chore: bump the python-test-dependencies group in /tests/requirements-python with 4 updates

[dependabot]

Bumps the python-test-dependencies group in /tests/requirements-python with 4 updates: cryptography, filelock, requests and stripe.

Updates cryptography from 46.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
.. _v46-0-5:

Commits

• 91d7288 Cherry-pick #14542 (#14543)
• See full diff in compare view

Updates filelock from 3.25.1 to 3.25.2

Release notes

Sourced from filelock's releases.

3.25.2

What's Changed

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts by @​gaborbernat in tox-dev/filelock#513

Full Changelog: tox-dev/filelock@3.25.1...3.25.2

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.25.2 (2026-03-11)

---

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511
• [pre-commit.ci] pre-commit autoupdate :pr:508 - by :user:pre-commit-ci[bot]
• 📝 docs(logo): add branded project logo :pr:507

---

3.25.0 (2026-03-01)

---

• ✨ feat(async): add AsyncReadWriteLock :pr:506
• Standardize .github files to .yaml suffix
• build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
• build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add security policy
• Add permissions to check workflow :pr:500
• [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

... (truncated)

Commits

• 5b9872c Release 3.25.2
• 42b740a 🐛 fix(unix): suppress EIO on close in Docker bind mounts (#513)
• See full diff in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates stripe from 14.4.1 to 15.0.0

Release notes

Sourced from stripe's releases.

v15.0.0

This release changes the pinned API version to 2026-03-25.dahlia and contains breaking changes (prefixed with ⚠️ below). There's also a detailed migration guide to simplify your upgrade process.

Please review details for the breaking changes and alternatives in the Stripe API changelog before upgrading.

• ⚠️ Breaking change: #1769 Add decimal_string coercion for v1 and v2 API fields

  • All decimal_string fields changed type from str to decimal.Decimal in both request params and response objects. Code that reads or writes these fields as str will need to use Decimal instead. Affected fields across v1 and v2 APIs:
    • checkout.Session: fx_rate
    • climate.Order: metric_tons; climate.Product: metric_tons_available
    • CreditNoteLineItem: unit_amount_decimal
    • InvoiceItem: quantity_decimal, unit_amount_decimal
    • InvoiceLineItem: quantity_decimal, unit_amount_decimal
    • issuing.Authorization / issuing.Transaction (and TestHelpers): quantity_decimal, unit_cost_decimal, gross_amount_decimal, local_amount_decimal, national_amount_decimal
    • Plan: amount_decimal, flat_amount_decimal, unit_amount_decimal
    • Price: unit_amount_decimal, flat_amount_decimal (including currency_options and tiers)
    • v2.core.Account / v2.core.AccountPerson: percent_ownership
    • Request params on Invoice, Product, Quote, Subscription, SubscriptionItem, SubscriptionSchedule, PaymentLink: unit_amount_decimal, flat_amount_decimal, quantity_decimal (where applicable)

• [⚠️ Breaking change:#1767](stripe/stripe-python#1767) Throw an error when using the wrong webhook parsing method

• ⚠️ Breaking change: #1764 Drop support for Python 3.7 & 3.8

• ⚠️ Breaking change: #1762 StripeObject no longer inherits from dict

  • StripeObject no longer inherits from dict, so any dict methods will no longer exist, including .get(), .update(), and notably, .items().
  • or convenience, it's still possible to check presence with 'some_key' in some_obj and check for equality between stripe objects. But most key/value iteration needs an extra step
  • To access the underlying data as a dict, call some_obj.to_dict(), which recursively dumps all stripe-provided classes into native Python types. This is a read-only view; changes to the output of to_dict() won't affect the original object.
  • Write operations can still be done with dot notation (some_obj.val = 123) or bracket notation (some_obj["val"] = 123). Do that instead of trying to interact with the underlying data store, as the implementation is considered private and may change without warning in the future.

See the changelog for more details.

v14.5.0b1

This release changes the pinned API version to 2026-02-25.preview.

