chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in the uv group across 1 directory

CHANGELOG.md

@@ -28,6 +28,7 @@
 
 ### Changed
 
+- **Bump uv group: python-multipart 0.0.26→0.0.27** (#102)
 - **Bump github-actions group: astral-sh/setup-uv 7.6.0→8.1.0** (#98)
 - **Pin third-party GitHub Actions to commit SHAs** (#94) — closes #46. Every external action in `.github/workflows/*.yml` was previously pinned to a major-version tag (`actions/checkout@v6`, `astral-sh/setup-uv@v7`, etc.) — and `pypa/gh-action-pypi-publish@release/v1` was even pinned to a *branch* ref, which can move under us. A minor release within a major can introduce security or behavior regressions without detection on a tag-only pin. Now every third-party `uses:` line carries an immutable 40-char commit SHA with a trailing `# v<version>` comment for human readability (the GitHub-recommended supply-chain pattern). Eight actions pinned across `ci.yml`, `publish.yml`, `test-publish.yml`, `vdsm.yml`: `actions/checkout` v6.0.2, `astral-sh/setup-uv` v7.6.0, `actions/setup-python` v6.2.0, `actions/upload-artifact` v7.0.1, `actions/download-artifact` v8.0.1, `actions/cache` v5.0.5, `codecov/codecov-action` v6.0.0, `pypa/gh-action-pypi-publish` v1.14.0. Local composite actions under `./.github/actions/*` are deliberately not pinned (in-repo, reviewed on merge — pinning them would produce stale-SHA noise on every internal change). `dependabot-changelog.yml` was already SHA-pinned (PR #60 work) and serves as the template the rest of the workflows now match. Dependabot's existing `github-actions` ecosystem in `.github/dependabot.yml` will propose SHA bump PRs weekly so the pins stay fresh.