`v2.32.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2322-2024-05-21) [Compare Source](https://github.com/psf/requests/compare/v2.32.1...v2.32.2) **Deprecations** - To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed `_get_connection` to a new public API, `get_connection_with_tls_context`. Existing custom HTTPAdapters will need to migrate their code to use this new API. `get_connection` is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. ([#&#8203;6710](https://github.com/psf/requests/issues/6710)) ### [`v2.32.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2321-2024-05-20) [Compare Source](https://github.com/psf/requests/compare/v2.32.0...v2.32.1) **Bugfixes** - Add missing test certs to the sdist distributed on PyPI. ### [`v2.32.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2320-2024-05-20) [Compare Source](https://github.com/psf/requests/compare/v2.31.0...v2.32.0) **Security** - Fixed an issue where setting `verify=False` on the first request from a Session will cause subsequent requests to the *same origin* to also ignore cert verification, regardless of the value of `verify`. (<https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56>) **Improvements** - `verify=True` now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. ([#&#8203;6667](https://github.com/psf/requests/issues/6667)) - Requests now supports optional use of character detection (`chardet` or `charset_normalizer`) when repackaged or vendored. This enables `pip` and other projects to minimize their vendoring surface area. The `Response.text()` and `apparent_encoding` APIs will default to `utf-8` if neither library is present. ([#&#8203;6702](https://github.com/psf/requests/issues/6702)) **Bugfixes** - Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. ([#&#8203;6589](https://github.com/psf/requests/issues/6589)) - Fixed deserialization bug in JSONDecodeError. ([#&#8203;6629](https://github.com/psf/requests/issues/6629)) - Fixed bug where an extra leading `/` (path separator) could lead urllib3 to unnecessarily reparse the request URI. ([#&#8203;6644](https://github.com/psf/requests/issues/6644)) **Deprecations** - Requests has officially added support for CPython 3.12 ([#&#8203;6503](https://github.com/psf/requests/issues/6503)) - Requests has officially added support for PyPy 3.9 and 3.10 ([#&#8203;6641](https://github.com/psf/requests/issues/6641)) - Requests has officially dropped support for CPython 3.7 ([#&#8203;6642](https://github.com/psf/requests/issues/6642)) - Requests has officially dropped support for PyPy 3.7 and 3.8 ([#&#8203;6641](https://github.com/psf/requests/issues/6641)) **Documentation** - Various typo fixes and doc improvements. **Packaging** - Requests has started adopting some modern packaging practices. The source files for the projects (formerly `requests`) is now located in `src/requests` in the Requests sdist. ([#&#8203;6506](https://github.com/psf/requests/issues/6506)) - Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using `hatchling`. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format. ### [`v2.31.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2310-2023-05-22) [Compare Source](https://github.com/psf/requests/compare/v2.30.0...v2.31.0) **Security** - Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of `Proxy-Authorization` headers to destination servers when following HTTPS redirects. When proxies are defined with user info (`https://user:pass@proxy:8080`), Requests will construct a `Proxy-Authorization` header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the `Proxy-Authorization` header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are *strongly* encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q) and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681). ### [`v2.30.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2300-2023-05-03) [Compare Source](https://github.com/psf/requests/compare/v2.29.0...v2.30.0) **Dependencies** - ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html> prior to upgrading. Users who wish to stay on urllib3 1.x can pin to `urllib3<2`. ### [`v2.29.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2290-2023-04-26) [Compare Source](https://github.com/psf/requests/compare/v2.28.2...v2.29.0) **Improvements** - Requests now defers chunked requests to the urllib3 implementation to improve standardization. ([#&#8203;6226](https://github.com/psf/requests/issues/6226)) - Requests relaxes header component requirements to support bytes/str subclasses. ([#&#8203;6356](https://github.com/psf/requests/issues/6356)) ### [`v2.28.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2282-2023-01-12) [Compare Source](https://github.com/psf/requests/compare/v2.28.1...v2.28.2) **Dependencies** - Requests now supports charset\_normalizer 3.x. ([#&#8203;6261](https://github.com/psf/requests/issues/6261)) **Bugfixes** - Updated MissingSchema exception to suggest https scheme rather than http. ([#&#8203;6188](https://github.com/psf/requests/issues/6188)) ### [`v2.28.