chore(deps): consolidate all dependabot updates (#1067)

* chore(deps-dev): bump idna from 3.10 to 3.15

Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.10...v3.15)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump actions/create-github-app-token from 2 to 3

Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2 to 3.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](actions/create-github-app-token@v2...v3)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump dependabot/fetch-metadata from 2.4.0 to 3.1.0

Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2.4.0 to 3.1.0.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@v2.4.0...v3.1.0)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump googleapis/release-please-action from 4 to 5

Bumps [googleapis/release-please-action](https://github.com/googleapis/release-please-action) from 4 to 5.
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@v4...v5)

---
updated-dependencies:
- dependency-name: googleapis/release-please-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump pyjwt from 2.9.0 to 2.12.0

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.9.0 to 2.12.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.9.0...2.12.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-version: 2.12.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump requests from 2.32.5 to 2.33.0

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump iniconfig from 2.1.0 to 2.3.0

Bumps [iniconfig](https://github.com/pytest-dev/iniconfig) from 2.1.0 to 2.3.0.
- [Release notes](https://github.com/pytest-dev/iniconfig/releases)
- [Changelog](https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG)
- [Commits](pytest-dev/iniconfig@v2.1.0...v2.3.0)

---
updated-dependencies:
- dependency-name: iniconfig
  dependency-version: 2.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump msal from 1.33.0 to 1.36.0

Bumps [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) from 1.33.0 to 1.36.0.
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASES.md)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.33.0...1.36.0)

---
updated-dependencies:
- dependency-name: msal
  dependency-version: 1.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump types-python-dateutil

Bumps [types-python-dateutil](https://github.com/python/typeshed) from 2.9.0.20250822 to 2.9.0.20260518.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260518
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump frozenlist from 1.7.0 to 1.8.0

Bumps [frozenlist](https://github.com/aio-libs/frozenlist) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/aio-libs/frozenlist/releases)
- [Changelog](https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst)
- [Commits](aio-libs/frozenlist@v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: frozenlist
  dependency-version: 1.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump types-deprecated

Bumps [types-deprecated](https://github.com/python/typeshed) from 1.2.15.20250304 to 1.3.1.20260519.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-deprecated
  dependency-version: 1.3.1.20260519
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump zipp from 3.23.0 to 4.1.0

Bumps [zipp](https://github.com/jaraco/zipp) from 3.23.0 to 4.1.0.
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.23.0...v4.1.0)

---
updated-dependencies:
- dependency-name: zipp
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump aiohttp from 3.13.4 to 3.13.5

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.13.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump pylint in the pylint group across 1 directory

Bumps the pylint group with 1 update in the / directory: [pylint](https://github.com/pylint-dev/pylint).


Updates `pylint` from 3.3.8 to 4.0.5
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](pylint-dev/pylint@v3.3.8...v4.0.5)

---
updated-dependencies:
- dependency-name: pylint
  dependency-version: 4.0.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: pylint
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps-dev): bump yarl from 1.20.1 to 1.24.2

Bumps [yarl](https://github.com/aio-libs/yarl) from 1.20.1 to 1.24.2.
- [Release notes](https://github.com/aio-libs/yarl/releases)
- [Changelog](https://github.com/aio-libs/yarl/blob/master/CHANGES.rst)
- [Commits](aio-libs/yarl@v1.20.1...v1.24.2)

---
updated-dependencies:
- dependency-name: yarl
  dependency-version: 1.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: ramsessanchez

.github/workflows/auto-merge-dependabot.yml

@@ -17,7 +17,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2.4.0
+        uses: dependabot/fetch-metadata@v3.1.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 

.github/workflows/project-auto-add.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate_token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@v3
         with:
           app-id: ${{ secrets.GRAPHBOT_APP_ID }}
           private-key: ${{ secrets.GRAPHBOT_APP_PEM }}

.github/workflows/publish.yml

@@ -29,7 +29,7 @@ jobs:
       - name: Build package
         run: python -m build
       - name: Publish package
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
         with:
           user: __token__
           password: ${{ secrets.PYPI_TOKEN }}

.github/workflows/release-please-gha.yml

@@ -23,13 +23,13 @@ jobs:
 
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@v3
         with:
           app-id: ${{ vars.RELEASE_PLEASE_TOKEN_PROVIDER_APP_ID }}
           private-key: ${{ secrets.RELEASE_PLEASE_TOKEN_PROVIDER_PEM }}
 
       - name: Release Please
-        uses: googleapis/release-please-action@v4
+        uses: googleapis/release-please-action@v5
         with:
           token: ${{ steps.app-token.outputs.token }}
           config-file: release-please-config.json

requirements-dev.txt

@@ -32,11 +32,11 @@ dill==0.4.0 ; python_version < '3.11'
 
 exceptiongroup==1.3.0 ; python_version < '3.11'
 
-idna==3.10 ; python_version >= '3.5'
+idna==3.15 ; python_version >= '3.5'
 
 importlib-metadata==7.1.0 ; python_version >= '3.7'
 
-iniconfig==2.1.0 ; python_version >= '3.7'
+iniconfig==2.3.0 ; python_version >= '3.7'
 
 isort==6.0.1
 
@@ -50,7 +50,7 @@ mccabe==0.7.0 ; python_version >= '3.6'
 
 mock==5.2.0 ; python_version >= '3.6'
 
-msal==1.33.0
+msal==1.36.0
 
 msal-extensions==1.3.1
 
@@ -72,9 +72,9 @@ portalocker==2.10.1 ; python_version >= '3.5' and platform_system == 'Windows'
 
 pycparser==2.23
 
-pyjwt[crypto]==2.9.0 ; python_version >= '3.7'
+pyjwt[crypto]==2.12.0 ; python_version >= '3.7'
 
-pylint==3.3.8
+pylint==4.0.5
 
 pyproject-hooks==1.2.0 ; python_version >= '3.7'
 
@@ -92,7 +92,7 @@ pytest-asyncio==1.3.0
 
 pywin32==311 ; platform_system == 'Windows'
 
-requests==2.32.5 ; python_version >= '3.7'
+requests==2.33.0 ; python_version >= '3.7'
 
 setuptools==80.9.0
 
@@ -110,7 +110,7 @@ tomlkit==0.13.3 ; python_version >= '3.7'
 
 trio==0.31.0
 
-types-python-dateutil==2.9.0.20250822
+types-python-dateutil==2.9.0.20260518
 
 types-requests==2.32.4.20250809; python_version >= '3.7'
 urllib3==2.7.0 ; python_version >= '3.7'
@@ -121,17 +121,17 @@ wrapt==1.17.3 ; python_version < '3.11'
 
 yapf==0.43.0
 
-zipp==3.23.0 ; python_version >= '3.7'
+zipp==4.1.0 ; python_version >= '3.7'
 
-aiohttp==3.13.4 ; python_version >= '3.6'
+aiohttp==3.13.5 ; python_version >= '3.6'
 
 aiosignal==1.4.0 ; python_version >= '3.7'
 
 anyio==4.10.0 ; python_version >= '3.7'
 
 async-timeout==5.0.1 ; python_version >= '3.6'
 
-frozenlist==1.7.0 ; python_version >= '3.7'
+frozenlist==1.8.0 ; python_version >= '3.7'
 
 h11==0.16.0 ; python_version >= '3.7'
 
@@ -157,8 +157,8 @@ multidict==6.6.4 ; python_version >= '3.7'
 
 uritemplate==4.2.0 ; python_version >= '3.6'
 
-yarl==1.20.1 ; python_version >= '3.7'
+yarl==1.24.2 ; python_version >= '3.7'
 
 deprecated==1.2.18
 
-types-Deprecated==1.2.15.20250304
+types-Deprecated==1.3.1.20260519