Bump the patch-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the patch-dependencies group with 9 updates in the / directory:

Package	From	To
google-auth-oauthlib	1.2.1	1.2.2
helloasso-python	1.0.5	1.0.8
python-multipart	0.0.18	0.0.20
requests	2.32.4	2.32.5
sqlalchemy[asyncio]	2.0.32	2.0.43
xlsxwriter	3.2.0	3.2.9
psycopg[binary]	3.2.1	3.2.10
types-fpdf2	2.8.3.20250516	2.8.4.20250822
types-requests	2.32.0.20250515	2.32.4.20250913

Updates google-auth-oauthlib from 1.2.1 to 1.2.2

Release notes

Sourced from google-auth-oauthlib's releases.

v1.2.2

1.2.2 (2025-04-01)

Bug Fixes

• Do not include docs/conf.py & scripts in wheel (#328) (78940df)
• Let OS select an available port when running TestInstalledAppFlow (#407) (6060d65), closes #381
• Remove setup.cfg configuration for creating universal wheels (#405) (0b962ed)

Changelog

Sourced from google-auth-oauthlib's changelog.

1.2.2 (2025-04-01)

Bug Fixes

• Do not include docs/conf.py & scripts in wheel (#328) (78940df)
• Let OS select an available port when running TestInstalledAppFlow (#407) (6060d65), closes #381
• Remove setup.cfg configuration for creating universal wheels (#405) (0b962ed)

Commits

• cc29cc3 chore(main): release 1.2.2 (#368)
• 6060d65 fix: Let OS select an available port when running TestInstalledAppFlow (#407)
• 0b962ed fix: remove setup.cfg configuration for creating universal wheels (#405)
• dedc58a chore: remove unused files (#402)
• 63442e9 chore(python): conditionally load credentials in .kokoro/build.sh (#398)
• 9a1dfab chore: check if port is in use before returning the port to start a new serve...
• 9c38610 chore: Reduce prioirty of flaky tests (#390)
• 780f6a6 chore(python): Update the python version in docs presubmit to use 3.10 (#387)
• 2a561a6 chore(deps): update all dependencies (#382)
• c220b45 chore(python): update dependencies in .kokoro/docker/docs (#380)
• Additional commits viewable in compare view

Updates helloasso-python from 1.0.5 to 1.0.8

Commits

• See full diff in compare view

Updates python-multipart from 0.0.18 to 0.0.20

Release notes

Sourced from python-multipart's releases.

Version 0.0.20

What's Changed

• Handle messages containing only end boundary, fixes #38 by @​jhnstrk in Kludex/python-multipart#142

New Contributors

• @​Mr-Sunglasses made their first contribution in Kludex/python-multipart#185

Full Changelog: Kludex/python-multipart@0.0.19...0.0.20

Version 0.0.19

What's Changed

• Don't warn when CRLF is found after last boundary by @​Kludex in Kludex/python-multipart#193

---

Full Changelog: Kludex/python-multipart@0.0.18...0.0.19

Changelog

Sourced from python-multipart's changelog.

0.0.20 (2024-12-16)

• Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

• Don't warn when CRLF is found after last boundary on MultipartParser #193.

Commits

• b083cef Version 0.0.20 (#197)
• 04d3cf5 Handle messages containing only end boundary, fixes #38 (#142)
• f1c5a28 feat: Add python 3.13 in CI matrix. (#185)
• 4bffa0c doc: A file parameter is not a field (#127)
• 6f3295b Bump astral-sh/setup-uv from 3 to 4 in the github-actions group (#194)
• c4fe4d3 Don't warn when CRLF is found after last boundary (#193)
• See full diff in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates sqlalchemy[asyncio] from 2.0.32 to 2.0.43

Release notes

Sourced from sqlalchemy[asyncio]'s releases.

2.0.43

Released: August 11, 2025

orm

• [orm] [bug] Fixed issue where using the post_update feature would apply incorrect "pre-fetched" values to the ORM objects after a multi-row UPDATE process completed. These "pre-fetched" values would come from any column that had an Column.onupdate callable or a version id generator used by orm.Mapper.version_id_generator; for a version id generator that delivered random identifiers like timestamps or UUIDs, this incorrect data would lead to a DELETE statement against those same rows to fail in the next step.

  References: #12748

• [orm] [bug] Fixed issue where _orm.mapped_column.use_existing_column parameter in _orm.mapped_column() would not work when the _orm.mapped_column() is used inside of an Annotated type alias in polymorphic inheritance scenarios. The parameter is now properly recognized and processed during declarative mapping configuration.

  References: #12787

• [orm] [bug] Improved the implementation of the _orm.selectin_polymorphic() inheritance loader strategy to properly render the IN expressions using chunks of 500 records each, in the same manner as that of the _orm.selectinload() relationship loader strategy. Previously, the IN expression would be arbitrarily large, leading to failures on databases that have limits on the size of IN expressions including Oracle Database.

  References: #12790

engine

• [engine] [usecase] Added new parameter create_engine.skip_autocommit_rollback which provides for a per-dialect feature of preventing the DBAPI .rollback() from being called under any circumstances, if the connection is detected as being in "autocommit" mode. This improves upon a critical performance issue identified in MySQL dialects where the network overhead of the .rollback() call remains prohibitive even if autocommit mode is set.

  References: #12784

postgresql

... (truncated)

Commits

• See full diff in compare view

Updates xlsxwriter from 3.2.0 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Release 3.2.8 - September 14 2025

• Fixed mypy implicit export error caused by the Workbook() type annotations changes in v3.2.7 and v3.2.6.

  :issue:1154.

Release 3.2.7 - September 13 2025

• Fixed typing issue in Workbook() constructor.

  :issue:1152.

Release 3.2.6 - September 12 2025

• Added an option to position custom data labels in the same way that the data labels can be positioned for the entire series.

  :feature:1147.

• Add border, fill, gradient and pattern formatting options for chart titles and also chart axis titles.

  :feature:957.

• Add additional type annotations. This is an ongoing refactoring.

  :feature:1123.

Release 3.2.5 - June 17 2025

• Fixed issue where a test function was made public incorrectly which caused warnings about a missing xlsxwriter.test module.

... (truncated)

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• eb99afe Prep for release 3.2.8
• 5ec2982 workbook: add explicit export for mypy compatibility
• ca85cbb Prep for release 3.2.7
• 3710251 typing: add more supported types to Workbook() constructor
• 27db7a1 Prep for release 3.2.6
• f050676 docs: add CI spell check
• 60f708c chart: add axis title formatting
• 53dc08e chart: add chart title formatting options
• Additional commits viewable in compare view

Updates psycopg[binary] from 3.2.1 to 3.2.10

Changelog

Sourced from psycopg[binary]'s changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.3.0 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

.. rubric:: New top-level features

• Add :ref:template strings queries \<template-strings> (:ticket:[#1054](https://github.com/psycopg/psycopg/issues/1054)).
• Cursors are now iterators, not only iterables. This means you can call next(cur) to fetch the next row (:ticket:[#1064](https://github.com/psycopg/psycopg/issues/1064)).
• Add Cursor.results() to iterate over the result sets of the queries executed though ~Cursor.executemany() or ~Cursor.execute() (:ticket:[#1080](https://github.com/psycopg/psycopg/issues/1080)).

.. rubric:: New libpq wrapper features

• Add pq.PGconn.used_gssapi attribute and Capabilities.has_used_gssapi() function (:ticket:[#1138](https://github.com/psycopg/psycopg/issues/1138)).
• Add ConnectionInfo.full_protocol_version attribute, Capabilities.has_full_protocol_version() function (:ticket:[#1079](https://github.com/psycopg/psycopg/issues/1079)).

.. rubric:: Other changes

• Disable default GSSAPI preferential connection in the binary package (:ticket:[#1136](https://github.com/psycopg/psycopg/issues/1136)).

  .. warning::

  Please explicitly set the gssencmode_ connection parameter or the :envvar:PGGSSENCMODE environment variable to interact reliably with the GSSAPI.

• Drop support for Python 3.8 (:ticket:[#976](https://github.com/psycopg/psycopg/issues/976)) and 3.9 (:ticket:[#1056](https://github.com/psycopg/psycopg/issues/1056)).

Psycopg 3.2.11 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix bad data on error in binary copy (:ticket:[#1147](https://github.com/psycopg/psycopg/issues/1147)).
• Don't raise warning, and don't leak resources, if a builtin function is used

... (truncated)

Commits

• 6cc2adf chore: bump psycopg package version to 3.2.10
• 4c2fd37 Merge branch 'pg18-3.2' into maint-3.2
• 6ddad7b docs: mention PostgreSQL v18 support
• 30bfdb9 ci: add PostgreSQL 18 to the test grid
• 57236b8 chore: add PostgreSQL 18 exceptions
• 970a307 fix: add ConnStatus.CONNECTION_AUTHENTICATING value
• 6903a92 Merge branch 'fix-1091' into maint-3.2
• 43ad961 docs: document the changes to notifies generator
• eac8115 fix: raise a warning when notifies generator and handlers are used together
• 5cc99d6 fix: collect notifies only if no handler was registered
• Additional commits viewable in compare view

Updates types-fpdf2 from 2.8.3.20250516 to 2.8.4.20250822

Commits

• See full diff in compare view

Updates types-requests from 2.32.0.20250515 to 2.32.4.20250913

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.