deps(backend): update spotipy requirement from >=2.24.0 to >=2.26.0

[dependabot]

Updates the requirements on spotipy to permit the latest version.

Release notes

Sourced from spotipy's releases.

2.26.0: Deprecated methods

Regarding the new updates to the Spotify API: See the related article for more information: https://developer.spotify.com/blog/2026-02-06-update-on-developer-access-and-platform-security

Added

• Created generic methods to get user saved items

Fixed

• Updated /tracks endpoints to /items
• Switching IDs to URIs to use /me/library endpoint
• Fixed playlist limit to 50 (according to API)
• Added warnings for deprecated methods

Thanks to @​tonarec for the PR!

Changelog

Sourced from spotipy's changelog.

[2.26.0] - 2026-03-03

Added

• Created generic methods to get user saved items

Fixed

• Updated /tracks endpoints to /items
• Switching IDs to URIs to use /me/library endpoint
• Fixed playlist limit to 50 (according to API)
• Added warnings for deprecated methods

Removed

[2.25.2] - 2025-11-26

Added

• Adds additional_types parameter to retrieve currently playing episode
• Add deprecation warnings to documentation

Fixed

• Fixed dead link in README.md
• Corrected Spotify/Spotipy typo in documentation
• Sanitize HTML error message output for OAuth flow: GHSA-r77h-rpp9-w2xm

[2.25.1] - 2025-02-27

Added

• Added examples for audiobooks, shows and episodes methods to examples directory

Fixed

• Fixed scripts in examples directory that didn't run correctly
• Updated documentation for Client.current_user_top_artists to indicate maximum number of artists limit
• Set auth cache file permissions to 600: GHSA-pwhh-q4h6-w599
• Fixed __del__ methods by preventing garbage collection for requests.Session
• Improved retry warning by using logger instead of logging and making sure that retry_header is an int

Changed

• Updated get_cached_token and save_token_to_cache methods to utilize Python's Context Management Protocol
• Added except clause to get_cached_token method to handle json decode errors
• Added warnings and updated docs due to Spotify's deprecation of HTTP and "localhost" redirect URIs
• Use newer string formatters (https://pyformat.info)
• Marked recommendation_genre_seeds as deprecated

[2.25.0] - 2025-03-01

... (truncated)

Commits

• 6787aab Merge pull request #1230 from spotipy-dev/pr/1228
• fa7049e Fix: Web API Changes of February 2026 (#1228)
• c52a29f Update sphinx-rtd-theme requirement from ~=3.0.2 to ~=3.1.0 (#1226)
• 179d3e4 Update skipLabel to skipLabels in workflow
• 9119b6a Fix lint workflow
• b5be7fb add advisory link
• 48dab6e bump version to 2.25.2
• 880b92d Merge commit from fork
• a91d9fe Correct Spotify/Spotipy typo (#1209)
• 5a8b55f Deprecations in doc (#1202)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)