Bump python-multipart from 0.0.22 to 0.0.26 and fix security vulnerabilities#89

Merged

amrit110 merged 1 commit intomainfrom

dependabot/uv/python-multipart-0.0.26

Apr 17, 2026

Member

amrit110 commented Apr 17, 2026

Summary

Bump python-multipart from 0.0.22 to 0.0.26 (original Dependabot change)
Fix all pip-audit security vulnerabilities found in CI:
- aiohttp 3.13.3 → 3.13.5 (GHSA-p998-jp59-783m et al.)
- authlib 1.6.9 → 1.6.11 (GHSA-jj8c-mmj3-mmgv)
- cryptography 46.0.5 → 46.0.7 (GHSA-m959-cc7f-wv43, GHSA-p423-j2cm-9vmq)
- pillow 12.1.1 → 12.2.0 (GHSA-whj4-6x5x-4v2j)
- pyasn1 0.6.2 → 0.6.3 (GHSA-jr27-m4p2-rc6r)
- pygments 2.19.2 → 2.20.0 (GHSA-5239-wwwm-4pmq)
- pytest 8.4.2 → 9.0.3 (GHSA-6w46-j5rx-g56g)
- requests 2.32.5 → 2.33.1 (GHSA-gc5v-m9x4-r6x2)
- transformers 4.57.1 → 5.5.4 (GHSA-69w3-r845-3855)

Test plan

uv run pip-audit shows no known vulnerabilities
uv lock resolves cleanly with updated constraints
CI passes (code checks, unit tests, docs)

🤖 Generated with Claude Code


          Bump python-multipart from 0.0.22 to 0.0.26

80c1a6a

Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.26.
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.22...0.0.26)

---
updated-dependencies:
- dependency-name: python-multipart
  dependency-version: 0.0.26
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

amrit110 force-pushed the dependabot/uv/python-multipart-0.0.26 branch from e5950d5 to 80c1a6a Compare

April 17, 2026 16:35

amrit110 merged commit 85f1fa6 into main

7 checks passed

amrit110 deleted the dependabot/uv/python-multipart-0.0.26 branch

April 17, 2026 16:37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet