Skip to content

Bump requests from 2.34.1 to 2.34.2#177

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/pip/requests-2.34.2
Jun 4, 2026
Merged

Bump requests from 2.34.1 to 2.34.2#177
github-actions[bot] merged 1 commit into
mainfrom
dependabot/pip/requests-2.34.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps requests from 2.34.1 to 2.34.2.

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [requests](https://github.com/psf/requests) from 2.34.1 to 2.34.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.34.1...v2.34.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner June 4, 2026 23:42
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 4, 2026

@senzingdevops senzingdevops left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions github-actions Bot enabled auto-merge (squash) June 4, 2026 23:42
@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown

🤖 Claude Code Review


Code Review: requests Dependency Bump (2.34.1 → 2.34.2)

This PR contains a single change: bumping requests from 2.34.1 to 2.34.2 in requirements.txt.


Code Quality

  • Style guide — A one-line version bump in requirements.txt has no style concerns.
  • No commented-out code — Not applicable.
  • Meaningful variable names — Not applicable.
  • DRY principle — Not applicable.
  • Defects / security — A patch-level bump (2.34.12.34.2) in the requests library is a routine maintenance update. No logic changes introduced.
  • Project memory (.claude/CLAUDE.md) — No project-level Claude configuration file exists; nothing to consider.

Testing

  • Unit/integration tests — No new functions or endpoints were added; no new tests are required for a dependency version bump.
  • Edge cases — Not applicable.
  • Test coverage — Not applicable.

Documentation

  • CHANGELOG.md not updated — The CHANGELOG.md exists and follows a structured format, but this dependency bump is not reflected in it. Dependency bumps (especially security or bug-fix patches) should typically be recorded. Consider adding an entry under a new version heading, e.g.:
    ## [Unreleased]
    ### Changed
    - Bump requests from 2.34.1 to 2.34.2
  • README — No change needed.
  • API docs / inline comments — Not applicable.
  • Markdown formatting — No Markdown files were modified.

Security

  • No hardcoded credentials — Not applicable.
  • Input validation — Not applicable.
  • Error handling — Not applicable.
  • No sensitive data in logs — Not applicable.
  • No license files (.lic) or AQAAAD-prefixed content — None present in this diff.

Summary

Category Status
Code Quality ✅ Pass
Testing ✅ Pass
Documentation ❌ CHANGELOG not updated
Security ✅ Pass

One minor finding: CHANGELOG.md (requirements.txt line 3) — the patch bump is not documented. Everything else is clean; this is a safe, routine dependency update.

Automated code review analyzing defects and coding standards

@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions github-actions Bot merged commit bd03a77 into main Jun 4, 2026
15 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/requests-2.34.2 branch June 4, 2026 23:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants