scripts (#21875)

chia7712 Tue, 31 Mar 2026 02:08:45 -0700

This is an automated email from the ASF dual-hosted git repository.

chia7712 pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git



The following commit(s) were added to refs/heads/trunk by this push:
     new 9812461584c MINOR: Bump requests from 2.32.4 to 2.33.0 in 
/.github/scripts (#21875)
9812461584c is described below

commit 9812461584ce4d1088b6c32eccc1b36c26a83416
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Mar 31 17:08:24 2026 +0800

    MINOR: Bump requests from 2.32.4 to 2.33.0 in /.github/scripts (#21875)
    
    Bumps [requests](https://github.com/psf/requests) from 2.32.4 to 2.33.0.
    <details> <summary>Release notes</summary> <p><em>Sourced from <a
    href="https://github.com/psf/requests/releases";>requests's
    releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0
    (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣
    Requests is adding inline types. If you have a typed code base that uses
    Requests, please take a look at <a
    href="https://redirect.github.com/psf/requests/issues/7271";>#7271</a>.
    Give it a try, and report any gaps or feedback you may have in the
    issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul>
    <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
    extracts contents to a non-deterministic location to prevent malicious
    file replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.</li> </ul>
    <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517
    build system using setuptools. (<a
    
    href="https://redirect.github.com/psf/requests/issues/7012";>#7012</a>)</li>
    </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an
    empty netrc entry could cause malformed authentication to be applied to
    Requests on Python 3.11+. (<a
    
    href="https://redirect.github.com/psf/requests/issues/7205";>#7205</a>)</li>
    </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for
    Python 3.9 following its end of support. (<a
    
    href="https://redirect.github.com/psf/requests/issues/7196";>#7196</a>)</li>
    </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes
    and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a
    href="https://github.com/M0d3v1";><code>@M0d3v1</code></a> made their
    first contribution in <a
    
    
href="https://redirect.github.com/psf/requests/pull/6865";>psf/requests#6865</a></li>
    <li><a href="https://github.com/aminvakil";><code>@aminvakil</code></a>
    made their first contribution in <a
    
    
href="https://redirect.github.com/psf/requests/pull/7220";>psf/requests#7220</a></li>
    <li><a href="https://github.com/E8Price";><code>@E8Price</code></a> made
    their first contribution in <a
    
    
href="https://redirect.github.com/psf/requests/pull/6960";>psf/requests#6960</a></li>
    <li><a href="https://github.com/mitre88";><code>@mitre88</code></a> made
    their first contribution in <a
    
    
href="https://redirect.github.com/psf/requests/pull/7244";>psf/requests#7244</a></li>
    <li><a href="https://github.com/magsen";><code>@magsen</code></a> made
    their first contribution in <a
    
    
href="https://redirect.github.com/psf/requests/pull/6553";>psf/requests#6553</a></li>
    <li><a
    href="https://github.com/Rohan5commit";><code>@Rohan5commit</code></a>
    made their first contribution in <a
    
    
href="https://redirect.github.com/psf/requests/pull/7227";>psf/requests#7227</a></li>
    </ul> <p><strong>Full Changelog</strong>: <a
    
    
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25";>https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p>
    <h2>v2.32.5</h2> <h2>2.32.5 (2025-08-18)</h2>
    <p><strong>Bugfixes</strong></p> <ul> <li>The SSLContext caching feature
    originally introduced in 2.32.0 has created a new class of issues in
    Requests that have had negative impact across a number of use cases. The
    Requests team has decided to revert this feature as long term
    maintenance of it is proving to be unsustainable in its current
    iteration.</li> </ul> <p><strong>Deprecations</strong></p> <ul>
    <li>Added support for Python 3.14.</li> <li>Dropped support for Python
    3.8 following its end of support.</li> </ul> </blockquote> </details>
    <details> <summary>Changelog</summary> <p><em>Sourced from <a
    href="https://github.com/psf/requests/blob/main/HISTORY.md";>requests's
    changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2>
    <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding
    inline types. If you have a typed code base that uses Requests, please
    take a look at <a
    href="https://redirect.github.com/psf/requests/issues/7271";>#7271</a>.
    Give it a try, and report any gaps or feedback you may have in the
    issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul>
    <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
    extracts contents to a non-deterministic location to prevent malicious
    file replacement. This does not affect default usage of Requests, only
    applications calling the utility function directly.</li> </ul>
    <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517
    build system using setuptools. (<a
    
    href="https://redirect.github.com/psf/requests/issues/7012";>#7012</a>)</li>
    </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an
    empty netrc entry could cause malformed authentication to be applied to
    Requests on Python 3.11+. (<a
    
    href="https://redirect.github.com/psf/requests/issues/7205";>#7205</a>)</li>
    </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for
    Python 3.9 following its end of support. (<a
    
    href="https://redirect.github.com/psf/requests/issues/7196";>#7196</a>)</li>
    </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes
    and doc improvements.</li> </ul> <h2>2.32.5 (2025-08-18)</h2>
    <p><strong>Bugfixes</strong></p> <ul> <li>The SSLContext caching feature
    originally introduced in 2.32.0 has created a new class of issues in
    Requests that have had negative impact across a number of use cases. The
    Requests team has decided to revert this feature as long term
    maintenance of it is proving to be unsustainable in its current
    iteration.</li> </ul> <p><strong>Deprecations</strong></p> <ul>
    <li>Added support for Python 3.14.</li> <li>Dropped support for Python
    3.8 following its end of support.</li> </ul> </blockquote> </details>
    <details> <summary>Commits</summary> <ul> <li><a
    
    
href="https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761";><code>bc04dfd</code></a>
    v2.33.0</li> <li><a
    
    
href="https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7";><code>66d21cb</code></a>
    Merge commit from fork</li> <li><a
    
    
href="https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028";><code>8b9bc8f</code></a>
    Move badges to top of README (<a
    
    href="https://redirect.github.com/psf/requests/issues/7293";>#7293</a>)</li>
    <li><a
    
    
href="https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286";><code>e331a28</code></a>
    Remove unused extraction call (<a
    
    href="https://redirect.github.com/psf/requests/issues/7292";>#7292</a>)</li>
    <li><a
    
    
href="https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29";><code>753fd08</code></a>
    docs: fix FAQ grammar in httplib2 example</li> <li><a
    
    
href="https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71";><code>774a0b8</code></a>
    docs(socks): same block as other sections</li> <li><a
    
    
href="https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303";><code>9c72a41</code></a>
    Bump github/codeql-action from 4.33.0 to 4.34.1</li> <li><a
    
    
href="https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be";><code>ebf7190</code></a>
    Bump github/codeql-action from 4.32.0 to 4.33.0</li> <li><a
    
    
href="https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798";><code>0e4ae38</code></a>
    docs: exclude Response.is_permanent_redirect from API docs (<a
    
    href="https://redirect.github.com/psf/requests/issues/7244";>#7244</a>)</li>
    <li><a
    
    
href="https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a";><code>d568f47</code></a>
    docs: clarify Quickstart POST example (<a
    
    href="https://redirect.github.com/psf/requests/issues/6960";>#6960</a>)</li>
    <li>Additional commits viewable in <a
    href="https://github.com/psf/requests/compare/v2.32.4...v2.33.0";>compare
    view</a></li> </ul> </details> <br />
    
    [![Dependabot compatibility
    
    
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.4&new-version=2.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end)
    
    Reviewers: Chia-Ping Tsai <[email protected]>
    
    ---
    
    <details> <summary>Dependabot commands and options</summary> <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts page](https://github.com/apache/kafka/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/scripts/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/scripts/requirements.txt b/.github/scripts/requirements.txt
index d3fcf50bb74..035711bb745 100644
--- a/.github/scripts/requirements.txt
+++ b/.github/scripts/requirements.txt
@@ -16,4 +16,4 @@
 # Note: Ensure the 'requests' version here matches the version in 
tests/setup.py
 PyYAML~=6.0
 pytz==2024.2
-requests==2.32.4
+requests==2.33.0

(kafka) branch trunk updated: MINOR: Bump requests from 2.32.4 to 2.33.0 in /.github/scripts (#21875)

Reply via email to