Skip to content

chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in the uv group across 1 directory#102

Merged
cmeans-claude-dev[bot] merged 2 commits into
mainfrom
dependabot/uv/uv-14c377a4fb
May 13, 2026
Merged

chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in the uv group across 1 directory#102
cmeans-claude-dev[bot] merged 2 commits into
mainfrom
dependabot/uv/uv-14c377a4fb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the uv group with 1 update in the / directory: python-multipart.

Updates python-multipart from 0.0.26 to 0.0.27

Release notes

Sourced from python-multipart's releases.

0.0.27

What's Changed

Full Changelog: Kludex/python-multipart@0.0.26...0.0.27

Changelog

Sourced from python-multipart's changelog.

0.0.27 (2026-04-27)

  • Add multipart header limits #267.
  • Pass parse offsets via constructors #268.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump python-multipart in the uv group across 1 directory
9245ac3 
Bumps the uv group with 1 update in the / directory: [python-multipart](https://github.com/Kludex/python-multipart).


Updates `python-multipart` from 0.0.26 to 0.0.27
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.26...0.0.27)

---
updated-dependencies:
- dependency-name: python-multipart
  dependency-version: 0.0.27
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency updates python:uv Pull requests that update python:uv code labels May 8, 2026
@github-actions github-actions Bot added the Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA label May 8, 2026
@github-actions github-actions Bot added Ready for QA Dev work complete — QA can begin review and removed Awaiting CI Dev complete, waiting for CI/Codecov to pass before QA labels May 8, 2026
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@cmeans cmeans added the QA Active QA is actively reviewing; Dev should not push changes label May 13, 2026
@github-actions github-actions Bot removed the Ready for QA Dev work complete — QA can begin review label May 13, 2026
cmeans
cmeans reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@cmeans cmeans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA Round 1 — Pass

Head: 2e851d6

Diff scope: 2 files / +4 / -3.

  • uv.lock (+3 / -3): single [[package]] block — python-multipart 0.0.26 → 0.0.27, new sdist URL/hash + wheel URL/hash. No transitive movement; nothing else in the lockfile shifted. dependabot-changelog workflow SUCCESS.
  • CHANGELOG.md (+1): ## Unreleased / ### Changed entry slotted above the existing #98 bump (newest-first within the section).

Sourcing: transitive only — python-multipart is pulled in by mcp 1.26.0 via its [[package]].dependencies block. Direct repo references: grep -rn 'import.*multipart\|from.*multipart' src/ tests/ returns one comment in core/client.py:366 ("does not read _sid from multipart form data") and zero imports, so the bump can't break any of our code at import time. The MCP SDK is the only consumer, and it has no upper bound on python-multipart. Streamable HTTP / multipart-form code paths in MCP aren't on our active runtime today (per ADR-0001 deferral).

Upstream changes 0.0.26 → 0.0.27: Kludex/python-multipart#267 "Add multipart header limits" + #268 "Pass parse offsets via constructors". Both internal-improvement-only per the release notes; no documented API breaks.

Local verification at 2e851d6 (after uv sync --frozen --extra dev installed 0.0.27):

  • uv run pytest: 605 passed / 112 deselected (integration+vdsm markers) / 17 warnings / 96.22% coverage — exact match against post-#101 baseline (no regression).
  • ruff check src/ tests/ — clean.
  • ruff format --check src/ tests/ — 69 files already formatted.
  • mypy src/ — Success: no issues found in 28 source files.

CI on 2e851d6: 12 required SUCCESS + 1 SKIPPED, incl. vdsm integration tests SUCCESS. Dependabot CHANGELOG SUCCESS.

Findings: none. Zero blockers, zero substantive, zero observations.

Verdict: QA Pass. Applying Ready for QA Signoff as final act. Awaiting maintainer's QA Approved.

@cmeans cmeans added Ready for QA Signoff QA passed — ready for maintainer final review and merge and removed QA Active QA is actively reviewing; Dev should not push changes labels May 13, 2026
cmeans
cmeans approved these changes May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@cmeans cmeans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cmeans cmeans added QA Approved Manual QA testing completed and passed and removed Ready for QA Signoff QA passed — ready for maintainer final review and merge labels May 13, 2026
@cmeans-claude-dev cmeans-claude-dev Bot merged commit 9a5cfcd into main May 13, 2026
34 checks passed
@cmeans-claude-dev cmeans-claude-dev Bot deleted the dependabot/uv/uv-14c377a4fb branch May 13, 2026 21:30
@cmeans-claude-dev cmeans-claude-dev Bot mentioned this pull request May 13, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmeans cmeans cmeans approved these changes

Assignees

No one assigned

Labels

dependencies Dependency updates python:uv Pull requests that update python:uv code QA Approved Manual QA testing completed and passed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @cmeans