Skip to content

chore(deps): update python-multipart requirement from >=0.0.6 to >=0.0.27#5

Merged
chrlesur merged 1 commit into
mainfrom
dependabot/pip/python-multipart-gte-0.0.27
May 11, 2026
Merged

chore(deps): update python-multipart requirement from >=0.0.6 to >=0.0.27#5
chrlesur merged 1 commit into
mainfrom
dependabot/pip/python-multipart-gte-0.0.27

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Updates the requirements on python-multipart to permit the latest version.

Release notes

Sourced from python-multipart's releases.

0.0.27

What's Changed

Full Changelog: Kludex/python-multipart@0.0.26...0.0.27

Changelog

Sourced from python-multipart's changelog.

0.0.27 (2026-04-27)

  • Add multipart header limits #267.
  • Pass parse offsets via constructors #268.

0.0.26 (2026-04-10)

  • Skip preamble before the first multipart boundary more efficiently #262.
  • Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

  • Add MIME content type info to File #143.
  • Handle CTE values case-insensitively #258.
  • Remove custom FormParser classes #257.
  • Add UPLOAD_DELETE_TMP to FormParser config #254.
  • Emit field_end for trailing bare field names on finalize #230.
  • Handle multipart headers case-insensitively #252.
  • Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

  • Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

  • Remove unused trust_x_headers parameter and X-File-Name fallback #196.
  • Return processed length from QuerystringParser._internal_write #229.
  • Cleanup metadata dunders from __init__.py #227.

0.0.22 (2026-01-25)

  • Drop directory path from filename in File 9433f4b.

0.0.21 (2025-12-17)

  • Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.

0.0.20 (2024-12-16)

  • Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

  • Don't warn when CRLF is found after last boundary on MultipartParser #193.

0.0.18 (2024-11-28)

  • Hard break if found data after last boundary on MultipartParser #189.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): update python-multipart requirement
3867c59 
Updates the requirements on [python-multipart](https://github.com/Kludex/python-multipart) to permit the latest version.
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.6...0.0.27)

---
updated-dependencies:
- dependency-name: python-multipart
  dependency-version: 0.0.27
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 28, 2026

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

chrlesur
chrlesur approved these changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@chrlesur chrlesur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Safe: python-multipart >=0.0.27. Note: this lib is NOT directly imported anywhere in our codebase (no UploadFile/Form() usage — we use base64 in JSON). FastAPI might use it transitively but our endpoints don't require it. Bumping anyway to address CVE-2024-24762 (ReDoS) and CVE-2024-53981 (DoS) in case of indirect invocation. A separate issue will track removing this unused dependency.

@chrlesur chrlesur merged commit 690f7e2 into main May 11, 2026
@chrlesur chrlesur deleted the dependabot/pip/python-multipart-gte-0.0.27 branch May 11, 2026 17:54
This was referenced May 11, 2026
Open
Merged
chrlesur added a commit that referenced this pull request May 11, 2026
@chrlesur
release: v2.1.2 - dependency updates (4 Dependabot PRs)
0f32418 
Release patch consolidant les 4 mises à jour de dépendances Dependabot
mergées en main :

- boto3 >=1.42.97 (#6)
- pydantic-settings >=2.14.0 (#7)
- python-multipart >=0.0.27 (#5)
- rich >=15.0.0 (#4)

Aucun changement applicatif, aucune modification d'API. Recette à
150/150 tests verts. 30 outils MCP inchangés.

PR Dependabot fermées sans merge :
- #8 (fastapi <0.110.0) : version cible morte → issue #9 ouverte
- #3 (Python 3.14) : prématuré (wheels manquantes) → issue #10 ouverte

Bump VERSION 2.1.1 → 2.1.2 + entrée CHANGELOG + références dans README.md,
README.en.md et DESIGN/SPECIFICATION.md.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrlesur chrlesur chrlesur approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrlesur