Skip to content

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 10, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) 2.32.3 -> 2.32.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2


Release Notes

psf/requests (requests)

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the not bug or enhancement PR is not 'bug' or 'enhancement'. For release notes label Jun 10, 2025
Copy link

codecov bot commented Jun 10, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.23%. Comparing base (fed4393) to head (4f6dd41).
Report is 2 commits behind head on 16/edge.

Additional details and impacted files
@@           Coverage Diff            @@
##           16/edge     #957   +/-   ##
========================================
  Coverage    70.23%   70.23%           
========================================
  Files           16       16           
  Lines         3723     3723           
  Branches       541      541           
========================================
  Hits          2615     2615           
  Misses         974      974           
  Partials       134      134           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renovate renovate bot force-pushed the renovate/16/edge-pypi-requests-vulnerability branch from 8074050 to 4f6dd41 Compare June 10, 2025 20:04
@taurus-forever taurus-forever merged commit e15d644 into 16/edge Jun 12, 2025
444 of 518 checks passed
@taurus-forever taurus-forever deleted the renovate/16/edge-pypi-requests-vulnerability branch June 12, 2025 13:33
taurus-forever pushed a commit to taurus-forever/postgresql-operator that referenced this pull request Jun 25, 2025
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
not bug or enhancement PR is not 'bug' or 'enhancement'. For release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants