Skip to content

chore(deps): bump requests from 2.31.0 to 2.34.2#42

Merged
O1ahmad merged 1 commit into
mainfrom
dependabot/pip/requests-2.34.2
Jun 19, 2026
Merged

chore(deps): bump requests from 2.31.0 to 2.34.2#42
O1ahmad merged 1 commit into
mainfrom
dependabot/pip/requests-2.34.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps requests from 2.31.0 to 2.34.2.

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 19, 2026
@O1ahmad O1ahmad mentioned this pull request Jun 19, 2026
Merged
O1ahmad added a commit that referenced this pull request Jun 19, 2026
@O1ahmad @cursoragent
fix(ci): bump python-version to 3.12 to support requests>=2.34.2
6b34a75 
requests 2.34.x requires Python >=3.10. The CI was still pinned to
3.9, causing pip to reject the version outright. Using 3.12 aligns
with the Dockerfile (3.14-slim bump in PR #44) and unblocks #42.

Co-authored-by: Cursor <[email protected]>
O1ahmad added a commit that referenced this pull request Jun 19, 2026
@O1ahmad @cursoragent
fix(ci): dummy key fallback + Python 3.12 so dependabot PRs pass
5ee2558 
* fix(ci): use dummy key fallback so dependabot PRs pass test_parse_aws

GitHub withholds secrets from dependabot PRs, so OPENAI_API_KEY
arrived as an empty string. The parser's non-empty guard then
short-circuited before the mocked requests.post was ever called,
causing test_parse_aws to fail with 0 subcommands instead of 2.
Using a literal fallback lets the parser proceed while the test
mock handles the actual HTTP call.

Co-authored-by: Cursor <[email protected]>

* fix(ci): bump python-version to 3.12 to support requests>=2.34.2

requests 2.34.x requires Python >=3.10. The CI was still pinned to
3.9, causing pip to reject the version outright. Using 3.12 aligns
with the Dockerfile (3.14-slim bump in PR #44) and unblocks #42.

Co-authored-by: Cursor <[email protected]>

---------

Co-authored-by: Cursor <[email protected]>
@O1ahmad O1ahmad closed this Jun 19, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@O1ahmad O1ahmad reopened this Jun 19, 2026
@O1ahmad

O1ahmad commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@dependabot
chore(deps): bump requests from 2.31.0 to 2.34.2
a3c6eb4 
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.34.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.34.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/pip/requests-2.34.2 branch from 9b44531 to a3c6eb4 Compare June 19, 2026 19:09
@O1ahmad O1ahmad merged commit 328a107 into main Jun 19, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/pip/requests-2.34.2 branch June 19, 2026 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@O1ahmad