chore(deps): bump the pip group across 30 directories with 12 updates

Open

Number: #164
Type: Pull Request
State: Open

Author:

dependabot[bot]
Association: Unknown
Comments: 1

Created: April 08, 2026 at 05:12 PM UTC
(about 2 months ago)

Updated: April 22, 2026 at 04:51 AM UTC
(about 1 month ago)

Labels:
dependencies python

Description:

Bumps the pip group with 1 update in the /alloydb/notebooks directory: nbconvert.
Bumps the pip group with 1 update in the /aml-ai directory: requests.
Bumps the pip group with 1 update in the /appengine/standard_python3/bundled-services/blobstore/django directory: requests.
Bumps the pip group with 1 update in the /appengine/standard_python3/bundled-services/mail/django directory: requests.
Bumps the pip group with 1 update in the /auth/cloud-client-temp directory: requests.
Bumps the pip group with 1 update in the /auth/service-to-service directory: requests.
Bumps the pip group with 1 update in the /bigquery/continuous-queries directory: requests.
Bumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: requests, flask, pyopenssl and werkzeug.
Bumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: flask and werkzeug.
Bumps the pip group with 1 update in the /cloud_tasks/http_queues directory: requests.
Bumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:

Package	From	To
requests	`2.31.0`	`2.33.0`
flask	`2.2.5`	`3.1.3`
pyopenssl	`23.2.0`	`26.0.0`
werkzeug	`2.2.3`	`3.1.6`
apache-airflow	`2.6.3`	`3.2.0b1`
black	`23.1a1`	`26.3.1`
cryptography	`40.0.2`	`46.0.6`
google-cloud-aiplatform	`1.27.1`	`1.133.0`
protobuf	`4.23.4`	`5.29.6`

Bumps the pip group with 5 updates in the /composer/airflow_1_samples directory:

Package	From	To
flask	`1.1.2`	`3.1.3`
pyopenssl	`20.0.0`	`26.0.0`
werkzeug	`0.16.1`	`3.1.6`
cryptography	`3.2.1`	`46.0.6`
protobuf	`3.14.0`	`5.29.6`

Bumps the pip group with 9 updates in the /composer/cicd_sample directory:

Package	From	To
requests	`2.31.0`	`2.33.0`
flask	`2.2.5`	`3.1.3`
pyopenssl	`23.2.0`	`26.0.0`
werkzeug	`2.2.3`	`3.1.6`
apache-airflow	`2.6.3`	`3.2.0b1`
black	`23.1a1`	`26.3.1`
cryptography	`40.0.2`	`46.0.6`
google-cloud-aiplatform	`1.27.1`	`1.133.0`
protobuf	`4.23.4`	`5.29.6`

Bumps the pip group with 1 update in the /composer/rest directory: requests.
Bumps the pip group with 9 updates in the /composer/workflows directory:

Package	From	To
requests	`2.31.0`	`2.33.0`
flask	`2.2.5`	`3.1.3`
pyopenssl	`24.1.0`	`26.0.0`
werkzeug	`2.2.3`	`3.1.6`
apache-airflow	`2.9.2`	`3.2.0b1`
black	`24.4.2`	`26.3.1`
cryptography	`41.0.7`	`46.0.6`
google-cloud-aiplatform	`1.53.0`	`1.133.0`
protobuf	`4.25.3`	`5.29.6`

Bumps the pip group with 1 update in the /compute/auth directory: requests.
Bumps the pip group with 1 update in the /compute/client_library directory: black.
Bumps the pip group with 2 updates in the /compute/encryption directory: requests and cryptography.
Bumps the pip group with 1 update in the /compute/metadata directory: requests.
Bumps the pip group with 1 update in the /compute/oslogin directory: requests.
Bumps the pip group with 3 updates in the /dataflow/gemma directory: google-cloud-aiplatform, protobuf and keras.
Bumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: google-cloud-aiplatform.
Bumps the pip group with 2 updates in the /dataflow/run-inference directory: google-cloud-aiplatform and transformers.
Bumps the pip group with 1 update in the /dataflow/run_template directory: flask.
Bumps the pip group with 2 updates in the /dialogflow directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /dialogflow-cx directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /gemma2 directory: google-cloud-aiplatform and protobuf.
Bumps the pip group with 3 updates in the /iap directory: requests, werkzeug and cryptography.
Bumps the pip group with 1 update in the /media_cdn directory: cryptography.
Bumps the pip group with 1 update in the /run/django directory: requests.