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2281-2022-06-29) [Compare Source](https://github.com/psf/requests/compare/v2.28.0...v2.28.1) **Improvements** - Speed optimization in `iter_content` with transition to `yield from`. ([#&#8203;6170](https://github.com/psf/requests/issues/6170)) **Dependencies** - Added support for chardet 5.0.0 ([#&#8203;6179](https://github.com/psf/requests/issues/6179)) - Added support for charset-normalizer 2.1.0 ([#&#8203;6169](https://github.com/psf/requests/issues/6169)) ### [`v2.28.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2280-2022-06-09) [Compare Source](https://github.com/psf/requests/compare/v2.27.1...v2.28.0) **Deprecations** - ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ ([#&#8203;6091](https://github.com/psf/requests/issues/6091)) - Requests has officially dropped support for Python 3.6 (including pypy3.6). ([#&#8203;6091](https://github.com/psf/requests/issues/6091)) **Improvements** - Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make `json()` API consistent. ([#&#8203;6097](https://github.com/psf/requests/issues/6097)) - Parse header components consistently, raising an InvalidHeader error in all invalid cases. ([#&#8203;6154](https://github.com/psf/requests/issues/6154)) - Added provisional 3.11 support with current beta build. ([#&#8203;6155](https://github.com/psf/requests/issues/6155)) - Requests got a makeover and we decided to paint it black. ([#&#8203;6095](https://github.com/psf/requests/issues/6095)) **Bugfixes** - Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. ([#&#8203;6074](https://github.com/psf/requests/issues/6074)) - Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with `requests.exceptions.SSLError` for `content` and `iter_content`. ([#&#8203;6057](https://github.com/psf/requests/issues/6057)) - Fixed issue where invalid Windows registry entries caused proxy resolution to raise an exception rather than ignoring the entry. ([#&#8203;6149](https://github.com/psf/requests/issues/6149)) - Fixed issue where entire payload could be included in the error message for JSONDecodeError. ([#&#8203;6036](https://github.com/psf/requests/issues/6036)) ### [`v2.27.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2271-2022-01-05) [Compare Source](https://github.com/psf/requests/compare/v2.27.0...v2.27.1) **Bugfixes** - Fixed parsing issue that resulted in the `auth` component being dropped from proxy URLs. ([#&#8203;6028](https://github.com/psf/requests/issues/6028)) ### [`v2.27.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2270-2022-01-03) [Compare Source](https://github.com/psf/requests/compare/v2.26.0...v2.27.0) **Improvements** - Officially added support for Python 3.10. ([#&#8203;5928](https://github.com/psf/requests/issues/5928)) - Added a `requests.exceptions.JSONDecodeError` to unify JSON exceptions between Python 2 and 3. This gets raised in the `response.json()` method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from `requests.exceptions.RequestException` as well. ([#&#8203;5856](https://github.com/psf/requests/issues/5856)) - Improved error text for misnamed `InvalidSchema` and `MissingSchema` exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). ([#&#8203;6017](https://github.com/psf/requests/issues/6017)) - Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to `urlparse` in Python 3.9+. ([#&#8203;5917](https://github.com/psf/requests/issues/5917)) **Bugfixes** - Fixed defect in `extract_zipped_paths` which could result in an infinite loop for some paths. ([#&#8203;5851](https://github.com/psf/requests/issues/5851)) - Fixed handling for `AttributeError` when calculating length of files obtained by `Tarfile.extractfile()`. ([#&#8203;5239](https://github.com/psf/requests/issues/5239)) - Fixed urllib3 exception leak, wrapping `urllib3.exceptions.InvalidHeader` with `requests.exceptions.InvalidHeader`. ([#&#8203;5914](https://github.com/psf/requests/issues/5914)) - Fixed bug where two Host headers were sent for chunked requests. ([#&#8203;5391](https://github.com/psf/requests/issues/5391)) - Fixed regression in Requests 2.26.0 where `Proxy-Authorization` was incorrectly stripped from all requests sent with `Session.send`. ([#&#8203;5924](https://github.com/psf/requests/issues/5924)) - Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. ([#&#8203;5924](https://github.com/psf/requests/issues/5924)) - Fixed idna exception leak, wrapping `UnicodeError` with `requests.exceptions.InvalidURL` for URLs with a leading dot (.) in the domain. ([#&#8203;5414](https://github.com/psf/requests/issues/5414)) **Deprecations** - Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support. ### [`v2.26.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2260-2021-07-13) [Compare Source](https://github.com/psf/requests/compare/v2.25.1...v2.26.0) **Improvements** - Requests now supports Brotli compression, if either the `brotli` or `brotlicffi` package is installed. ([#&#8203;5783](https://github.com/psf/requests/issues/5783)) - `Session.send` now correctly resolves proxy configurations from both the Session and Request. Behavior now matches `Session.request`. ([#&#8203;5681](https://github.com/psf/requests/issues/5681)) **Bugfixes** - Fixed a race condition in zip extraction when using Requests in parallel from zip archive. ([#&#8203;5707](https://github.com/psf/requests/issues/5707)) **Dependencies** - Instead of `chardet`, use the MIT-licensed `charset_normalizer` for Python3 to remove license ambiguity for projects bundling requests. If `chardet` is already installed on your machine it will be used instead of `charset_normalizer` to keep backwards compatibility. ([#&#8203;5797](https://github.com/psf/requests/issues/5797)) You can also install `chardet` while installing requests by specifying `[use_chardet_on_py3]` extra as follows: ```shell pip install "requests[use_chardet_on_py3]" ``` Python2 still depends upon the `chardet` module. - Requests now supports `idna` 3.x on Python 3. `idna` 2.x will continue to be used on Python 2 installations. ([#&#8203;5711](https://github.com/psf/requests/issues/5711)) **Deprecations** - The `requests[security]` extra has been converted to a no-op install. PyOpenSSL is no longer the recommended secure option for Requests. ([#&#8203;5867](https://github.com/psf/requests/issues/5867)) - Requests has officially dropped support for Python 3.5. ([#&#8203;5867](https://github.com/psf/requests/issues/5867)) ### [`v2.25.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2251-2020-12-16) [Compare Source](https://github.com/psf/requests/compare/v2.25.0...v2.25.1) **Bugfixes** - Requests now treats `application/json` as `utf8` by default. Resolving inconsistencies between `r.text` and `r.json` output. ([#&#8203;5673](https://github.com/psf/requests/issues/5673)) **Dependencies** - Requests now supports chardet v4.x. ### [`v2.25.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2250-2020-11-11) [Compare Source](https://github.com/psf/requests/compare/v2.24.0...v2.25.0) **Improvements** - Added support for NETRC environment variable. ([#&#8203;5643](https://github.com/psf/requests/issues/5643)) **Dependencies** - Requests now supports urllib3 v1.26. **Deprecations** - Requests v2.25.x will be the last release series with support for Python 3.5. - The `requests[security]` extra is officially deprecated and will be removed in Requests v2.26.0. ### [`v2.24.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2240-2020-06-17) [Compare Source](https://github.com/psf/requests/compare/v2.23.0...v2.24.0) **Improvements** - pyOpenSSL TLS implementation is now only used if Python either doesn't have an `ssl` module or doesn't support SNI. Previously pyOpenSSL was unconditionally used if available. This applies even if pyOpenSSL is installed via the `requests[security]` extra ([#&#8203;5443](https://github.com/psf/requests/issues/5443)) - Redirect resolution should now only occur when `allow_redirects` is True. ([#&#8203;5492](https://github.com/psf/requests/issues/5492)) - No longer perform unnecessary Content-Length calculation for requests that won't use it. ([#&#8203;5496](https://github.com/psf/requests/issues/5496)) ### [`v2.23.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2230-2020-02-19) [Compare Source](https://github.com/psf/requests/compare/v2.22.0...v2.23.0) **Improvements** - Remove defunct reference to `prefetch` in Session `__attrs__` ([#&#8203;5110](https://github.com/psf/requests/issues/5110)) **Bugfixes** - Requests no longer outputs password in basic auth usage warning. ([#&#8203;5099](https://github.com/psf/requests/issues/5099)) **Dependencies** - Pinning for `chardet` and `idna` now uses major version instead of minor. This hopefully reduces the need for releases every time a dependency is updated. ### [`v2.22.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2220-2019-05-15) [Compare Source](https://github.com/psf/requests/compare/v2.21.0...v2.22.0) **Dependencies** - Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible) **Deprecations** - Requests has officially stopped support for Python 3.4. ### [`v2.21.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2210-2018-12-10) [Compare Source](https://github.com/psf/requests/compare/v2.20.1...v2.21.0) **Dependencies** - Requests now supports idna v2.8. ### [`v2.20.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2201-2018-11-08) [Compare Source](https://github.com/psf/requests/compare/v2.20.0...v2.20.1) **Bugfixes** - Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). ### [`v2.20.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2200-2018-10-18) [Compare Source](https://github.com/psf/requests/compare/v2.19.1...v2.20.0) **Bugfixes** - Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). - Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. - Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) - `should_bypass_proxies` now handles URIs without hostnames (e.g. files). **Dependencies** - Requests now supports urllib3 v1.24. **Deprecations** - Requests has officially stopped support for Python 2.6. ### [`v2.19.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2191-2018-06-14) [Compare Source](https://github.com/psf/requests/compare/v2.19.0...v2.19.1) **Bugfixes** - Fixed issue where status\_codes.py's `init` function failed trying to append to a `__doc__` value of `None`. ### [`v2.19.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2190-2018-06-12) [Compare Source](https://github.com/psf/requests/compare/v2.18.4...v2.19.0) **Improvements** - Warn user about possible slowdown when using cryptography version < 1.3.4 - Check for invalid host in proxy URL, before forwarding request to adapter. - Fragments are now properly maintained across redirects. (RFC7231 7.1.2) - Removed use of cgi module to expedite library load time. - Added support for SHA-256 and SHA-512 digest auth algorithms. - Minor performance improvement to `Request.content`. - Migrate to using collections.abc for 3.7 compatibility. **Bugfixes** - Parsing empty `Link` headers with `parse_header_links()` no longer return one bogus entry. - Fixed issue where loading the default certificate bundle from a zip archive would raise an `IOError`. - Fixed issue with unexpected `ImportError` on windows system which do not support `winreg` module. - DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. - Properly normalize adapter prefixes for url comparison. - Passing `None` as a file pointer to the `files` param no longer raises an exception. - Calling `copy` on a `RequestsCookieJar` will now preserve the cookie policy correctly. **Dependencies** - We now support idna v2.7. - We now support urllib3 v1.23. ### [`v2.18.4`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2184-2017-08-15) [Compare Source](https://github.com/psf/requests/compare/v2.18.3...v2.18.4) **Improvements** - Error messages for invalid headers now include the header name for easier debugging **Dependencies** - We now support idna v2.6. ### [`v2.18.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2183-2017-08-02) [Compare Source](https://github.com/psf/requests/compare/v2.18.2...v2.18.3) **Improvements** - Running `$ python -m requests.help` now includes the installed version of idna. **Bugfixes** - Fixed issue where Requests would raise `ConnectionError` instead of `SSLError` when encountering SSL problems when using urllib3 v1.22. ### [`v2.18.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2182-2017-07-25) [Compare Source](https://github.com/psf/requests/compare/v2.18.1...v2.18.2) **Bugfixes** - `requests.help` no longer fails on Python 2.6 due to the absence of `ssl.OPENSSL_VERSION_NUMBER`. **Dependencies** - We now support urllib3 v1.22. ### [`v2.18.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2181-2017-06-14) [Compare Source](https://github.com/psf/requests/compare/v2.18.0...v2.18.1) **Bugfixes** - Fix an error in the packaging whereby the `*.whl` contained incorrect data that regressed the fix in v2.17.3. ### [`v2.18.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2180-2017-06-14) [Compare Source](https://github.com/psf/requests/compare/v2.17.3...v2.18.0) **Improvements** - `Response` is now a context manager, so can be used directly in a `with` statement without first having to be wrapped by `contextlib.closing()`. **Bugfixes** - Resolve installation failure if multiprocessing is not available - Resolve tests crash if multiprocessing is not able to determine the number of CPU cores - Resolve error swallowing in utils set\_environ generator ### [`v2.17.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2173-2017-05-29) [Compare Source](https://github.com/psf/requests/compare/v2.17.2...v2.17.3) **Improvements** - Improved `packages` namespace identity support, for monkeypatching libraries. ### [`v2.17.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2172-2017-05-29) [Compare Source](https://github.com/psf/requests/compare/v2.17.1...v2.17.2) **Improvements** - Improved `packages` namespace identity support, for monkeypatching libraries. ### [`v2.17.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2171-2017-05-29) [Compare Source](https://github.com/psf/requests/compare/v2.17.0...v2.17.1) **Improvements** - Improved `packages` namespace identity support, for monkeypatching libraries. ### [`v2.17.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2170-2017-05-29) [Compare Source](https://github.com/psf/requests/compare/v2.16.5...v2.17.0) **Improvements** - Removal of the 301 redirect cache. This improves thread-safety. ### [`v2.16.5`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2165-2017-05-28) [Compare Source](https://github.com/psf/requests/compare/v2.16.4...v2.16.5) - Improvements to `$ python -m requests.help`. ### [`v2.16.4`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2164-2017-05-27) [Compare Source](https://github.com/psf/requests/compare/v2.16.3...v2.16.4) - Introduction of the `$ python -m requests.help` command, for debugging with maintainers! ### [`v2.16.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2163-2017-05-27) [Compare Source](https://github.com/psf/requests/compare/v2.16.2...v2.16.3) - Further restored the `requests.packages` namespace for compatibility reasons. ### [`v2.16.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2162-2017-05-27) [Compare Source](https://github.com/psf/requests/compare/v2.16.1...v2.16.2) - Further restored the `requests.packages` namespace for compatibility reasons. No code modification (noted below) should be necessary any longer. ### [`v2.16.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2161-2017-05-27) [Compare Source](https://github.com/psf/requests/compare/v2.16.0...v2.16.1) - Restored the `requests.packages` namespace for compatibility reasons. - Bugfix for `urllib3` version parsing. **Note**: code that was written to import against the `requests.packages` namespace previously will have to import code that rests at this module-level now. For example: ``` from requests.packages.urllib3.poolmanager import PoolManager ``` Will need to be re-written to be: ``` from requests.packages import urllib3 urllib3.poolmanager.PoolManager ``` Or, even better: ``` from urllib3.poolmanager import PoolManager ``` ### [`v2.16.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2160-2017-05-26) [Compare Source](https://github.com/psf/requests/compare/v2.15.1...v2.16.0) - Unvendor ALL the things! ### [`v2.15.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2151-2017-05-26) [Compare Source](https://github.com/psf/requests/compare/v2.15.0...v2.15.1) - Everyone makes mistakes. ### [`v2.15.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2150-2017-05-26) [Compare Source](https://github.com/psf/requests/compare/v2.14.2...v2.15.0) **Improvements** - Introduction of the `Response.next` property, for getting the next `PreparedResponse` from a redirect chain (when `allow_redirects=False`). - Internal refactoring of `__version__` module. **Bugfixes** - Restored once-optional parameter for `requests.utils.get_environ_proxies()`. ### [`v2.14.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2142-2017-05-10) [Compare Source](https://github.com/psf/requests/compare/v2.14.1...v2.14.2) **Bugfixes** - Changed a less-than to an equal-to and an or in the dependency markers to widen compatibility with older setuptools releases. ### [`v2.14.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2141-2017-05-09) [Compare Source](https://github.com/psf/requests/compare/v2.14.0...v2.14.1) **Bugfixes** - Changed the dependency markers to widen compatibility with older pip releases. ### [`v2.14.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2140-2017-05-09) [Compare Source](https://github.com/psf/requests/compare/v2.13.0...v2.14.0) **Improvements** - It is now possible to pass `no_proxy` as a key to the `proxies` dictionary to provide handling similar to the `NO_PROXY` environment variable. - When users provide invalid paths to certificate bundle files or directories Requests now raises `IOError`, rather than failing at the time of the HTTPS request with a fairly inscrutable certificate validation error. - The behavior of `SessionRedirectMixin` was slightly altered. `resolve_redirects` will now detect a redirect by calling `get_redirect_target(response)` instead of directly querying `Response.is_redirect` and `Response.headers['location']`. Advanced users will be able to process malformed redirects more easily. - Changed the internal calculation of elapsed request time to have higher resolution on Windows. - Added `win_inet_pton` as conditional dependency for the `[socks]` extra on Windows with Python 2.7. - Changed the proxy bypass implementation on Windows: the proxy bypass check doesn't use forward and reverse DNS requests anymore - URLs with schemes that begin with `http` but are not `http` or `https` no longer have their host parts forced to lowercase. **Bugfixes** - Much improved handling of non-ASCII `Location` header values in redirects. Fewer `UnicodeDecodeErrors` are encountered on Python 2, and Python 3 now correctly understands that Latin-1 is unlikely to be the correct encoding. - If an attempt to `seek` file to find out its length fails, we now appropriately handle that by aborting our content-length calculations. - Restricted `HTTPDigestAuth` to only respond to auth challenges made on 4XX responses, rather than to all auth challenges. - Fixed some code that was firing `DeprecationWarning` on Python 3.6. - The dismayed person emoticon (`/o\\`) no longer has a big head. I'm sure this is what you were all worrying about most. **Miscellaneous** - Updated bundled urllib3 to v1.21.1. - Updated bundled chardet to v3.0.2. - Updated bundled idna to v2.5. - Updated bundled certifi to 2017.4.17. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ1cGRhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOltdfQ==-->
jcabillot added 1 commit 2026-05-26 23:18:48 -04:00
Update dependency requests to v2.34.2
perso/syncserver/pipeline/head There was a failure building this commit
Details
perso/syncserver/pipeline/pr-master There was a failure building this commit
Details
68580f5d20
jcabillot self-assigned this 2026-05-26 23:18:49 -04:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
cloudix_mcp_server jcabillot opencodecabilloteu renovate
No Assignees jcabillot
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: perso/syncserver#8
Delete Branch "renovate/requests-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?