Upgrade requests to 2.33.0

news/requests.vendor.rst

@@ -0,0 +1 @@
+Upgrade requests to 2.33.0

src/pip/_vendor/requests/__init__.py

@@ -68,8 +68,8 @@ def check_compatibility(urllib3_version, chardet_version, charset_normalizer_ver
     if chardet_version:
         major, minor, patch = chardet_version.split(".")[:3]
         major, minor, patch = int(major), int(minor), int(patch)
-        # chardet_version >= 3.0.2, < 6.0.0
-        assert (3, 0, 2) <= (major, minor, patch) < (6, 0, 0)
+        # chardet_version >= 3.0.2, < 8.0.0
+        assert (3, 0, 2) <= (major, minor, patch) < (8, 0, 0)
     elif charset_normalizer_version:
         major, minor, patch = charset_normalizer_version.split(".")[:3]
         major, minor, patch = int(major), int(minor), int(patch)
@@ -88,8 +88,8 @@ def _check_cryptography(cryptography_version):
         return
 
     if cryptography_version < [1, 3, 4]:
-        warning = "Old version of cryptography ({}) may cause slowdown.".format(
-            cryptography_version
+        warning = (
+            f"Old version of cryptography ({cryptography_version}) may cause slowdown."
         )
         warnings.warn(warning, RequestsDependencyWarning)
 
@@ -101,10 +101,9 @@ def _check_cryptography(cryptography_version):
     )
 except (AssertionError, ValueError):
     warnings.warn(
-        "urllib3 ({}) or chardet ({})/charset_normalizer ({}) doesn't match a supported "
-        "version!".format(
-            urllib3.__version__, chardet_version, charset_normalizer_version
-        ),
+        f"urllib3 ({urllib3.__version__}) or chardet "
+        f"({chardet_version})/charset_normalizer ({charset_normalizer_version}) "
+        "doesn't match a supported version!",
         RequestsDependencyWarning,
     )
 

src/pip/_vendor/requests/__version__.py

@@ -5,8 +5,8 @@
 __title__ = "requests"
 __description__ = "Python HTTP for Humans."
 __url__ = "https://requests.readthedocs.io"
-__version__ = "2.32.5"
-__build__ = 0x023205
+__version__ = "2.33.0"
+__build__ = 0x023300
 __author__ = "Kenneth Reitz"
 __author_email__ = "me@kennethreitz.org"
 __license__ = "Apache-2.0"

src/pip/_vendor/requests/_internal_utils.py

@@ -5,6 +5,7 @@
 Provides utility functions that are consumed internally by Requests
 which depend on extremely few external helpers (such as compat)
 """
+
 import re
 
 from .compat import builtin_str

src/pip/_vendor/requests/adapters.py

@@ -11,17 +11,19 @@
 import typing
 import warnings
 
-from pip._vendor.urllib3.exceptions import ClosedPoolError, ConnectTimeoutError
-from pip._vendor.urllib3.exceptions import HTTPError as _HTTPError
-from pip._vendor.urllib3.exceptions import InvalidHeader as _InvalidHeader
 from pip._vendor.urllib3.exceptions import (
+    ClosedPoolError,
+    ConnectTimeoutError,
     LocationValueError,
     MaxRetryError,
     NewConnectionError,
     ProtocolError,
+    ReadTimeoutError,
+    ResponseError,
 )
+from pip._vendor.urllib3.exceptions import HTTPError as _HTTPError
+from pip._vendor.urllib3.exceptions import InvalidHeader as _InvalidHeader
 from pip._vendor.urllib3.exceptions import ProxyError as _ProxyError
-from pip._vendor.urllib3.exceptions import ReadTimeoutError, ResponseError
 from pip._vendor.urllib3.exceptions import SSLError as _SSLError
 from pip._vendor.urllib3.poolmanager import PoolManager, proxy_from_url
 from pip._vendor.urllib3.util import Timeout as TimeoutSauce
@@ -47,7 +49,6 @@
 from .structures import CaseInsensitiveDict
 from .utils import (
     DEFAULT_CA_BUNDLE_PATH,
-    extract_zipped_paths,
     get_auth_from_url,
     get_encoding_from_headers,
     prepend_scheme_if_needed,
@@ -76,9 +77,9 @@ def SOCKSProxyManager(*args, **kwargs):
 def _urllib3_request_context(
     request: "PreparedRequest",
     verify: "bool | str | None",
-    client_cert: "typing.Tuple[str, str] | str | None",
+    client_cert: "tuple[str, str] | str | None",
     poolmanager: "PoolManager",
-) -> "(typing.Dict[str, typing.Any], typing.Dict[str, typing.Any])":
+) -> "(dict[str, typing.Any], dict[str, typing.Any])":
     host_params = {}
     pool_kwargs = {}
     parsed_request_url = urlparse(request.url)
@@ -297,7 +298,7 @@ def cert_verify(self, conn, url, verify, cert):
                 cert_loc = verify
 
             if not cert_loc:
-                cert_loc = extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
+                cert_loc = DEFAULT_CA_BUNDLE_PATH
 
             if not cert_loc or not os.path.exists(cert_loc):
                 raise OSError(

src/pip/_vendor/requests/auth.py

@@ -35,19 +35,19 @@ def _basic_auth_str(username, password):
     if not isinstance(username, basestring):
         warnings.warn(
             "Non-string usernames will no longer be supported in Requests "
-            "3.0.0. Please convert the object you've passed in ({!r}) to "
+            f"3.0.0. Please convert the object you've passed in ({username!r}) to "
             "a string or bytes object in the near future to avoid "
-            "problems.".format(username),
+            "problems.",
             category=DeprecationWarning,
         )
         username = str(username)
 