Updates nbconvert from 7.16.6 to 7.17.0

Release notes

Sourced from nbconvert's releases.

v7.17.0

7.17.0

(Full Changelog)

Enhancements made

Add support for arbitrary browser arguments #2227 (@shreve, @Carreau, @krassowski)

Bugs fixed

Fix QtPNGExporter returning empty bytes on macOS #2264 (@h3pdesign, @Carreau, @QuLogic)

Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) #2261 (@h3pdesign, @krassowski, @mberlanda, @minrk, @salmankadaya, @th3gowtham)

Fix get_export_names and get_exporter default args #2228 (@shreve, @krassowski)

PyPA-Compliant Summary #2226 (@hackowitz-af, @Carreau)

Maintenance and upkeep improvements

avoid cov environment on free-threaded Pythons #2267 (@minrk)

update pre-commit, and fix all issues. #2238 (@Carreau)

Drop test on 3.9, test on 3.13, 3.14, 3.14t #2237 (@Carreau)

Bump the actions group across 1 directory with 2 updates #2231 (@Carreau, @krassowski)

Replace @flaky.flaky decorate with pytest marker #2229 (@mgorny, @Carreau)

update to mermaid 11.10.0 #2224 (@bollwyvl, @krassowski)

Drop support for Python 3.8, fix the CI tests #2221 (@shreve, @minrk)

Documentation improvements

Use intersphinx_registry #2232 (@Carreau, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@bollwyvl (activity) | @Carreau (activity) | @h3pdesign (activity) | @hackowitz-af (activity) | @krassowski (activity) | @mberlanda (activity) | @mgorny (activity) | @minrk (activity) | @MSeal (activity) | @QuLogic (activity) | @salmankadaya (activity) | @shreve (activity) | @th3gowtham (activity)

Changelog

Sourced from nbconvert's changelog.

7.17.0

(Full Changelog)

Enhancements made

Add support for arbitrary browser arguments #2227 (@shreve, @Carreau, @krassowski)

Bugs fixed

Fix QtPNGExporter returning empty bytes on macOS #2264 (@h3pdesign, @Carreau, @QuLogic)

Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) #2261 (@h3pdesign, @krassowski, @mberlanda, @minrk, @salmankadaya, @th3gowtham)

Fix get_export_names and get_exporter default args #2228 (@shreve, @krassowski)

PyPA-Compliant Summary #2226 (@hackowitz-af, @Carreau)

Maintenance and upkeep improvements

avoid cov environment on free-threaded Pythons #2267 (@minrk)

update pre-commit, and fix all issues. #2238 (@Carreau)

Drop test on 3.9, test on 3.13, 3.14, 3.14t #2237 (@Carreau)

Bump the actions group across 1 directory with 2 updates #2231 (@Carreau, @krassowski)

Replace @flaky.flaky decorate with pytest marker #2229 (@mgorny, @Carreau)

update to mermaid 11.10.0 #2224 (@bollwyvl, @krassowski)

Drop support for Python 3.8, fix the CI tests #2221 (@shreve, @minrk)

Documentation improvements

Use intersphinx_registry #2232 (@Carreau, @krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@bollwyvl (activity) | @Carreau (activity) | @h3pdesign (activity) | @hackowitz-af (activity) | @krassowski (activity) | @mberlanda (activity) | @mgorny (activity) | @minrk (activity) | @MSeal (activity) | @QuLogic (activity) | @salmankadaya (activity) | @shreve (activity) | @th3gowtham (activity)

Commits

21b35d8 Publish 7.17.0
c9ac1d1 Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...
b13276d avoid cov environment on free-threaded Pythons (#2267)
7c7055f [pre-commit.ci] auto fixes from pre-commit.com hooks
74f3ddd Fix QtPNGExporter returning empty bytes on macOS
216550b fix links
39777ac try to comment fialing test
7b591ca ruff-check
6ec7638 parent
59414b3 fix mypy
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.28.2 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.28.2 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in

Package Dependencies

Package:
werkzeug

Ecosystem:
pip

Version Change:
2.2.3 → 3.1.6

Update Type:
Major

Package:
protobuf

Ecosystem:
pip

Version Change:
4.23.4 → 5.29.6

Update Type:
Major

Package:
google-cloud-aiplatform

Ecosystem:
pip

Version Change:
1.27.1 → 1.133.0

Update Type:
Minor

Package:
black

Ecosystem:
pip

Version Change:
23.1a1 → 26.3.1

Package:
flask

Ecosystem:
pip

Version Change:
2.2.5 → 3.1.3

Update Type:
Major

Package:
cryptography

Ecosystem:
pip

Version Change:
40.0.2 → 46.0.6

Update Type:
Major

Package:
pyopenssl

Ecosystem:
pip

Version Change:
23.2.0 → 26.0.0

Update Type:
Major

Package:
requests

Ecosystem:
pip

Version Change:
2.31.0 → 2.33.0

Update Type:
Minor

Package:
apache-airflow

Ecosystem:
pip

Version Change:
2.6.3 → 3.2.0b1

Update Type:
Major

Security Advisories

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

GHSA-xm59-rqc7-hhvf CVE-2025-53000 HIGH

### Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a [Wi...

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

GHSA-gc5v-m9x4-r6x2 CVE-2026-25645 MODERATE

### Impact The `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file a...

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`15457010`
UUID:	`4226288785`
Node ID:	`PR_kwDOOK9uiM7Q4UnT`
Host:	GitHub
Repository:	Reality2byte/python-docs-samples