Skip to content

Bump requests from 2.33.1 to 2.34.0#175

Merged
docktermj merged 1 commit into
mainfrom
dependabot/pip/requests-2.34.0
Jun 3, 2026
Merged

Bump requests from 2.33.1 to 2.34.0#175
docktermj merged 1 commit into
mainfrom
dependabot/pip/requests-2.34.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps requests from 2.33.1 to 2.34.0.

Release notes

Sourced from requests's releases.

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11

Changelog

Sourced from requests's changelog.

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [requests](https://github.com/psf/requests) from 2.33.1 to 2.34.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner June 3, 2026 17:01
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2026
@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

🤖 Claude Code Review

No project memory or CLAUDE.md found. Proceeding with the review.


Code Review

Summary: This PR bumps requests from 2.33.1 to 2.34.0 in requirements.txt.


Code Quality

  • Code style — Single-file change to requirements.txt; format is correct and consistent.
  • No commented-out code — N/A.
  • Meaningful variable names — N/A.
  • DRY principle — N/A.
  • Defects / bugs / security — This is a dependency version bump. requests 2.34.0 is a minor version bump from 2.33.1; no known regressions. This is likely a routine maintenance or security patch update.
  • No CLAUDE.md present — Nothing to evaluate.

Testing

  • Unit/integration tests — No code changes; existing test suite covers dependency behavior.
  • ⚠️ Test coverage — Cannot verify test suite was run against the updated dependency. Recommend confirming CI passes with the new version before merging.

Documentation

  • README — No user-facing behavior changed; no README update needed.
  • API docs — N/A.
  • Inline comments — N/A.
  • ⚠️ CHANGELOG.md — No CHANGELOG.md update is included. Dependency bumps are typically worth noting in the changelog (e.g., under a "Dependencies" or "Maintenance" section). Verify whether this project's convention requires it.
  • Markdown formatting — N/A.

Security

  • No hardcoded credentials — N/A.
  • Input validation — N/A.
  • Error handling — N/A.
  • No sensitive data in logs — N/A.
  • No license files (.lic) or AQAAAD-prefixed strings — None present.

Overall

This is a straightforward, low-risk dependency version bump. The only minor items to confirm:

  1. CI passes with requests==2.34.0.
  2. CHANGELOG.md — check project convention on whether dependency bumps are recorded there.

No blockers identified.

Automated code review analyzing defects and coding standards

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj merged commit eadf5d4 into main Jun 3, 2026
15 checks passed
@docktermj docktermj deleted the dependabot/pip/requests-2.34.0 branch June 3, 2026 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants