[services] Update pip dependencies (#15162)

## Change Description

Fixes #15148 and hail-is/hail-security#66 

## Security Assessment

Delete all except the correct answer:
- This change potentially impacts the Hail Batch instance as deployed by
Broad Institute in GCP

### Impact Rating

- This change has a low security impact

### Impact Description

Regular dependency update, plus updating aiomysql past a known
vulnerability (though the specific issue wasn't a risk for us, it still
shows up in scans)

### Appsec Review

- [x] Required: The impact has been assessed and approved by appsec

Author: cjllanwarne

batch/pinned-requirements.txt

@@ -9,7 +9,7 @@ aiohappyeyeballs==2.6.1
     #   -c batch/../hail/python/pinned-requirements.txt
     #   -c batch/../web_common/pinned-requirements.txt
     #   aiohttp
-aiohttp==3.12.15
+aiohttp==3.13.2
     # via
     #   -c batch/../gear/pinned-requirements.txt
     #   -c batch/../hail/python/dev/pinned-requirements.txt
@@ -50,7 +50,7 @@ frozenlist==1.8.0
     #   -c batch/../web_common/pinned-requirements.txt
     #   aiohttp
     #   aiosignal
-idna==3.10
+idna==3.11
     # via
     #   -c batch/../gear/pinned-requirements.txt
     #   -c batch/../hail/python/dev/pinned-requirements.txt
@@ -72,6 +72,7 @@ numpy==2.2.6
     #   pandas
 packaging==25.0
     # via
+    #   -c batch/../gear/pinned-requirements.txt
     #   -c batch/../hail/python/dev/pinned-requirements.txt
     #   -c batch/../hail/python/pinned-requirements.txt
     #   plotly
@@ -83,7 +84,7 @@ plotly==5.24.1
     # via
     #   -c batch/../hail/python/pinned-requirements.txt
     #   -r batch/requirements.txt
-propcache==0.4.0
+propcache==0.4.1
     # via
     #   -c batch/../gear/pinned-requirements.txt
     #   -c batch/../hail/python/dev/pinned-requirements.txt
@@ -121,6 +122,7 @@ typing-extensions==4.15.0
     #   multidict
 tzdata==2025.2
     # via
+    #   -c batch/../hail/python/dev/pinned-requirements.txt
     #   -c batch/../hail/python/pinned-requirements.txt
     #   pandas
 yarl==1.22.0

ci/pinned-requirements.txt

@@ -11,7 +11,7 @@ cffi==2.0.0
     #   -c ci/../hail/python/dev/pinned-requirements.txt
     #   -c ci/../hail/python/pinned-requirements.txt
     #   cryptography
-charset-normalizer==3.4.3
+charset-normalizer==3.4.4
     # via
     #   -c ci/../gear/pinned-requirements.txt
     #   -c ci/../hail/python/dev/pinned-requirements.txt
@@ -22,15 +22,15 @@ click==8.3.0
     #   -c ci/../hail/python/dev/pinned-requirements.txt
     #   -c ci/../hail/python/pinned-requirements.txt
     #   zulip
-cryptography==46.0.2
+cryptography==46.0.3
     # via
     #   -c ci/../hail/python/pinned-requirements.txt
     #   pyjwt
 distro==1.9.0
     # via zulip
 gidgethub==5.4.0
     # via -r ci/requirements.txt
-idna==3.10
+idna==3.11
     # via
     #   -c ci/../gear/pinned-requirements.txt
     #   -c ci/../hail/python/dev/pinned-requirements.txt

gear/pinned-requirements.txt

@@ -6,7 +6,7 @@ aiohappyeyeballs==2.6.1
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
     #   -c gear/../hail/python/pinned-requirements.txt
     #   aiohttp
-aiohttp==3.12.15
+aiohttp==3.13.2
     # via
     #   -c gear/../hail/python/dev/pinned-requirements.txt
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
@@ -15,7 +15,7 @@ aiohttp==3.12.15
     #   kubernetes-asyncio
 aiohttp-session==2.12.1
     # via -r gear/requirements.txt
-aiomysql==0.2.0
+aiomysql==0.3.2
     # via -r gear/requirements.txt
 aiosignal==1.4.0
     # via
@@ -35,7 +35,7 @@ attrs==25.4.0
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
     #   -c gear/../hail/python/pinned-requirements.txt
     #   aiohttp
-cachetools==6.2.0
+cachetools==6.2.1
     # via
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
     #   -c gear/../hail/python/pinned-requirements.txt
@@ -47,7 +47,7 @@ certifi==2025.10.5
     #   -c gear/../hail/python/pinned-requirements.txt
     #   kubernetes-asyncio
     #   requests
-charset-normalizer==3.4.3
+charset-normalizer==3.4.4
     # via
     #   -c gear/../hail/python/dev/pinned-requirements.txt
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
@@ -60,11 +60,11 @@ frozenlist==1.8.0
     #   -c gear/../hail/python/pinned-requirements.txt
     #   aiohttp
     #   aiosignal
-google-api-core==2.25.2
+google-api-core==2.28.1
     # via google-api-python-client
-google-api-python-client==2.184.0
+google-api-python-client==2.185.0
     # via google-cloud-profiler
-google-auth==2.41.1
+google-auth==2.42.0
     # via
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
     #   -c gear/../hail/python/pinned-requirements.txt
@@ -78,13 +78,13 @@ google-auth-httplib2==0.2.0
     #   google-cloud-profiler
 google-cloud-profiler==4.1.0
     # via -r gear/requirements.txt
-googleapis-common-protos==1.70.0
+googleapis-common-protos==1.71.0
     # via google-api-core
 httplib2==0.31.0
     # via
     #   google-api-python-client
     #   google-auth-httplib2
-idna==3.10
+idna==3.11
     # via
     #   -c gear/../hail/python/dev/pinned-requirements.txt
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
@@ -100,14 +100,19 @@ multidict==6.7.0
     #   -c gear/../hail/python/pinned-requirements.txt
     #   aiohttp
     #   yarl
+packaging==25.0
+    # via
+    #   -c gear/../hail/python/dev/pinned-requirements.txt
+    #   -c gear/../hail/python/pinned-requirements.txt
+    #   -r gear/requirements.txt
 prometheus-async==19.2.0
     # via -r gear/requirements.txt
 prometheus-client==0.23.1
     # via
     #   -c gear/../hail/python/dev/pinned-requirements.txt
     #   -r gear/requirements.txt
     #   prometheus-async
-propcache==0.4.0
+propcache==0.4.1
     # via
     #   -c gear/../hail/python/dev/pinned-requirements.txt
     #   -c gear/../hail/python/hailtop/pinned-requirements.txt
@@ -116,7 +121,7 @@ propcache==0.4.0
     #   yarl
 proto-plus==1.26.1
     # via google-api-core
-protobuf==6.32.1
+protobuf==6.33.0
     # via
     #   google-api-core
     #   google-cloud-profiler

gear/requirements.txt

@@ -7,9 +7,11 @@
 -c ../hail/python/dev/pinned-requirements.txt
 
 aiohttp_session>=2.7,<2.13
-aiomysql>=0.0.20,<1
+aiomysql>=0.3.0,<1
 google-cloud-profiler>=4.1.0,<5
 kubernetes-asyncio>=19.15.1,<20
+# Required by google-api-core but not declared properly in its metadata. Therefore add manually:
+packaging>=23.0
 prometheus_async>=19.2.0,<20
 prometheus_client>=0.11.0,<1
 PyMySQL>=1,<2