     if not isinstance(password, basestring):
         warnings.warn(
             "Non-string passwords will no longer be supported in Requests "
-            "3.0.0. Please convert the object you've passed in ({!r}) to "
+            f"3.0.0. Please convert the object you've passed in ({type(password)!r}) to "
             "a string or bytes object in the near future to avoid "
-            "problems.".format(type(password)),
+            "problems.",
             category=DeprecationWarning,
         )
         password = str(password)

src/pip/_vendor/requests/certs.py

@@ -11,6 +11,7 @@
 environment, you can change the definition of where() to return a separately
 packaged CA bundle.
 """
+
 from pip._vendor.certifi import where
 
 if __name__ == "__main__":

src/pip/_vendor/requests/exceptions.py

@@ -4,6 +4,7 @@
 
 This module contains the set of Requests' exceptions.
 """
+
 from pip._vendor.urllib3.exceptions import HTTPError as BaseHTTPError
 
 from .compat import JSONDecodeError as CompatJSONDecodeError

src/pip/_vendor/requests/help.py

@@ -40,11 +40,8 @@ def _implementation():
     if implementation == "CPython":
         implementation_version = platform.python_version()
     elif implementation == "PyPy":
-        implementation_version = "{}.{}.{}".format(
-            sys.pypy_version_info.major,
-            sys.pypy_version_info.minor,
-            sys.pypy_version_info.micro,
-        )
+        pypy = sys.pypy_version_info
+        implementation_version = f"{pypy.major}.{pypy.minor}.{pypy.micro}"
         if sys.pypy_version_info.releaselevel != "final":
             implementation_version = "".join(
                 [implementation_version, sys.pypy_version_info.releaselevel]

src/pip/_vendor/requests/hooks.py

@@ -9,6 +9,7 @@
 ``response``:
     The response generated from a Request.
 """
+
 HOOKS = ["response"]
 
 

src/pip/_vendor/requests/models.py

@@ -34,9 +34,11 @@
     builtin_str,
     chardet,
     cookielib,
+    urlencode,
+    urlsplit,
+    urlunparse,
 )
 from .compat import json as complexjson
-from .compat import urlencode, urlsplit, urlunparse
 from .cookies import _copy_cookie_jar, cookiejar_from_dict, get_cookie_header
 from .exceptions import (
     ChunkedEncodingError,
@@ -45,11 +47,11 @@
     HTTPError,
     InvalidJSONError,
     InvalidURL,
+    MissingSchema,
+    StreamConsumedError,
 )
 from .exceptions import JSONDecodeError as RequestsJSONDecodeError
-from .exceptions import MissingSchema
 from .exceptions import SSLError as RequestsSSLError
-from .exceptions import StreamConsumedError
 from .hooks import default_hooks
 from .status_codes import codes
 from .structures import CaseInsensitiveDict

src/pip/_vendor/requests/sessions.py

@@ -5,6 +5,7 @@
 This module provides a Session object to manage and persist settings across
 requests (cookies, auth, proxies).
 """
+
 import os
 import sys
 import time
@@ -421,6 +422,8 @@ def __init__(self):
         #: expired certificates, which will make your application vulnerable to
         #: man-in-the-middle (MitM) attacks.
         #: Only set this to `False` for testing.
+        #: If verify is set to a string, it must be the path to a CA bundle file
+        #: that will be used to verify the TLS certificate.
         self.verify = True
 
         #: SSL client certificate default, if String, path to ssl client

src/pip/_vendor/requests/utils.py

@@ -39,9 +39,6 @@
     getproxies_environment,
     integer_types,
     is_urllib3_1,
-)
-from .compat import parse_http_list as _parse_list_header
-from .compat import (
     proxy_bypass,
     proxy_bypass_environment,
     quote,
@@ -50,6 +47,7 @@
     urlparse,
     urlunparse,
 )
+from .compat import parse_http_list as _parse_list_header
 from .cookies import cookiejar_from_dict
 from .exceptions import (
     FileModeWarning,
@@ -61,6 +59,7 @@
 
 NETRC_FILES = (".netrc", "_netrc")
 
+# Certificate is extracted by certifi when needed.
 DEFAULT_CA_BUNDLE_PATH = certs.where()
 
 DEFAULT_PORTS = {"http": 80, "https": 443}
@@ -233,7 +232,7 @@ def get_netrc_auth(url, raise_errors=False):
 
         try:
             _netrc = netrc(netrc_path).authenticators(host)
-            if _netrc:
+            if _netrc and any(_netrc):
                 # Return with login / password
                 login_i = 0 if _netrc[0] else 1
                 return (_netrc[login_i], _netrc[2])
@@ -283,12 +282,13 @@ def extract_zipped_paths(path):
         return path
 
     # we have a valid zip archive and a valid member of that archive
-    tmp = tempfile.gettempdir()
-    extracted_path = os.path.join(tmp, member.split("/")[-1])
-    if not os.path.exists(extracted_path):
-        # use read + write to avoid the creating nested folders, we only want the file, avoids mkdir racing condition
-        with atomic_open(extracted_path) as file_handler:
-            file_handler.write(zip_file.read(member))
+    suffix = os.path.splitext(member.split("/")[-1])[-1]
+    fd, extracted_path = tempfile.mkstemp(suffix=suffix)
+    try:
+        os.write(fd, zip_file.read(member))
+    finally:
+        os.close(fd)
+
     return extracted_path
 
 

src/pip/_vendor/vendor.txt

@@ -5,7 +5,7 @@ msgpack==1.1.2
 packaging==26.0
 platformdirs==4.5.1
 pyproject-hooks==1.2.0
-requests==2.32.5
+requests==2.33.0
     certifi==2026.1.4
     idna==3.11
     urllib3==1.26.20