chore(deps): bump requests from 2.32.5 to 2.33.0#1930
chore(deps): bump requests from 2.32.5 to 2.33.0#1930dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.1 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
Lock file regenerated with older Poetry version
Medium Severity
The lock file was regenerated with Poetry 2.2.1 instead of the project's previous Poetry 2.3.1. This older resolver produces a fundamentally different lock file — collapsing per-Python-version package splits (e.g., removing ipython 9.x, sphinx 8.2.3, myst-parser 5.0.0, pydata-sphinx-theme 0.16.1 entries for Python 3.11+) and stripping conditional markers from dozens of packages. A PR intended to only bump requests shouldn't cause these widespread resolution changes.
| {file = "anyio-4.12.1-py3-none-any.whl", hash = "sha256:d405828884fc140aa80a3c667b8beed277f1dfedec42ba031bd6ac3db606ab6c"}, | ||
| {file = "anyio-4.12.1.tar.gz", hash = "sha256:41cfcc3a4c85d3f05c932da7c26d0201ac36f72abd4435ba90d0464a3ffed703"}, | ||
| ] | ||
| markers = {main = "extra == \"docs\""} |
There was a problem hiding this comment.
Docs-only markers stripped from many transitive dependencies
Medium Severity
Dozens of packages lost their markers = {main = "extra == \"docs\""} line, including anyio, notebook, jupyterlab, jupyter-server, jinja2, tornado, httpx, and many more. Previously these were only installed in the main group when the docs extra was requested. Now they're unconditional in the main group, so a poetry install --only main without the docs extra will pull in the entire Jupyter/notebook stack and its transitive dependencies — a major unintended expansion of the production dependency footprint.
Additional Locations (2)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) --- updated-dependencies: - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/pip/requests-2.33.0
branch
from
291d6d5 to
9d8398a
Compare
Bumps requests from 2.32.5 to 2.33.0.
Release notes
Sourced from requests's releases.
Changelog
Sourced from requests's changelog.
Commits
bc04dfdv2.33.066d21cbMerge commit from fork8b9bc8fMove badges to top of README (#7293)e331a28Remove unused extraction call (#7292)753fd08docs: fix FAQ grammar in httplib2 example774a0b8docs(socks): same block as other sections9c72a41Bump github/codeql-action from 4.33.0 to 4.34.1ebf7190Bump github/codeql-action from 4.32.0 to 4.33.00e4ae38docs: exclude Response.is_permanent_redirect from API docs (#7244)d568f47docs: clarify Quickstart POST example (#6960)Note
Low Risk
Primarily a dependency lockfile refresh; runtime impact is limited to the
requestsupgrade and its updated dependency constraints.Overview
Updates
poetry.lockto upgraderequestsfrom2.32.5to2.33.0, including tightened requirements (notablypython>=3.10, newercertifibaseline, and updated extras metadata).The lockfile is also regenerated with a different Poetry version, which rewrites environment markers and prunes/reshapes some conditional dependency entries (especially around docs/Jupyter-related packages) without changing application code.
Written by Cursor Bugbot for commit 9d8398a. This will update automatically on new commits. Configure here.