Chore(deps): Bump plexapi from 4.17.2 to 4.18.0

[dependabot]

Bumps plexapi from 4.17.2 to 4.18.0.

Release notes

Sourced from plexapi's releases.

4.18.0

Breaking Changes

• Bump minimum Python version to 3.10 (#1562)
• Remove all deprecated methods (#1565)
• Remove authToken attribute from local server account (#1581)

Bug Fixes

• Resolve issue accessing pin code before running thread (#1567)
• Fix Plex JWT signature verification (#1577)

Improvements

• Refactor and consolidate mixins (#1564)
• feat: Add py.typed (#1575)
• chore: Tear out Python 2 remnants (#1576)
• Fix tv show theme tests (#1578)
• Fix movie audio profile test (#1579, #1580)
• Fix JWT test (#1582)

---

Thanks to new contributor @​C0rn3j.

Commits

• fd16410 Release 4.18.0
• a0c9cc8 Bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#1574)
• d1d7c14 Bump pillow from 11.3.0 to 12.1.0 (#1573)
• 5152a7a Bump pytest from 8.4.1 to 9.0.2 (#1572)
• 0f4ad5e Bump sphinx from 7.4.7 to 9.1.0 (#1571)
• 033eb58 Bump actions/upload-artifact from 4 to 6 (#1570)
• cd57601 Bump actions/download-artifact from 5 to 7 (#1569)
• 1046e84 Bump actions/cache from 4 to 5 (#1568)
• 188ad63 Bump actions/checkout from 5 to 6 (#1563)
• c518777 Bump github/codeql-action from 3 to 4 (#1556)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🔒 Dependency Security Report

⚠️ requirements_all.txt is out of sync

The requirements_all.txt file should be auto-generated from pyproject.toml and provider manifests.

Action required: Run python scripts/gen_requirements_all.py and commit the changes.

---

📦 Modified Dependencies

The following dependencies were added or modified:

diff --git a/requirements_all.txt b/requirements_all.txt
index 3f9dcd29..9a3bb12e 100644
--- a/requirements_all.txt
+++ b/requirements_all.txt
@@ -48,7 +48,7 @@ niconico.py-ma==2.1.0.post1
 orjson==3.11.5
 pillow==12.1.1
 pkce==1.0.3
-plexapi==4.17.2
+plexapi==4.18.0
 podcastparser==0.6.11
 propcache>=0.2.1
 py-opensonic==8.1.1

New/modified packages to review:

• plexapi==4.18.0

---

🔍 Vulnerability Scan Results

No known vulnerabilities found
✅ No known vulnerabilities found

---

Automated Security Checks

• ✅ Vulnerability Scan: Passed - No known vulnerabilities
• ✅ Trusted Sources: All packages have verified source repositories
• ✅ Typosquatting Check: No suspicious package names detected
• ✅ License Compatibility: All licenses are OSI-approved and compatible
• ✅ Supply Chain Risk: Passed - packages appear mature and maintained

🤖 Automated dependency update - This PR is from a trusted source (dependabot/renovate) and will be auto-approved if all checks pass.

Manual Review

Maintainer approval required:

• I have reviewed the changes above and approve these dependency updates

Automated PRs with all checks passing will be auto-approved.

[MarvinSchenkel]

@anatosun , just looking at the breaking changes. Is this safe to bump?