python-requests: update to 2.34.2

Fixes:
- Moved "headers" input type back to Mapping to avoid invariance issues
  with MutableMapping and inferred dict types.
  Users calling Request.headers.update() may need to narrow typing in code
  (Closes #7441).

Security:
- CVE-2026-25645: Fixed extract_zipped_paths to extract contents to
  a non-deterministic temp directory, to prevent malicious file replacement.
  Does not affect default usage of Requests, only apps calling this utility
  directly.

Changelog:
https://github.com/psf/requests/releases/tag/v2.34.2

Signed-off-by: Alexandru Ardelean <redacted>

diff --git a/lang/python/python-requests/Makefile b/lang/python/python-requests/Makefile
index c5fc71bc96b2c370534cae8b232f3f0e7196df18..1163d2ccb9c56c26e34ed55d26ec19cca5c6563b 100644 (file)
--- a/lang/python/python-requests/Makefile
+++ b/lang/python/python-requests/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-requests
-PKG_VERSION:=2.33.1
+PKG_VERSION:=2.34.2
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>, Alexandru Ardelean <ardeleanalex@gmail.com>
@@ -17,7 +17,7 @@ PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:python:requests
 
 PYPI_NAME:=requests
-PKG_HASH:=18817f8c57c6263968bc123d237e3b8b08ac046f5456bd1e307ee8f4250d3517
+PKG_HASH:=f288924cae4e29463698d6d60bc6a4da69c89185ad1e0bcc4104f584e960b9ed
 
 HOST_BUILD_DEPENDS:= \
   python-chardet/host \