Bump requests to ~=2.33.0#6
Merged
marc-queiroz merged 1 commit intoMay 12, 2026
Merged
Conversation
Aligns granulate-utils with the runtime requests pin used by consumers, unblocking environments that need to install both this package and a top-level project pinning requests==2.33.0. requests 2.33.0 carries the upstream fixes for CVE-2024-47081 (.netrc credential leak via malicious URLs). Made-with: Cursor
artursarlo
approved these changes
May 12, 2026
artursarlo
left a comment
artursarlo
left a comment
There was a problem hiding this comment.
LGTM. Tested locally with local backend build. Working as expected. Used pinterest/gprofiler#70 alongside this one to validate.
marc-queiroz
added a commit
to pinterest/gprofiler
that referenced
this pull request
May 13, 2026
Pins requests==2.33.0 (was ==2.32.4) to pick up the upstream fix for CVE-2024-47081 (.netrc credential leak via crafted URLs). This PR is self-contained: a fresh `pip install -r requirements.txt` resolves cleanly after merge. Changes: - requirements.txt: requests==2.32.4 -> 2.33.0 - granulate-utils submodule pointer: d57bcd0 -> 094d4116 Advances to pinterest/granulate-utils@master following pinterest/granulate-utils#6, which bumped granulate-utils to `requests~=2.33.0`. Without this advance the submodule would continue to pin `~=2.32.4` and pip would report a resolver conflict against the new top-level pin. - .gitmodules: corrects the URL to pinterest/granulate-utils. The pinned commit (and every Pinterest-only commit since this fork diverged from intel) lives on pinterest/granulate-utils, not intel. Before this fix, a fresh `git clone --recurse-submodules` of master could not check out the submodule, since the pinned commit isn't reachable from intel's master. Co-authored-by: Cursor <[email protected]>
marc-queiroz
added a commit
to pinterest/gprofiler
that referenced
this pull request
May 13, 2026
Pins requests==2.33.0 (was ==2.32.4) to pick up the upstream fix for CVE-2024-47081 (.netrc credential leak via crafted URLs). This PR is self-contained: a fresh `pip install -r requirements.txt` resolves cleanly after merge. Changes: - requirements.txt: requests==2.32.4 -> 2.33.0 - granulate-utils submodule pointer: d57bcd0 -> 094d4116 Advances to pinterest/granulate-utils@master following pinterest/granulate-utils#6, which bumped granulate-utils to `requests~=2.33.0`. Without this advance the submodule would continue to pin `~=2.32.4` and pip would report a resolver conflict against the new top-level pin. - .gitmodules: corrects the URL to pinterest/granulate-utils. The pinned commit (and every Pinterest-only commit since this fork diverged from intel) lives on pinterest/granulate-utils, not intel. Before this fix, a fresh `git clone --recurse-submodules` of master could not check out the submodule, since the pinned commit isn't reachable from intel's master. Co-authored-by: Cursor <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps
requestsfrom~=2.32.4to~=2.33.0on this fork'smaster,matching what
intel/granulate-utils@masteralready pins.Why
intel/granulate-utils@masterhas shippedrequests~=2.33.0for awhile; this fork has been carrying the older
~=2.32.4and is nowbehind on this pin.
requests==2.33.0ships the upstream fix for CVE-2024-47081(.netrc credential leak via crafted URLs).
pinterest/gprofiler) want to pinrequests==2.33.0at the top level. They currently can't, becausethis package's
~=2.32.4specifier excludes the 2.33.x line andpipreports a resolver conflict.Scope
requirements.txtonly. One line, version specifier change.every call site used here (
Sender,metadata.cloud, test stubs).Test plan
pip install -r requirements.txtresolves cleanly in a fresh venv.pytest testscollection still passes (no behavior change).Downstream
Once this lands on master, a follow-up PR in
pinterest/gprofilerwilladvance the submodule pointer to the merge commit produced here. That
unblocks
pinterest/gprofiler#70(currently Draft due to the resolverconflict).