chore(deps): bump the pip group across 28 directories with 13 updates

Closed

Number: #150
Type: Pull Request
State: Closed

Author:

dependabot[bot]
Association: Unknown
Comments: 1

Created: March 26, 2026 at 10:23 PM UTC
(13 days ago)

Updated: April 02, 2026 at 03:17 AM UTC
(7 days ago)

Closed: April 02, 2026 at 03:17 AM UTC
(7 days ago)

Time to Close: 6 days

Labels:
dependencies python

Description:

Bumps the pip group with 1 update in the /alloydb/notebooks directory: nbconvert.
Bumps the pip group with 1 update in the /aml-ai directory: requests.
Bumps the pip group with 1 update in the /auth/cloud-client-temp directory: requests.
Bumps the pip group with 1 update in the /auth/service-to-service directory: requests.
Bumps the pip group with 1 update in the /bigquery/continuous-queries directory: requests.
Bumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: requests, flask, pyopenssl and werkzeug.
Bumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: flask and werkzeug.
Bumps the pip group with 1 update in the /cloud_tasks/http_queues directory: requests.
Bumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:

Package	From	To
requests	`2.31.0`	`2.33.0`
flask	`2.2.5`	`3.1.3`
pyopenssl	`23.2.0`	`26.0.0`
werkzeug	`2.2.3`	`3.1.6`
apache-airflow	`2.6.3`	`3.2.0b1`
black	`23.1a1`	`26.3.1`
cryptography	`40.0.2`	`46.0.5`
google-cloud-aiplatform	`1.27.1`	`1.133.0`
protobuf	`4.23.4`	`5.29.6`

Bumps the pip group with 5 updates in the /composer/airflow_1_samples directory:

Package	From	To
flask	`1.1.2`	`3.1.3`
pyopenssl	`20.0.0`	`26.0.0`
werkzeug	`0.16.1`	`3.1.6`
cryptography	`3.2.1`	`46.0.5`
protobuf	`3.14.0`	`5.29.6`

Bumps the pip group with 9 updates in the /composer/cicd_sample directory:

Package	From	To
requests	`2.31.0`	`2.33.0`
flask	`2.2.5`	`3.1.3`
pyopenssl	`23.2.0`	`26.0.0`
werkzeug	`2.2.3`	`3.1.6`
apache-airflow	`2.6.3`	`3.2.0b1`
black	`23.1a1`	`26.3.1`
cryptography	`40.0.2`	`46.0.5`
google-cloud-aiplatform	`1.27.1`	`1.133.0`
protobuf	`4.23.4`	`5.29.6`

Bumps the pip group with 1 update in the /composer/rest directory: requests.
Bumps the pip group with 9 updates in the /composer/workflows directory:

Package	From	To
requests	`2.31.0`	`2.33.0`
flask	`2.2.5`	`3.1.3`
pyopenssl	`24.1.0`	`26.0.0`
werkzeug	`2.2.3`	`3.1.6`
apache-airflow	`2.9.2`	`3.2.0b1`
black	`24.4.2`	`26.3.1`
cryptography	`41.0.7`	`46.0.5`
google-cloud-aiplatform	`1.53.0`	`1.133.0`
protobuf	`4.25.3`	`5.29.6`

Bumps the pip group with 1 update in the /compute/auth directory: requests.
Bumps the pip group with 1 update in the /compute/client_library directory: black.
Bumps the pip group with 2 updates in the /compute/encryption directory: requests and cryptography.
Bumps the pip group with 1 update in the /compute/metadata directory: requests.
Bumps the pip group with 1 update in the /compute/oslogin directory: requests.
Bumps the pip group with 3 updates in the /dataflow/gemma directory: google-cloud-aiplatform, protobuf and keras.
Bumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: google-cloud-aiplatform.
Bumps the pip group with 3 updates in the /dataflow/run-inference directory: google-cloud-aiplatform, torch and transformers.
Bumps the pip group with 1 update in the /dataflow/run_template directory: flask.
Bumps the pip group with 2 updates in the /datastore/cloud-ndb directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /dialogflow directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /dialogflow-cx directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /gemma2 directory: google-cloud-aiplatform and protobuf.
Bumps the pip group with 3 updates in the /iap directory: requests, werkzeug and cryptography.
Bumps the pip group with 1 update in the /media_cdn directory: cryptography.

Updates nbconvert from 7.16.6 to 7.17.0

Release notes

Sourced from nbconvert's releases.

v7.17.0

7.17.0

(Full Changelog)

Enhancements made

Add support for arbitrary browser arguments #2227 (@shreve, @Carreau, @krassowski)

Bugs fixed

Fix QtPNGExporter returning empty bytes on macOS #2264 (@h3pdesign, @Carreau, @QuLogic)

Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) #2261 (@h3pdesign, @krassowski, @mberlanda, @minrk, @salmankadaya, @th3gowtham)

Fix get_export_names and get_exporter default args #2228 (@shreve, @krassowski)

PyPA-Compliant Summary #2226 (@hackowitz-af, @Carreau)

Maintenance and upkeep improvements

avoid cov environment on free-threaded Pythons #2267 (@minrk)

update pre-commit, and fix all issues. #2238 (@Carreau)

Drop test on 3.9, test on 3.13, 3.14, 3.14t #2237 (@Carreau)

Bump the actions group across 1 directory with 2 updates #2231 (@Carreau, @krassowski)

Replace @flaky.flaky decorate with pytest marker #2229 (@mgorny, @Carreau)

update to mermaid 11.10.0 #2224 (@bollwyvl, @krassowski)

Drop support for Python 3.8, fix the CI tests #2221 (@shreve, @minrk)

Documentation improvements

Use intersphinx_registry #2232 (@Carreau, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@bollwyvl (activity) | @Carreau (activity) | @h3pdesign (activity) | @hackowitz-af (activity) | @krassowski (activity) | @mberlanda (activity) | @mgorny (activity) | @minrk (activity) | @MSeal (activity) | @QuLogic (activity) | @salmankadaya (activity) | @shreve (activity) | @th3gowtham (activity)

Changelog

Sourced from nbconvert's changelog.

7.17.0

(Full Changelog)

Enhancements made

Add support for arbitrary browser arguments #2227 (@shreve, @Carreau, @krassowski)

Bugs fixed

Fix QtPNGExporter returning empty bytes on macOS #2264 (@h3pdesign, @Carreau, @QuLogic)

Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) #2261 (@h3pdesign, @krassowski, @mberlanda, @minrk, @salmankadaya, @th3gowtham)

Fix get_export_names and get_exporter default args #2228 (@shreve, @krassowski)

PyPA-Compliant Summary #2226 (@hackowitz-af, @Carreau)

Maintenance and upkeep improvements

avoid cov environment on free-threaded Pythons #2267 (@minrk)

update pre-commit, and fix all issues. #2238 (@Carreau)

Drop test on 3.9, test on 3.13, 3.14, 3.14t #2237 (@Carreau)

Bump the actions group across 1 directory with 2 updates #2231 (@Carreau, @krassowski)

Replace @flaky.flaky decorate with pytest marker #2229 (@mgorny, @Carreau)

update to mermaid 11.10.0 #2224 (@bollwyvl, @krassowski)

Drop support for Python 3.8, fix the CI tests #2221 (@shreve, @minrk)

Documentation improvements

Use intersphinx_registry #2232 (@Carreau, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@bollwyvl (activity) | @Carreau (activity) | @h3pdesign (activity) | @hackowitz-af (activity) | @krassowski (activity) | @mberlanda (activity) | @mgorny (activity) | @minrk (activity) | @MSeal (activity) | @QuLogic (activity) | @salmankadaya (activity) | @shreve (activity) | @th3gowtham (activity)

Commits

21b35d8 Publish 7.17.0
c9ac1d1 Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...
b13276d avoid cov environment on free-threaded Pythons (#2267)
7c7055f [pre-commit.ci] auto fixes from pre-commit.com hooks
74f3ddd Fix QtPNGExporter returning empty bytes on macOS
216550b fix links
39777ac try to comment fialing test
7b591ca ruff-check
6ec7638 parent
59414b3 fix mypy
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates flask from 2.2.5 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loa...
Description has been truncated

Package Dependencies

Package:
werkzeug

Ecosystem:
pip

Version Change:
2.2.3 → 3.1.6

Update Type:
Major

Package:
protobuf

Ecosystem:
pip

Version Change:
4.23.4 → 5.29.6

Update Type:
Major

Package:
google-cloud-aiplatform

Ecosystem:
pip

Version Change:
1.27.1 → 1.133.0

Update Type:
Minor

Package:
black

Ecosystem:
pip

Version Change:
23.1a1 → 26.3.1

Package:
flask

Ecosystem:
pip

Version Change:
2.2.5 → 3.1.3

Update Type:
Major

Package:
cryptography

Ecosystem:
pip

Version Change:
40.0.2 → 46.0.5

Update Type:
Major

Package:
pyopenssl

Ecosystem:
pip

Version Change:
23.2.0 → 26.0.0

Update Type:
Major

Package:
requests

Ecosystem:
pip

Version Change:
2.31.0 → 2.33.0

Update Type:
Minor

Package:
apache-airflow

Ecosystem:
pip

Version Change:
2.6.3 → 3.2.0b1

Update Type:
Major

Security Advisories

Flask uses fallback key instead of current signing key

GHSA-4grg-w6v8-c28g CVE-2025-47278 LOW

In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangero...

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

GHSA-xm59-rqc7-hhvf CVE-2025-53000 HIGH

### Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a [Wi...

Flask session does not add `Vary: Cookie` header when accessed in some ways

GHSA-68rp-wp8r-4726 CVE-2026-27205 LOW

When the `session` object is accessed, Flask should set the `Vary: Cookie` header. This instructs caches not to cache the response, as it may contain information specific to a logged in user. This ...

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`14962545`
UUID:	`4147706060`
Node ID:	`PR_kwDOOK9uiM7N4A8_`
Host:	GitHub
Repository:	Reality2byte/python-docs-samples