• #1727 Update generated code for beta
  • Add support for smart_disputes on Account.Setting, AccountCreateParamsSetting, AccountModifyParamsSetting, V2.Core.Account.Configuration.Merchant, v2.core.AccountCreateParamsConfigurationMerchant, and v2.core.AccountModifyParamsConfigurationMerchant
  • Add support for email_customers_on_successful_payment on Account.Setting.Payment, AccountCreateParamsSettingPayment, and AccountModifyParamsSettingPayment
  • Add support for managed_payments on Checkout.Session, PaymentIntent, SetupIntent, Subscription, and checkout.SessionCreateParams
  • Add support for new value lk_vat on enums Checkout.Session.CollectedInformation.TaxId.type, Order.TaxDetail.TaxId.type, and QuotePreviewInvoice.CustomerTaxId.type
  • Add support for new value lk_vat on enums OrderCreateParamsTaxDetailTaxId.type and OrderModifyParamsTaxDetailTaxId.type
  • Add support for new value pay_by_bank on enum QuotePreviewInvoice.PaymentSetting.payment_method_types
  • Add support for new values bt_bank_account, cr_bank_account, do_bank_account, gt_bank_account, md_bank_account, mk_bank_account, mo_bank_account, mz_bank_account, pe_bank_account, pk_bank_account, tw_bank_account, and uz_bank_account on enum V2.Core.Account.Configuration.Recipient.DefaultOutboundDestination.type
  • Add support for purpose on V2.MoneyManagement.OutboundPayment and v2.money_management.OutboundPaymentCreateParams
  • Add support for branch_number and swift_code on V2.MoneyManagement.PayoutMethod.BankAccount
  • Change V2.MoneyManagement.Transaction.flow and V2.MoneyManagement.TransactionEntry.TransactionDetail.flow to be optional
  • Add support for error codes storer_capability_missing and storer_capability_not_active on QuotePreviewInvoice.LastFinalizationError

See the changelog for more details.

v14.5.0a4

• #1760 Update generated code for private-preview
  • Add support for simulate_crypto_deposit test helper method on resource PaymentIntent
  • Add support for deposit_options and mode on PaymentIntent.PaymentMethodOption.Crypto, PaymentIntentConfirmParamsPaymentMethodOptionCrypto, PaymentIntentCreateParamsPaymentMethodOptionCrypto, and PaymentIntentModifyParamsPaymentMethodOptionCrypto

... (truncated)

Changelog

Sourced from stripe's changelog.

15.0.0 - 2026-03-25

This release changes the pinned API version to 2026-03-25.dahlia and contains breaking changes (prefixed with ⚠️ below). There's also a detailed migration guide to simplify your upgrade process.

Please review details for the breaking changes and alternatives in the Stripe API changelog before upgrading.

• ⚠️ Breaking change: #1769 Add decimal_string coercion for v1 and v2 API fields

  • All decimal_string fields changed type from str to decimal.Decimal in both request params and response objects. Code that reads or writes these fields as str will need to use Decimal instead. Affected fields across v1 and v2 APIs:
    • checkout.Session: fx_rate
    • climate.Order: metric_tons; climate.Product: metric_tons_available
    • CreditNoteLineItem: unit_amount_decimal
    • InvoiceItem: quantity_decimal, unit_amount_decimal
    • InvoiceLineItem: quantity_decimal, unit_amount_decimal
    • issuing.Authorization / issuing.Transaction (and TestHelpers): quantity_decimal, unit_cost_decimal, gross_amount_decimal, local_amount_decimal, national_amount_decimal
    • Plan: amount_decimal, flat_amount_decimal, unit_amount_decimal
    • Price: unit_amount_decimal, flat_amount_decimal (including currency_options and tiers)
    • v2.core.Account / v2.core.AccountPerson: percent_ownership
    • Request params on Invoice, Product, Quote, Subscription, SubscriptionItem, SubscriptionSchedule, PaymentLink: unit_amount_decimal, flat_amount_decimal, quantity_decimal (where applicable)

• [⚠️ Breaking change:#1767](stripe/stripe-python#1767) Throw an error when using the wrong webhook parsing method

• ⚠️ Breaking change: #1764 Drop support for Python 3.7 & 3.8

• ⚠️ Breaking change: #1762 StripeObject no longer inherits from dict

  • StripeObject no longer inherits from dict, so any dict methods will no longer exist, including .get() and notably, .items().
    • For convenience, it's still possible to check key presence with 'some_key' in some_obj. To replicate .get() behavior, use getattr(obj, 'some_key', None) for now. We've got some improvements around accessing properties that may not be present planned, but getattr works for now.
    • Equality between StripeObjects still works: it checks for equality between the same class and underlying data.
  • To access the underlying data as a dict, call some_obj.to_dict(), which recursively dumps all stripe-provided classes into native Python types. This is a read-only view; changes to the output of to_dict() won't affect the original object.
  • Write operations can still be done with dot notation (some_obj.val = 123) or bracket notation (some_obj["val"] = 123). Do that instead of trying to interact with the underlying data store, as the implementation is considered private and may change without warning in the future.

