Update dependency requests to v2.28.1

Merged TYPO3 Renovate Bot requested to merge renovate/requests-2.x into master

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) ~=2.26.0 -> ==2.28.1 age adoption passing confidence

Release Notes



Compare Source


  • Speed optimization in iter_content with transition to yield from. (#​6170)


  • Added support for chardet 5.0.0 (#​6179)
  • Added support for charset-normalizer 2.1.0 (#​6169)


Compare Source


  • ️ Requests has officially dropped support for Python 2.7. ️ (#​6091)
  • Requests has officially dropped support for Python 3.6 (including pypy3.6). (#​6091)


  • Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#​6097)
  • Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#​6154)
  • Added provisional 3.11 support with current beta build. (#​6155)
  • Requests got a makeover and we decided to paint it black. (#​6095)


  • Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#​6074)
  • Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#​6057)
  • Fixed issue where invalid Windows registry entires caused proxy resolution to raise an exception rather than ignoring the entry. (#​6149)
  • Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#​6036)


Compare Source


  • Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#​6028)


Compare Source


  • Officially added support for Python 3.10. (#​5928)

  • Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#​5856)

  • Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#​6017)

  • Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#​5917)


  • Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#​5851)

  • Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#​5239)

  • Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#​5914)

  • Fixed bug where two Host headers were sent for chunked requests. (#​5391)

  • Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#​5924)

  • Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#​5924)

  • Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#​5414)


  • Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.


📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Merge request reports