chore(deps): update dependency requests to v2.32.4 [security] #1304

renovate-bot · 2025-06-10T08:44:41Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Requests (source, changelog)	`==2.32.3` -> `==2.32.4`

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

Release Notes

psf/requests (Requests)

`v2.32.4`

Compare Source

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.
Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

dpebot · 2025-06-10T17:53:51Z

/gcbrun

dpebot · 2025-06-11T00:09:25Z

/gcbrun

dpebot · 2025-06-11T05:09:57Z

/gcbrun

dpebot · 2025-06-11T14:54:41Z

/gcbrun

dpebot · 2025-06-11T21:10:56Z

/gcbrun

dpebot · 2025-06-12T04:55:42Z

/gcbrun

dpebot · 2025-06-12T14:58:25Z

/gcbrun

dpebot · 2025-06-12T21:10:00Z

/gcbrun

dpebot · 2025-06-13T03:06:29Z

/gcbrun

dpebot · 2025-06-13T07:35:38Z

/gcbrun

dpebot · 2025-06-13T13:31:55Z

/gcbrun

dpebot · 2025-06-13T19:59:43Z

/gcbrun

dpebot · 2025-06-13T23:11:39Z

/gcbrun

dpebot · 2025-06-14T02:57:23Z

/gcbrun

dpebot · 2025-06-14T07:08:05Z

/gcbrun

dpebot · 2025-06-14T11:29:38Z

/gcbrun

dpebot · 2025-06-14T15:43:53Z

/gcbrun

dpebot · 2025-06-14T19:07:21Z

/gcbrun

renovate-bot requested a review from a team as a code owner June 10, 2025 08:44

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 373e6d3 to cd224a3 Compare June 10, 2025 17:53

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from cd224a3 to eb17a5c Compare June 11, 2025 00:09

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from eb17a5c to 62ec159 Compare June 11, 2025 05:09

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 62ec159 to 74146b4 Compare June 11, 2025 14:54

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 74146b4 to 7e0043e Compare June 11, 2025 21:10

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 7e0043e to 91881f3 Compare June 12, 2025 04:55

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 91881f3 to b34d6fc Compare June 12, 2025 14:58

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from b34d6fc to 3de752c Compare June 12, 2025 21:09

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 3de752c to bdd8ac9 Compare June 13, 2025 03:06

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from bdd8ac9 to 0933da6 Compare June 13, 2025 07:35

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 0933da6 to 7486fa6 Compare June 13, 2025 13:31

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 7486fa6 to 6dee47a Compare June 13, 2025 19:59

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 6dee47a to 36d28ac Compare June 13, 2025 23:11

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 36d28ac to 78e9535 Compare June 14, 2025 02:57

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 78e9535 to 8881e04 Compare June 14, 2025 07:07

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 8881e04 to 1d0a8f7 Compare June 14, 2025 11:29

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 1d0a8f7 to 6c68897 Compare June 14, 2025 15:43

chore(deps): update dependency requests to v2.32.4 [security]

fe1d86d

renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 6c68897 to fe1d86d Compare June 14, 2025 19:07

chore(deps): update dependency requests to v2.32.4 [security] #1304

Are you sure you want to change the base?

chore(deps): update dependency requests to v2.32.4 [security] #1304

Conversation

renovate-bot commented Jun 10, 2025

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Workarounds

References

Release Notes

v2.32.4

Configuration

Uh oh!

dpebot commented Jun 10, 2025

Uh oh!

dpebot commented Jun 11, 2025

Uh oh!

dpebot commented Jun 11, 2025

Uh oh!

dpebot commented Jun 11, 2025

Uh oh!

dpebot commented Jun 11, 2025

Uh oh!

dpebot commented Jun 12, 2025

Uh oh!

dpebot commented Jun 12, 2025

Uh oh!

dpebot commented Jun 12, 2025

Uh oh!

dpebot commented Jun 13, 2025

Uh oh!

dpebot commented Jun 13, 2025

Uh oh!

dpebot commented Jun 13, 2025

Uh oh!

dpebot commented Jun 13, 2025

Uh oh!

dpebot commented Jun 13, 2025

Uh oh!

dpebot commented Jun 14, 2025

Uh oh!

dpebot commented Jun 14, 2025

Uh oh!

dpebot commented Jun 14, 2025

Uh oh!

dpebot commented Jun 14, 2025

Uh oh!

dpebot commented Jun 14, 2025

Uh oh!

Uh oh!

`v2.32.4`