Bump the patch-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the patch-dependencies group with 11 updates in the / directory:

Package	From	To
authlib	1.6.5	1.6.6
google-auth-oauthlib	1.2.1	1.2.3
helloasso-python	1.0.5	1.0.8
pymupdf	1.26.6	1.26.7
python-multipart	0.0.18	0.0.21
requests	2.32.4	2.32.5
sqlalchemy[asyncio]	2.0.44	2.0.45
xlsxwriter	3.2.0	3.2.9
pytest	9.0.1	9.0.2
types-fpdf2	2.8.3.20250516	2.8.4.20251031
types-requests	2.32.0.20250515	2.32.4.20250913

Updates authlib from 1.6.5 to 1.6.6

Changelog

Sourced from authlib's changelog.

Version 1.6.6

Released on Dec 12, 2025

• get_jwt_config takes a client parameter, :pr:844.
• Fix incorrect signature when Content-Type is x-www-form-urlencoded for OAuth 1.0 Client, :pr:778.
• Use expires_in in OAuth2Token when expires_at is unparsable, :pr:842.
• Always track state in session for OAuth client integrations.

Commits

• bb7a315 chore: release 1.6.6
• 0a423d4 Merge pull request #844 from azmeuk/806-get-jwt-config-client
• 2808378 Merge commit from fork
• 714502a feat: get_jwt_config takes a client parameter
• 260d04e Fix: Use expires_in when expires_at is unparsable
• eb37124 Merge pull request #778 from shc261392/fix-httpx-oauth1-form-data-incorrect-s...
• 0ba9ec4 docs: fix guide on requests self signed certificate
• a2e9943 docs: indicate that #743 needs a migration
• 06015d2 test: factorize the token fixture
• See full diff in compare view

Updates google-auth-oauthlib from 1.2.1 to 1.2.3

Release notes

Sourced from google-auth-oauthlib's releases.

v1.2.3

1.2.3 (2025-10-30)

Bug Fixes

• Add upper-bound to google-auth dependency (#423) (d7921f9)
• Drop support for Python 3.6 (4b1a5f3)
• Explicitly declare Python 3.13 support (4b1a5f3)

v1.2.2

1.2.2 (2025-04-01)

Bug Fixes

• Do not include docs/conf.py & scripts in wheel (#328) (78940df)
• Let OS select an available port when running TestInstalledAppFlow (#407) (6060d65), closes #381
• Remove setup.cfg configuration for creating universal wheels (#405) (0b962ed)

Changelog

Sourced from google-auth-oauthlib's changelog.

1.2.3 (2025-10-30)

Bug Fixes

• Add upper-bound to google-auth dependency (#423) (d7921f9)
• Drop support for Python 3.6 (4b1a5f3)
• Explicitly declare Python 3.13 support (4b1a5f3)

1.2.2 (2025-04-01)

Bug Fixes

• Do not include docs/conf.py & scripts in wheel (#328) (78940df)
• Let OS select an available port when running TestInstalledAppFlow (#407) (6060d65), closes #381
• Remove setup.cfg configuration for creating universal wheels (#405) (0b962ed)

Commits

• 2765352 chore(main): release 1.2.3 (#409)
• d7921f9 fix: add upper-bound to google-auth dependency (#423)
• 951dd32 chore(python): Add support for Python 3.14 (#415)
• cb74baf tests: update default runtime used for tests (#411)
• 4b1a5f3 fix: explicitly declare Python 3.13 support (#408)
• cc29cc3 chore(main): release 1.2.2 (#368)
• 6060d65 fix: Let OS select an available port when running TestInstalledAppFlow (#407)
• 0b962ed fix: remove setup.cfg configuration for creating universal wheels (#405)
• dedc58a chore: remove unused files (#402)
• 63442e9 chore(python): conditionally load credentials in .kokoro/build.sh (#398)
• Additional commits viewable in compare view

Updates helloasso-python from 1.0.5 to 1.0.8

Commits

• See full diff in compare view

Updates pymupdf from 1.26.6 to 1.26.7

Release notes

Sourced from pymupdf's releases.

PyMuPDF-1.26.7 released

Wheels for Windows, Linux and MacOS, and the sdist, are available on pypi.org and can be installed in the usual way, for example:

python -m pip install --upgrade pymupdf

[Linux-aarch64 wheels will be built and uploaded later.]

Changes in version 1.26.7

• Use MuPDF-1.26.12.

Other:

• Retrospectively mark #4756 as fixed in 1.26.6.
• Improved safety of pymupdf embed-extract. This now refuses to write to an existing file or outside current directory, unless -output or new flag -unsafe is specified.

Changelog

Sourced from pymupdf's changelog.

Change Log

Changes in version 1.26.7

• Use MuPDF-1.26.12.

Other:

• Retrospectively mark 4756 <https://github.com/pymupdf/PyMuPDF/issues/4756>_ as fixed in 1.26.6.
• Improved safety of pymupdf embed-extract. This now refuses to write to an existing file or outside current directory, unless -output or new flag -unsafe is specified.

Changes in version 1.26.6 (2025-11-05)

• Use MuPDF-1.26.11.

• Supported Python versions are now 3.10-3.14.

• Fixed issues:

  • Fixed 4699 <https://github.com/pymupdf/PyMuPDF/issues/4699>_: cannot find ExtGState resource
  • Fixed 4712 <https://github.com/pymupdf/PyMuPDF/issues/4712>_: Crash with "corrupted double-linked list"
  • Fixed 4720 <https://github.com/pymupdf/PyMuPDF/issues/4720>_: Memory leaking in rewrite_images?
  • Fixed 4742 <https://github.com/pymupdf/PyMuPDF/issues/4742>_: 'Rect' object has no attribute 'get_area'
  • Fixed 4746 <https://github.com/pymupdf/PyMuPDF/issues/4746>_: Document.init() got an unexpected keyword argument 'encoding'
  • Fixed 4756 <https://github.com/pymupdf/PyMuPDF/issues/4756>_: swig --version doesn't work in all versions of swig; -version should be used instead

Changes in version 1.26.5 (2025-10-10)

• Use MuPDF-1.26.10.

• Fixed issues:

  • Fixed 2883 <https://github.com/pymupdf/PyMuPDF/issues/2883>_: Improve the Python type annotations for fitz_new
  • Fixed 4507 <https://github.com/pymupdf/PyMuPDF/issues/4507>_: Bugs in pyodide
  • Fixed 4613 <https://github.com/pymupdf/PyMuPDF/issues/4613>_: Thai and number blocks are not auto-scaled and get wrong hyphen when using in insert_htmlbox
  • Fixed 4700 <https://github.com/pymupdf/PyMuPDF/issues/4700>_: pymupdf.open() processes .zip file without raising
  • Fixed 4716 <https://github.com/pymupdf/PyMuPDF/issues/4716>_: Problems with unreadable characters

• Other:

  • Supported Python versions are now 3.9-3.14.
  • We now define all class methods explicitly instead of with dynamic assignment; this improves type hints.
  • Removed pymupdf.utils.Shape class, was duplicate of pymupdf.Shape.
  • Allow use of cibuildwheel to build and test on Pyodide.

... (truncated)

Commits

• 8264a4b tests/test_4767.py: test_4767() disable on github/windows/cibuildwheel.
• e68755f setup.py changes.txt: upgrade to mupdf-1.26.12 by default.
• c0e37f8 .github/workflows: cope with end of life of macos-13.
• 1084c91 Docs: Fixes search path for sub-directory paths.
• cb7c15c Docs: updates ko .mo files.
• 715b7c1 Updates language toggle to add Korean option
• caa8af7 Adds missing translations for pixmap.po
• 83e3a47 Code syntax error updates.
• a22f121 Fix Korean translation errors
• bd48f16 Fix Korean translation errors in tutorial.po
• Additional commits viewable in compare view

Updates python-multipart from 0.0.18 to 0.0.21

Release notes

Sourced from python-multipart's releases.

