Skip to content

Update requests dependency to >=2.33.0 (CVE-2026-25645) #256

Open
Open
Update requests dependency to >=2.33.0 (CVE-2026-25645)#256
@luyiourwong

Description

@luyiourwong
luyiourwong
opened on Apr 2, 2026

The current pinned version requests==2.32.3 is vulnerable to CVE-2026-25645.

While this library's standard usage is not directly affected, users who integrate this package with other dependencies that call requests.utils.extract_zipped_paths() could be exposed to this vulnerability.

Additionally, updating to >=2.33.0 will eliminate security warnings when users scan their dependencies.

Recommendation:
Update requirements.txt to use requests==2.33.0 instead of requests==2.32.3.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions