Skip to content

chore(deps): update dependency requests to v2.32.4 [security]#13988

Merged
parthea merged 1 commit into
googleapis:mainfrom
renovate-bot:renovate/pypi-requests-vulnerability
Jun 10, 2025
Merged

chore(deps): update dependency requests to v2.32.4 [security]#13988
parthea merged 1 commit into
googleapis:mainfrom
renovate-bot:renovate/pypi-requests-vulnerability

Conversation

@renovate-bot

@renovate-bot renovate-bot commented Jun 10, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) ==2.32.3 -> ==2.32.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

Release Notes

psf/requests (requests)

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested a review from a team June 10, 2025 08:57
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 10, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from b93a8a7 to 5199a97 Compare June 10, 2025 17:53
@trusted-contributions-gcf trusted-contributions-gcf Bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 5199a97 to a64e0c3 Compare June 10, 2025 18:01
@trusted-contributions-gcf trusted-contributions-gcf Bot added the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@parthea parthea merged commit 237edf2 into googleapis:main Jun 10, 2025
20 checks passed
@renovate-bot renovate-bot deleted the renovate/pypi-requests-vulnerability branch June 10, 2025 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@parthea parthea parthea approved these changes

Assignees

No one assigned

Labels

kokoro:force-run Add this label to force Kokoro to re-run the tests.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@renovate-bot @parthea