Version 0.0.21

What's Changed

• Add support for Python 3.14 and drop EOL 3.8 and 3.9 by @​hugovk in Kludex/python-multipart#216

New Contributors

• @​waketzheng made their first contribution in Kludex/python-multipart#203

Full Changelog: Kludex/python-multipart@0.0.20...0.0.21

Version 0.0.20

What's Changed

• Handle messages containing only end boundary, fixes #38 by @​jhnstrk in Kludex/python-multipart#142

New Contributors

• @​Mr-Sunglasses made their first contribution in Kludex/python-multipart#185

Full Changelog: Kludex/python-multipart@0.0.19...0.0.20

Version 0.0.19

What's Changed

• Don't warn when CRLF is found after last boundary by @​Kludex in Kludex/python-multipart#193

---

Full Changelog: Kludex/python-multipart@0.0.18...0.0.19

Changelog

Sourced from python-multipart's changelog.

0.0.21 (2025-12-17)

• Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.

0.0.20 (2024-12-16)

• Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

• Don't warn when CRLF is found after last boundary on MultipartParser #193.

Commits

• 1f72955 Version 0.0.21 (#217)
• 47ecfed Add support for Python 3.14 and drop EOL 3.8 and 3.9 (#216)
• f18b709 Bump the github-actions group across 1 directory with 4 updates (#214)
• b388e9a chore: use depedency-groups in pyproject.toml (#212)
• 6113e75 Bump the github-actions group across 1 directory with 3 updates (#210)
• 7aa8d99 Bump ruff from 0.8.0 to 0.11.7 (#203)
• 3e909f5 Bump astral-sh/setup-uv from 4 to 5 in the github-actions group (#198)
• b083cef Version 0.0.20 (#197)
• 04d3cf5 Handle messages containing only end boundary, fixes #38 (#142)
• f1c5a28 feat: Add python 3.13 in CI matrix. (#185)
• Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates sqlalchemy[asyncio] from 2.0.44 to 2.0.45

Release notes

Sourced from sqlalchemy[asyncio]'s releases.

2.0.45

Released: December 9, 2025

orm

• [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

  References: #12858

• [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

  References: #12952

examples

• [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

• [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

  References: #12915

• [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

• See full diff in compare view

Updates xlsxwriter from 3.2.0 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Release 3.2.8 - September 14 2025

• Fixed mypy implicit export error caused by the Workbook() type annotations changes in v3.2.7 and v3.2.6.

  :issue:1154.

Release 3.2.7 - September 13 2025

• Fixed typing issue in Workbook() constructor.

  :issue:1152.

Release 3.2.6 - September 12 2025

• Added an option to position custom data labels in the same way that the data labels can be positioned for the entire series.

  :feature:1147.

• Add border, fill, gradient and pattern formatting options for chart titles and also chart axis titles.

  :feature:957.

• Add additional type annotations. This is an ongoing refactoring.

  :feature:1123.

Release 3.2.5 - June 17 2025

• Fixed issue where a test function was made public incorrectly which caused warnings about a missing xlsxwriter.test module.

... (truncated)

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• eb99afe Prep for release 3.2.8
• 5ec2982 workbook: add explicit export for mypy compatibility
• ca85cbb Prep for release 3.2.7
• 3710251 typing: add more supported types to Workbook() constructor
• 27db7a1 Prep for release 3.2.6
• f050676 docs: add CI spell check
• 60f708c chart: add axis title formatting
• 53dc08e chart: add chart title formatting options
• Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates types-fpdf2 from 2.8.3.20250516 to 2.8.4.20251031

Commits

• See full diff in compare view

Updates types-requests from 2.32.0.20250515 to 2.32.4.20250913

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.85%. Comparing base (a540c36) to head (4bbdca9).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #933   +/-   ##
=======================================
  Coverage   84.85%   84.85%           
=======================================
  Files         200      200           
  Lines       14075    14075           
=======================================
  Hits        11944    11944           
  Misses       2131     2131           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.