This PR contains the following updates:
| Package | Change | [Age](
https://docs.renovatebot.com/merge-confidence/) | [Confidence](
https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [requests](
https://github.com/psf/requests) ([changelog](
https://github.com/psf/requests/blob/master/HISTORY.md)) | `==2.33.1` → `==2.34.0` |  |  |
---
### Release Notes
<details>
<summary>psf/requests (requests)</summary>
### [`v2.34.0`](
https://github.com/psf/requests/blob/HEAD/HISTORY.md#2340-2026-05-11)
[Compare Source](
psf/requests@v2.33.1...v2.34.0)
**Announcements**
- Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy, pyright,
and ty. We believe types are comprehensive but if you find issues, please
report them to the pinned tracking issue.
Special thanks to [@​bastimeyer](
https://github.com/bastimeyer), [@​cthoyt](
https://github.com/cthoyt), [@​edgarrmondragon](
https://github.com/edgarrmondragon), and [@​srittau](
https://github.com/srittau) for
helping review and test the types ahead of the release. ([#​7272](
psf/requests#7272))
**Improvements**
- Digest Auth hashing algorithms have added `usedforsecurity=False` to clarify
security considerations. ([#​7310](
psf/requests#7310))
- Requests added support for Python 3.15 based on beta1. Downstream projects
should be able to start testing prior to its release in October. ([#​7422](
psf/requests#7422))
- Requests added support for Python 3.14t. ([#​7419](
psf/requests#7419))
**Bugfixes**
- `Response.history` no longer contains a reference to itself, preventing
accidental looping when traversing the history list. ([#​7328](
psf/requests#7328))
- Requests no longer performs greedy matching on no\_proxy domains. The
proxy\_bypass implementation has been updated with CPython's fix from
bpo-39057. ([#​7427](
psf/requests#7427))
- Requests no longer incorrectly strips duplicate leading slashes in
URI paths. This should address user issues with specific presigned
URLs. Note the full fix requires urllib3 2.7.0+. ([#​7315](
psf/requests#7315))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](
https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->
Reviewed-on:
https://git.tainton.uk/repos/pypilot/pulls/443
Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk>
Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
We've been testing on 3.15 for a few months and now that the feature freeze is finalized for beta1, I think we should be good to start advertising support. Downstream should be free to start testing with the next release.
The only remaining action is removing the PyO3 forward ABI flag which is currently pending PyO3/pyo3#6012. Once that's merged, we should be ready to do final cleanup. The flag is only used for testing infra and shouldn't affect any direct dependencies.