chore(deps): bump python-multipart from 0.0.29 to 0.0.31 in /api

[dependabot]

Bumps python-multipart from 0.0.29 to 0.0.31.

Release notes

Sourced from python-multipart's releases.

Version 0.0.31

What's Changed

• Speed up multipart header parsing and callback dispatch by @​Kludex in Kludex/python-multipart#295
• Bound header field name size before validating by @​Kludex in Kludex/python-multipart#296
• Validate Content-Length is non-negative in parse_form by @​Kludex in Kludex/python-multipart#297

Full Changelog: Kludex/python-multipart@0.0.30...0.0.31

Version 0.0.30

What's Changed

• Treat only & as the urlencoded field separator by @​Kludex in Kludex/python-multipart#290
• Ignore RFC 2231 extended parameters in parse_options_header by @​Kludex in Kludex/python-multipart#291

Full Changelog: Kludex/python-multipart@0.0.29...0.0.30

Changelog

Sourced from python-multipart's changelog.

0.0.31 (2026-06-04)

• Speed up multipart header parsing and callback dispatch #295.
• Bound header field name size before validating #296.
• Validate Content-Length is non-negative in parse_form #297.

0.0.30 (2026-05-31)

• Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator #290.
• Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2 #291.

Commits

• 4cffc68 Version 0.0.31 (#298)
• c814948 Reject negative Content-Length in parse_form (#297)
• 6b837d4 Bound header field name size before validating (#296)
• e0c4f9d Bump the github-actions group with 3 updates (#294)
• b8a01bb Bump the python-packages group with 3 updates (#293)
• 6732164 Speed up multipart header parsing and callback dispatch (#295)
• 9d3ead5 Version 0.0.30 (#292)
• 3506c15 Ignore RFC 2231 extended parameters in parse_options_header (#291)
• d69df35 Treat only & as the urlencoded field separator (#290)
• 1e6ff97 Bump idna from 3.11 to 3.15 (#289)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Summary

This PR bumps python-multipart from 0.0.29 to 0.0.31 in the /api project, including tightening the minimum version constraint in pyproject.toml from >=0.0.18 to >=0.0.31.

• The 0.0.30 release adds WHATWG-compliant URL-encoded form parsing (only & as separator) and fixes RFC 2231 extended parameter handling; 0.0.31 adds a header field name size bound (DoS hardening) and rejects negative Content-Length values.
• The lock file regeneration also updated platform markers for several NVIDIA CUDA packages, removing win32 from their sys_platform conditions — this is unrelated to the main bump and appears to be an automatic resolution artifact.

Confidence Score: 5/5

Safe to merge — straightforward dependency bump with no application logic changes.

The only application-facing change is the python-multipart version bump, which brings input validation hardening and a parse behaviour fix. The CUDA lock file marker changes are an automatic regeneration artefact with no effect on the API runtime.

No files require special attention.

Important Files Changed

Filename	Overview
api/pyproject.toml	Minimum version constraint for python-multipart tightened from >=0.0.18 to >=0.0.31; no other changes.
api/uv.lock	python-multipart locked to 0.0.31 with updated hashes; NVIDIA CUDA package platform markers were also updated (win32 removed) as a regeneration side-effect.

_{Reviews (1): Last reviewed commit: "chore(deps): bump python-multipart from ..." | Re-trigger Greptile}