Bump the patch-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the patch-dependencies group with 8 updates in the / directory:

Package	From	To
google-auth-oauthlib	1.2.1	1.2.2
helloasso-python	1.0.5	1.0.8
python-multipart	0.0.18	0.0.20
requests	2.32.4	2.32.5
sqlalchemy[asyncio]	2.0.32	2.0.44
xlsxwriter	3.2.0	3.2.9
types-fpdf2	2.8.3.20250516	2.8.4.20250822
types-requests	2.32.0.20250515	2.32.4.20250913

Updates google-auth-oauthlib from 1.2.1 to 1.2.2

Release notes

Sourced from google-auth-oauthlib's releases.

v1.2.2

1.2.2 (2025-04-01)

Bug Fixes

• Do not include docs/conf.py & scripts in wheel (#328) (78940df)
• Let OS select an available port when running TestInstalledAppFlow (#407) (6060d65), closes #381
• Remove setup.cfg configuration for creating universal wheels (#405) (0b962ed)

Changelog

Sourced from google-auth-oauthlib's changelog.

1.2.2 (2025-04-01)

Bug Fixes

• Do not include docs/conf.py & scripts in wheel (#328) (78940df)
• Let OS select an available port when running TestInstalledAppFlow (#407) (6060d65), closes #381
• Remove setup.cfg configuration for creating universal wheels (#405) (0b962ed)

Commits

• cc29cc3 chore(main): release 1.2.2 (#368)
• 6060d65 fix: Let OS select an available port when running TestInstalledAppFlow (#407)
• 0b962ed fix: remove setup.cfg configuration for creating universal wheels (#405)
• dedc58a chore: remove unused files (#402)
• 63442e9 chore(python): conditionally load credentials in .kokoro/build.sh (#398)
• 9a1dfab chore: check if port is in use before returning the port to start a new serve...
• 9c38610 chore: Reduce prioirty of flaky tests (#390)
• 780f6a6 chore(python): Update the python version in docs presubmit to use 3.10 (#387)
• 2a561a6 chore(deps): update all dependencies (#382)
• c220b45 chore(python): update dependencies in .kokoro/docker/docs (#380)
• Additional commits viewable in compare view

Updates helloasso-python from 1.0.5 to 1.0.8

Commits

• See full diff in compare view

Updates python-multipart from 0.0.18 to 0.0.20

Release notes

Sourced from python-multipart's releases.

Version 0.0.20

What's Changed

• Handle messages containing only end boundary, fixes #38 by @​jhnstrk in Kludex/python-multipart#142

New Contributors

• @​Mr-Sunglasses made their first contribution in Kludex/python-multipart#185

Full Changelog: Kludex/python-multipart@0.0.19...0.0.20

Version 0.0.19

What's Changed

• Don't warn when CRLF is found after last boundary by @​Kludex in Kludex/python-multipart#193

---

Full Changelog: Kludex/python-multipart@0.0.18...0.0.19

Changelog

Sourced from python-multipart's changelog.

0.0.20 (2024-12-16)

• Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

• Don't warn when CRLF is found after last boundary on MultipartParser #193.

Commits

• b083cef Version 0.0.20 (#197)
• 04d3cf5 Handle messages containing only end boundary, fixes #38 (#142)
• f1c5a28 feat: Add python 3.13 in CI matrix. (#185)
• 4bffa0c doc: A file parameter is not a field (#127)
• 6f3295b Bump astral-sh/setup-uv from 3 to 4 in the github-actions group (#194)
• c4fe4d3 Don't warn when CRLF is found after last boundary (#193)
• See full diff in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates sqlalchemy[asyncio] from 2.0.32 to 2.0.44

Release notes

Sourced from sqlalchemy[asyncio]'s releases.

2.0.44

Released: October 10, 2025

platform

• [platform] [bug] Unblocked automatic greenlet installation for Python 3.14 now that there are greenlet wheels on pypi for python 3.14.

orm

• [orm] [usecase] The way ORM Annotated Declarative interprets Python PEP 695 type aliases in Mapped[] annotations has been refined to expand the lookup scheme. A PEP 695 type can now be resolved based on either its direct presence in _orm.registry.type_annotation_map or its immediate resolved value, as long as a recursive lookup across multiple PEP 695 types is not required for it to resolve. This change reverses part of the restrictions introduced in 2.0.37 as part of #11955, which deprecated (and disallowed in 2.1) the ability to resolve any PEP 695 type that was not explicitly present in _orm.registry.type_annotation_map. Recursive lookups of PEP 695 types remains deprecated in 2.0 and disallowed in version 2.1, as do implicit lookups of NewType types without an entry in _orm.registry.type_annotation_map.

  Additionally, new support has been added for generic PEP 695 aliases that refer to PEP 593 Annotated constructs containing _orm.mapped_column() configurations. See the sections below for examples.

  References: #12829

• [orm] [bug] Fixed a caching issue where _orm.with_loader_criteria() would incorrectly reuse cached bound parameter values when used with _sql.CompoundSelect constructs such as _sql.union(). The issue was caused by the cache key for compound selects not including the execution options that are part of the _sql.Executable base class, which _orm.with_loader_criteria() uses to apply its criteria dynamically. The fix ensures that compound selects and other executable constructs properly include execution options in their cache key traversal.

  References: #12905

engine

• [engine] [bug] Implemented initial support for free-threaded Python by adding new tests and reworking the test harness to include Python 3.13t and Python 3.14t in

... (truncated)

Commits

• See full diff in compare view

Updates xlsxwriter from 3.2.0 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Release 3.2.8 - September 14 2025

• Fixed mypy implicit export error caused by the Workbook() type annotations changes in v3.2.7 and v3.2.6.

  :issue:1154.

Release 3.2.7 - September 13 2025

• Fixed typing issue in Workbook() constructor.

  :issue:1152.

Release 3.2.6 - September 12 2025

• Added an option to position custom data labels in the same way that the data labels can be positioned for the entire series.

  :feature:1147.

• Add border, fill, gradient and pattern formatting options for chart titles and also chart axis titles.

  :feature:957.

• Add additional type annotations. This is an ongoing refactoring.

  :feature:1123.

Release 3.2.5 - June 17 2025

• Fixed issue where a test function was made public incorrectly which caused warnings about a missing xlsxwriter.test module.

... (truncated)

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• eb99afe Prep for release 3.2.8
• 5ec2982 workbook: add explicit export for mypy compatibility
• ca85cbb Prep for release 3.2.7
• 3710251 typing: add more supported types to Workbook() constructor
• 27db7a1 Prep for release 3.2.6
• f050676 docs: add CI spell check
• 60f708c chart: add axis title formatting
• 53dc08e chart: add chart title formatting options
• Additional commits viewable in compare view

Updates types-fpdf2 from 2.8.3.20250516 to 2.8.4.20250822

Commits

• See full diff in compare view

Updates types-requests from 2.32.0.20250515 to 2.32.4.20250913

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.80%. Comparing base (81b6e15) to head (932495a).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #871   +/-   ##
=======================================
  Coverage   85.80%   85.80%           
=======================================
  Files         190      190           
  Lines       14600    14600           
=======================================
  Hits        12527    12527           
  Misses       2073     2073           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.