From 6be34660277933e68a116ba997dc888bb1b60c46 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jun 2026 23:19:25 +0000 Subject: [PATCH] Bump python-multipart in the uv group across 1 directory Bumps the uv group with 1 update in the / directory: [python-multipart](https://github.com/Kludex/python-multipart). Updates `python-multipart` from 0.0.29 to 0.0.31 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.31) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.31 dependency-type: direct:development dependency-group: uv ... Signed-off-by: dependabot[bot] --- pyproject.toml | 4 ++-- uv.lock | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 481bce0..432d2b8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ dependencies = [ "openai-agents>=0.7.0", "pillow>=12.2.0", # CVE-2026-40192: FITS decompression bomb fixed in 12.2.0 "pypdf>=6.10.2", # CVE-2026-28804: ASCIIHexDecode DoS fixed in 6.7.5; CVE-2026-33123: array-based stream DoS fixed in 6.9.1; CVE-2026-40260: XMP metadata memory DoS fixed in 6.10.0; GHSA-jj6c-8h6c-hppx/GHSA-4pxv-j86v-mhcw/GHSA-7gw9-cf7v-778f/GHSA-x284-j5p8-9c5p: DoS via crafted PDFs fixed in 6.10.2 - "python-multipart>=0.0.27", # CVE-2026-40347: multipart parsing DoS fixed in 0.0.26; CVE-2026-42561: part header parsing DoS fixed in 0.0.27 + "python-multipart>=0.0.31", # CVE-2026-40347: multipart parsing DoS fixed in 0.0.26; CVE-2026-42561: part header parsing DoS fixed in 0.0.27 "matplotlib>=3.10.9", "kagglehub>=0.4.1,<1.0.1", # 1.0.1 needs kagglesdk.get_web_endpoint; removed in kagglesdk>=0.1.24 ] @@ -76,7 +76,7 @@ web-search = [ "google-cloud-firestore>=2.21.0", "fastapi[standard]>=0.116.1", "google-genai>=1.46.0", - "python-multipart>=0.0.27", # CVE-2026-40347: DoS via crafted multipart preamble/epilogue fixed in 0.0.26; CVE-2026-42561: part header parsing DoS fixed in 0.0.27 + "python-multipart>=0.0.31", # CVE-2026-40347: DoS via crafted multipart preamble/epilogue fixed in 0.0.26; CVE-2026-42561: part header parsing DoS fixed in 0.0.27 "simplejson>=3.20.2", ] diff --git a/uv.lock b/uv.lock index 67178d8..7d955c5 100644 --- a/uv.lock +++ b/uv.lock @@ -131,7 +131,7 @@ requires-dist = [ { name = "pydantic-settings", specifier = ">=2.7.0" }, { name = "pypdf", specifier = ">=6.7.5" }, { name = "pypdf", specifier = ">=6.10.2" }, - { name = "python-multipart", specifier = ">=0.0.27" }, + { name = "python-multipart", specifier = ">=0.0.31" }, { name = "pyyaml", specifier = ">=6.0.0" }, { name = "scikit-learn", specifier = ">=1.7.0" }, { name = "tenacity", specifier = ">=9.1.2" }, @@ -173,7 +173,7 @@ web-search = [ { name = "fastapi", extras = ["standard"], specifier = ">=0.116.1" }, { name = "google-cloud-firestore", specifier = ">=2.21.0" }, { name = "google-genai", specifier = ">=1.46.0" }, - { name = "python-multipart", specifier = ">=0.0.27" }, + { name = "python-multipart", specifier = ">=0.0.31" }, { name = "simplejson", specifier = ">=3.20.2" }, ] @@ -5212,11 +5212,11 @@ wheels = [ [[package]] name = "python-multipart" -version = "0.0.29" +version = "0.0.31" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/4e/fe/70bd71a6738b09a0bdf6480ca6436b167469ca4578b2a0efbe390b4b0e70/python_multipart-0.0.29.tar.gz", hash = "sha256:643e93849196645e2dbdd81a0f8829a23123ad7f797a84a364c6fb3563f18904", size = 45678, upload-time = "2026-05-17T17:29:47.654Z" } +sdist = { url = "https://files.pythonhosted.org/packages/64/7e/9b35ad8f3d9ca680f7c87a88f19612fdd8da9796c4d3b46e560ac79dcc4a/python_multipart-0.0.31.tar.gz", hash = "sha256:fc631183bb13e56db3158a4909908dfb2e23565286744e798241e63750e5d680", size = 46689, upload-time = "2026-06-04T08:27:49.014Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/8f/cb/769cfc37177252872a45a71f3fbdde9d51b471a3f3c14bfe95dde3407386/python_multipart-0.0.29-py3-none-any.whl", hash = "sha256:2ddcc971cef266225f54f552d8fa10bcfbb1f14446caec199060daac59ff2d69", size = 29640, upload-time = "2026-05-17T17:29:45.69Z" }, + { url = "https://files.pythonhosted.org/packages/5e/1e/7f7f299527a5a8ad90acd5f2f78dfa6c8495c6301a3205106ea68a84de96/python_multipart-0.0.31-py3-none-any.whl", hash = "sha256:8408153d68a9773291fc1da39a8b85a50044bddbabd2dd72e9229776b7b15e28", size = 29996, upload-time = "2026-06-04T08:27:47.804Z" }, ] [[package]]