Chore(deps): Bump plexapi from 4.17.2 to 4.18.0

[dependabot]

Bumps plexapi from 4.17.2 to 4.18.0.

Release notes

Sourced from plexapi's releases.

4.18.0

Breaking Changes

• Bump minimum Python version to 3.10 (#1562)
• Remove all deprecated methods (#1565)
• Remove authToken attribute from local server account (#1581)

Bug Fixes

• Resolve issue accessing pin code before running thread (#1567)
• Fix Plex JWT signature verification (#1577)

Improvements

• Refactor and consolidate mixins (#1564)
• feat: Add py.typed (#1575)
• chore: Tear out Python 2 remnants (#1576)
• Fix tv show theme tests (#1578)
• Fix movie audio profile test (#1579, #1580)
• Fix JWT test (#1582)

---

Thanks to new contributor @​C0rn3j.

Commits

• fd16410 Release 4.18.0
• a0c9cc8 Bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#1574)
• d1d7c14 Bump pillow from 11.3.0 to 12.1.0 (#1573)
• 5152a7a Bump pytest from 8.4.1 to 9.0.2 (#1572)
• 0f4ad5e Bump sphinx from 7.4.7 to 9.1.0 (#1571)
• 033eb58 Bump actions/upload-artifact from 4 to 6 (#1570)
• cd57601 Bump actions/download-artifact from 5 to 7 (#1569)
• 1046e84 Bump actions/cache from 4 to 5 (#1568)
• 188ad63 Bump actions/checkout from 5 to 6 (#1563)
• c518777 Bump github/codeql-action from 3 to 4 (#1556)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

🔒 Dependency Security Report

⚠️ requirements_all.txt is out of sync

The requirements_all.txt file should be auto-generated from pyproject.toml and provider manifests.

Action required: Run python scripts/gen_requirements_all.py and commit the changes.

---

📦 Modified Dependencies

The following dependencies were added or modified:

diff --git a/requirements_all.txt b/requirements_all.txt
index 3f9dcd29..9a3bb12e 100644
--- a/requirements_all.txt
+++ b/requirements_all.txt
@@ -48,7 +48,7 @@ niconico.py-ma==2.1.0.post1
 orjson==3.11.5
 pillow==12.1.1
 pkce==1.0.3
-plexapi==4.17.2
+plexapi==4.18.0
 podcastparser==0.6.11
 propcache>=0.2.1
 py-opensonic==8.1.1

New/modified packages to review:

• plexapi==4.18.0

---

🔍 Vulnerability Scan Results

No known vulnerabilities found
✅ No known vulnerabilities found

---

Automated Security Checks

• ✅ Vulnerability Scan: Passed - No known vulnerabilities
• ✅ Trusted Sources: All packages have verified source repositories
• ✅ Typosquatting Check: No suspicious package names detected
• ✅ License Compatibility: All licenses are OSI-approved and compatible
• ✅ Supply Chain Risk: Passed - packages appear mature and maintained

🤖 Automated dependency update - This PR is from a trusted source (dependabot/renovate) and will be auto-approved if all checks pass.

Manual Review

Maintainer approval required:

• I have reviewed the changes above and approve these dependency updates

Automated PRs with all checks passing will be auto-approved.

[MarvinSchenkel]

@anatosun , just looking at the breaking changes. Is this safe to bump?

[OzGav]

@anatosun checking in again whether this is safe to bump?

[dependabot]

Superseded by #3598.