⚠️ Breaking changes due to changes in the Stripe API

• Generated changes from #1749, #1771, #1773, #1775
  • Add support for upi_payments on Account.Capability, AccountCreateParamsCapability, and AccountModifyParamsCapability
  • Add support for upi on Charge.PaymentMethodDetail, Checkout.Session.PaymentMethodOption, ConfirmationToken.PaymentMethodPreview, ConfirmationTokenCreateParamsPaymentMethodDatum, Mandate.PaymentMethodDetail, PaymentAttemptRecord.PaymentMethodDetail, PaymentIntent.PaymentMethodOption, PaymentIntentConfirmParamsPaymentMethodDatum, PaymentIntentConfirmParamsPaymentMethodOption, PaymentIntentCreateParamsPaymentMethodDatum, PaymentIntentCreateParamsPaymentMethodOption, PaymentIntentModifyParamsPaymentMethodDatum, PaymentIntentModifyParamsPaymentMethodOption, PaymentMethodConfigurationCreateParams, PaymentMethodConfigurationModifyParams, PaymentMethodConfiguration, PaymentMethodCreateParams, PaymentMethod, PaymentRecord.PaymentMethodDetail, SetupAttempt.PaymentMethodDetail, SetupIntent.PaymentMethodOption, SetupIntentConfirmParamsPaymentMethodDatum, SetupIntentConfirmParamsPaymentMethodOption, SetupIntentCreateParamsPaymentMethodDatum, SetupIntentCreateParamsPaymentMethodOption, SetupIntentModifyParamsPaymentMethodDatum, SetupIntentModifyParamsPaymentMethodOption, and checkout.SessionCreateParamsPaymentMethodOption
  • Add support for new value tempo on enums Charge.PaymentMethodDetail.Crypto.network, PaymentAttemptRecord.PaymentMethodDetail.Crypto.network, and PaymentRecord.PaymentMethodDetail.Crypto.network
  • Add support for integration_identifier on Checkout.Session and checkout.SessionCreateParams
  • Add support for new value upi on enums PaymentIntent.excluded_payment_method_types, PaymentIntentConfirmParams.excluded_payment_method_types, PaymentIntentCreateParams.excluded_payment_method_types, PaymentIntentModifyParams.excluded_payment_method_types, SetupIntent.excluded_payment_method_types, SetupIntentCreateParams.excluded_payment_method_types, SetupIntentModifyParams.excluded_payment_method_types, and checkout.SessionCreateParams.excluded_payment_method_types
  • Add support for crypto on checkout.SessionCreateParamsPaymentMethodOption
  • Add support for new value upi on enum checkout.SessionCreateParams.payment_method_types
  • Add support for pending_invoice_item_interval on checkout.SessionCreateParamsSubscriptionDatum
  • Add support for new values elements, embedded_page, form, and hosted_page on enums Checkout.Session.ui_mode and checkout.SessionCreateParams.ui_mode
  • Add support for new value marine_carbon_removal on enum Climate.Supplier.removal_pathway
  • Add support for new value upi on enums ConfirmationTokenCreateParamsPaymentMethodDatum.type, PaymentIntentConfirmParamsPaymentMethodDatum.type, PaymentIntentCreateParamsPaymentMethodDatum.type, PaymentIntentModifyParamsPaymentMethodDatum.type, SetupIntentConfirmParamsPaymentMethodDatum.type, SetupIntentCreateParamsPaymentMethodDatum.type, and SetupIntentModifyParamsPaymentMethodDatum.type
  • Add support for new value upi on enums ConfirmationToken.PaymentMethodPreview.type and PaymentMethod.type
  • Add support for metadata on CreditNoteCreateParamsLine, CreditNoteLineItem, CreditNotePreviewLinesParamsLine, and CreditNotePreviewParamsLine
  • Add support for new value upi on enums CustomerListPaymentMethodsParams.type, PaymentMethodCreateParams.type, and PaymentMethodListParams.type
  • Add support for quantity_decimal on InvoiceAddLinesParamsLine, InvoiceCreatePreviewParamsInvoiceItem, InvoiceItemCreateParams, InvoiceItemModifyParams, InvoiceItem, InvoiceLineItemModifyParams, InvoiceLineItem, and InvoiceUpdateLinesParamsLine
  • ⚠️ Add support for level on issuing.AuthorizationCreateParamsRiskAssessmentCardTestingRisk and issuing.AuthorizationCreateParamsRiskAssessmentMerchantDisputeRisk
  • ⚠️ Remove support for risk_level on issuing.AuthorizationCreateParamsRiskAssessmentCardTestingRisk and issuing.AuthorizationCreateParamsRiskAssessmentMerchantDisputeRisk
  • Add support for lifecycle_controls on Issuing.Card and issuing.CardCreateParams
  • ⚠️ Change type of Issuing.Token.NetworkDatum.Visa.card_reference_id from string to nullable(string)

... (truncated)

Commits

• 04d8bfd Bump version to 15.0.0
• 03b1d60 Update generated code (#1775)
• 618d3b3 Add decimal_string coercion for v1 and v2 API fields (#1769)
• 18f4f88 ⚠️ Throw an error when using the wrong webhook parsing method (#1767)
• 8841462 Update generated code for v2205 and (#1773)
• f21f1d7 Update generated code for v2205 and (#1771)
• 08059f9 Update generated code (#1749)
• e2c2f78 ⚠️ Drop support for Python 3.7 & 3.8 (#1764)
• 95af790 ⚠️ StripeObject no longer inherits from dict (#1762)
• 48c6471 Add runtime support for V2 int64 string-encoded fields (#1756)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions