Bump requests from 2.33.0 to 2.33.1

[dependabot]

Bumps requests from 2.33.0 to 2.33.1.

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Summary

This PR is a routine dependency bump of the requests library from 2.33.0 to 2.33.1, applied only to the test extras in pyproject.toml. The change is minimal and low-risk.

• Upgrades requests (test dependency) from 2.33.0 → 2.33.1 in pyproject.toml
• The 2.33.1 release is a patch-level bugfix that fixes Content-Type header parsing for malformed values, improves error consistency for malformed header values, and includes test cleanup related to CVE-2026-25645
• requests is only listed under the [test] extras, so this has no impact on the core library or production runtime behavior
• The Dependabot compatibility score indicates high confidence in the upgrade being non-breaking

Confidence Score: 5/5

• This PR is safe to merge — it is a single-line patch-level dependency bump with no breaking changes and no production impact.
• The change is a minimal patch bump of a test-only dependency. No logic, APIs, or runtime code are affected. The upstream release notes confirm only bugfixes with no breaking changes, and the Dependabot compatibility score is high.
• No files require special attention.

Important Files Changed

Filename	Overview
pyproject.toml	Bumps the requests test dependency from 2.33.0 to 2.33.1 — a patch-level bugfix release with no breaking changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[dependabot opens PR] --> B[pyproject.toml updated]
    B --> C{Which extras?}
    C --> D[test extras only]
    D --> E["requests 2.33.0 → 2.33.1"]
    E --> F[Patch release: bugfixes only]
    F --> G[Content-Type header parsing fixed]
    F --> H[Malformed header error consistency improved]
    F --> I[CVE-2026-25645 test cleanup]
    G & H & I --> J[No runtime / production impact]
    J --> K[Safe to merge]

Loading

_{Reviews (1): Last reviewed commit: "Bump requests from 2.33.0 to 2.33.1" | Re-trigger Greptile}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.40%. Comparing base (4fa9e7a) to head (aa3ea37).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #699   +/-   ##
=======================================
  Coverage   74.40%   74.40%           
=======================================
  Files          56       56           
  Lines        8026     8026           
  Branches     1570     1570           
=======================================
  Hits         5972     5972           
  Misses       1437     1437           
  Partials      617      617           

Flag	Coverage Δ
3.10	74.40% <ø> (ø)
3.11	74.40% <ø> (ø)
3.12	74.40% <ø> (ø)
3.13	74.40% <ø> (ø)
macos-latest	74.38% <ø> (ø)
ubuntu-latest	74.38% <ø> (ø)
windows-latest	74.39% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.