Skip to content

Update dependency requests to v2.32.4 [SECURITY] #969

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency requests to v2.32.4 [SECURITY] #969

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 10, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) ==2.32.3 -> ==2.32.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

Release Notes

psf/requests (requests)

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Update dependency requests to v2.32.4 [SECURITY]
331a816 
| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| pypi       | requests | 2.32.3 | 2.32.4 |


Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jun 10, 2025
@renovate renovate bot requested a review from a team as a code owner June 10, 2025 08:46
@renovate renovate bot added the python Pull requests that update Python code label Jun 10, 2025
@renovate renovate bot enabled auto-merge (squash) June 10, 2025 08:46
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants