chore(deps)(deps): Bump the all-python-dependencies group in /backend with 7 updates

[dependabot]

Bumps the all-python-dependencies group in /backend with 7 updates:

Package	From	To
openpyxl	3.1.2	3.1.5
pandas	2.1.4	2.3.3
xlsxwriter	3.1.9	3.2.9
fastapi	0.109.0	0.121.1
uvicorn	0.25.0	0.38.0
python-multipart	0.0.6	0.0.20
python-dateutil	2.8.2	2.9.0.post0

Updates openpyxl from 3.1.2 to 3.1.5

Updates pandas from 2.1.4 to 2.3.3

Release notes

Sourced from pandas's releases.

Pandas 2.3.3

We are pleased to announce the release of pandas 2.3.3. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.3 supports Python 3.9 and higher, and is the first release to support Python 3.14.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.2

We are pleased to announce the release of pandas 2.3.2. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.2 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.1

We are pleased to announce the release of pandas 2.3.1. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.1 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

... (truncated)

Commits

• 9c8bc3e RLS: 2.3.3
• 6aa788a [backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)
• b64f0df [backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...
• 058eb2b [backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...
• 2ca088d [backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...
• 92bf98f [backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...
• e57c7d6 Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)
• e0fe9a0 Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...
• 23a1085 BUG: improve future warning for boolean operations with missaligned indexes (...
• 6113696 Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...
• Additional commits viewable in compare view

Updates xlsxwriter from 3.1.9 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Release 3.2.8 - September 14 2025

• Fixed mypy implicit export error caused by the Workbook() type annotations changes in v3.2.7 and v3.2.6.

  :issue:1154.

Release 3.2.7 - September 13 2025

• Fixed typing issue in Workbook() constructor.

  :issue:1152.

Release 3.2.6 - September 12 2025

• Added an option to position custom data labels in the same way that the data labels can be positioned for the entire series.

  :feature:1147.

• Add border, fill, gradient and pattern formatting options for chart titles and also chart axis titles.

  :feature:957.

• Add additional type annotations. This is an ongoing refactoring.

  :feature:1123.

Release 3.2.5 - June 17 2025

• Fixed issue where a test function was made public incorrectly which caused warnings about a missing xlsxwriter.test module.

... (truncated)

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• eb99afe Prep for release 3.2.8
• 5ec2982 workbook: add explicit export for mypy compatibility
• ca85cbb Prep for release 3.2.7
• 3710251 typing: add more supported types to Workbook() constructor
• 27db7a1 Prep for release 3.2.6
• f050676 docs: add CI spell check
• 60f708c chart: add axis title formatting
• 53dc08e chart: add chart title formatting options
• Additional commits viewable in compare view

Updates fastapi from 0.109.0 to 0.121.1

Release notes

Sourced from fastapi's releases.

0.121.1

Fixes

• 🐛 Fix Depends(func, scope='function') for top level (parameterless) dependencies. PR #14301 by @​luzzodev.

Docs

• 📝 Upate docs for advanced dependencies with yield, noting the changes in 0.121.0, adding scope. PR #14287 by @​tiangolo.

Internal

• ⬆ Bump ruff from 0.13.2 to 0.14.3. PR #14276 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #14289 by @​pre-commit-ci[bot].

0.121.0

Features

• ✨ Add support for dependencies with scopes, support scope="request" for dependencies with yield that exit before the response is sent. PR #14262 by @​tiangolo.
  • New docs: Dependencies with yield - Early exit and scope.

Internal

• 👥 Update FastAPI People - Contributors and Translators. PR #14273 by @​tiangolo.
• 👥 Update FastAPI People - Sponsors. PR #14274 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #14280 by @​tiangolo.
• ⬆ Bump mkdocs-macros-plugin from 1.4.0 to 1.4.1. PR #14277 by @​dependabot[bot].
• ⬆ Bump mkdocstrings[python] from 0.26.1 to 0.30.1. PR #14279 by @​dependabot[bot].

0.120.4

Fixes

• 🐛 Fix security schemes in OpenAPI when added at the top level app. PR #14266 by @​YuriiMotov.

0.120.3

Refactors

• ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling each other to 1 calling itself. PR #14256 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify code and remove get_param_sub_dependant. PR #14255 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify using dataclasses. PR #14254 by @​tiangolo.

Docs

• 📝 Update note for untranslated pages. PR #14257 by @​YuriiMotov.

0.120.2

Fixes

• 🐛 Fix separation of schemas with nested models introduced in 0.119.0. PR #14246 by @​tiangolo.

Internal

... (truncated)

Commits

• 1c7e254 🔖 Release version 0.121.1
• 9e54399 📝 Update release notes
• 282f372 🐛 Fix Depends(func, scope='function') for top level (parameterless) depende...
• 972a967 📝 Update release notes
• 4170f62 📝 Update release notes
• 67c8dfa ⬆ Bump ruff from 0.13.2 to 0.14.3 (#14276)
• 34db1e2 ⬆ [pre-commit.ci] pre-commit autoupdate (#14289)
• b787103 📝 Update release notes
• 289b4aa 📝 Upate docs for advanced dependencies with yield, noting the changes in 0....
• 4efae81 🔖 Release version 0.121.0
• Additional commits viewable in compare view

Updates uvicorn from 0.25.0 to 0.38.0

Release notes

Sourced from uvicorn's releases.

Version 0.38.0

What's Changed

• Support Python 3.14 by @​Kludex in Kludex/uvicorn#2723

---

New Contributors

• @​NGANAMODEIJunior made their first contribution in Kludex/uvicorn#2713

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Version 0.37.0

What's Changed

• Add --timeout-worker-healthcheck setting by @​Kludex in Kludex/uvicorn#2711
• Add os.PathLike[str] type to ssl_ca_certs by @​rnv812 in Kludex/uvicorn#2676

New Contributors

• @​LincolnPuzey made their first contribution in Kludex/uvicorn#2669
• @​rnv812 made their first contribution in Kludex/uvicorn#2676

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

• Raise an exception when calling removed Config.setup_event_loop() by @​Kludex in Kludex/uvicorn#2709

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

• Support custom IOLOOPs by @​gnir-work in Kludex/uvicorn#2435
• Allow to provide importable string in --http, --ws and --loop by @​Kludex in Kludex/uvicorn#2658

---

New Contributors

• @​gnir-work made their first contribution in Kludex/uvicorn#2435
• @​musicinmybrain made their first contribution in Kludex/uvicorn#2659
• @​secrett2633 made their first contribution in Kludex/uvicorn#2684

Full Changelog: Kludex/uvicorn@0.35.0...0.36.0

Version 0.35.0

Added

• Add WebSocketsSansIOProtocol by @​Kludex in encode/uvicorn#2540

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

• Add --timeout-worker-healthcheck option (#2711)
• Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

• Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

• Support custom IOLOOPs (#2435)
• Allow to provide importable string in --http, --ws and --loop (#2658)

0.35.0 (June 28, 2025)

Added

• Add WebSocketsSansIOProtocol (#2540)

Changed

• Refine help message for option --proxy-headers (#2653)

0.34.3 (June 1, 2025)

Fixed

• Don't include cwd() when non-empty --reload-dirs is passed (#2598)
• Apply get_client_addr formatting to WebSocket logging (#2636)

0.34.2 (April 19, 2025)

Fixed

• Flush stdout buffer on Windows to trigger reload (#2604)

0.34.1 (April 13, 2025)

... (truncated)

Commits

• 3850ad6 Version 0.38.0 (#2733)
• 9b3f17a Support Python 3.14 (#2723)
• ce79f95 Revert "Add Marcelo Trylesinski to the license (#2699)" (#2730)
• dbf8797 docs: add social icons (#2728)
• 58f28be Add section about event loop (#2725)
• 93d9510 Bump docs dependencies (#2724)
• 9b1c6c4 Move Marcelo Trylesinski to maintainers in pyproject.toml (#2719)
• 57a61d8 Add discord to README (#2718)
• 7ef5f9f chore(deps): bump astral-sh/setup-uv from 6.7.0 to 6.8.0 (#2717)
• 6d26d88 Update pyproject.toml for PEP639 compliance (#2713)
• Additional commits viewable in compare view

Updates python-multipart from 0.0.6 to 0.0.20

Release notes

Sourced from python-multipart's releases.

Version 0.0.20

What's Changed

• Handle messages containing only end boundary, fixes #38 by @​jhnstrk in Kludex/python-multipart#142

New Contributors

• @​Mr-Sunglasses made their first contribution in Kludex/python-multipart#185

Full Changelog: Kludex/python-multipart@0.0.19...0.0.20

Version 0.0.19

What's Changed

• Don't warn when CRLF is found after last boundary by @​Kludex in Kludex/python-multipart#193

---

Full Changelog: Kludex/python-multipart@0.0.18...0.0.19

Version 0.0.18

What's Changed

• Hard break if found data after last boundary on MultipartParser by @​Kludex in Kludex/python-multipart#189

---

Full Changelog: Kludex/python-multipart@0.0.17...0.0.18

Version 0.0.17

What's Changed

• Handle PermissionError in fallback code for old import name by @​defnull in Kludex/python-multipart#182

---

Full Changelog: Kludex/python-multipart@0.0.16...0.0.17

Version 0.0.16

What's Changed

• Add dunder attributes to multipart package by @​Kludex in Kludex/python-multipart#177

---

Full Changelog: Kludex/python-multipart@0.0.15...0.0.16

Version 0.0.15

What's Changed

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

---

... (truncated)

Changelog

Sourced from python-multipart's changelog.

0.0.20 (2024-12-16)

• Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

• Don't warn when CRLF is found after last boundary on MultipartParser #193.

0.0.18 (2024-11-28)

• Hard break if found data after last boundary on MultipartParser #189.

0.0.17 (2024-10-31)

• Handle PermissionError in fallback code for old import name #182.

0.0.16 (2024-10-27)

• Add dunder attributes to multipart package #177.

0.0.15 (2024-10-27)

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

0.0.14 (2024-10-24)

• Fix import scheme for multipart module (#168).

0.0.13 (2024-10-20)

• Rename import to python_multipart #166.

0.0.12 (2024-09-29)

• Improve error message when boundary character does not match #124.
• Add mypy strict typing #140.
• Enforce 100% coverage #159.

0.0.11 (2024-09-28)

• Improve performance, especially in data with many CR-LF #137.
• Handle invalid CRLF in header name #141.

0.0.10 (2024-09-21)

• Support on_header_begin #103.
• Improve type hints on FormParser #104.
• Fix OnFileCallback type #106.
• Improve type hints #110.

... (truncated)

Commits

• b083cef Version 0.0.20 (#197)
• 04d3cf5 Handle messages containing only end boundary, fixes #38 (#142)
• f1c5a28 feat: Add python 3.13 in CI matrix. (#185)
• 4bffa0c doc: A file parameter is not a field (#127)
• 6f3295b Bump astral-sh/setup-uv from 3 to 4 in the github-actions group (#194)
• c4fe4d3 Don't warn when CRLF is found after last boundary (#193)
• 5b1aed8 Version 0.0.18 (#191)
• 9205a0e Hard break if found data after last boundary on MultipartParser (#189)
• 170e604 Update ruff & mypy (#188)
• e53b541 Create SECURITY.md (#187)
• Additional commits viewable in compare view

Updates python-dateutil from 2.8.2 to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

2.9.0

Version 2.9.0 (2024-02-29)

Data updates

• Updated tzdata version to 2024a. (gh pr #1342)

Features

• Made all dateutil submodules lazily imported using PEP 562. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

• Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

• Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

Version 2.9.0 (2024-02-29)

Data updates

• Updated tzdata version to 2024a. (gh pr #1342)

Features

• Made all dateutil submodules lazily imported using PEP 562 <https://www.python.org/dev/peps/pep-0562/>_. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

• Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

• Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Commits

• 1ae8077 Merge pull request #1346 from pganssle/release_2.9.0.post0
• ee6de9d Update news to prepare for release
• 9780d32 Pin setuptools_scm to <8
• db9d018 Merge pull request #1343 from pganssle/release_2.9.0
• 423ca2f Run updatezinfo before build
• edd3fd4 Update NEWS file
• fe02d02 Run towncrier with Python 3.11
• 9c7524a Fix MANIFEST.in pattern
• 6de58f5 Update classifiers to include Python 3.12
• 8fe0cab Merge pull request #1342 from pganssle/update_zoneinfo
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: backend, dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.