Skip to content

chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in the pip group across 1 directory#16

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-14c377a4fb
Closed

chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in the pip group across 1 directory#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-14c377a4fb

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the pip group with 1 update in the / directory: python-multipart.

Updates python-multipart from 0.0.26 to 0.0.27

Release notes

Sourced from python-multipart's releases.

0.0.27

What's Changed

Full Changelog: Kludex/python-multipart@0.0.26...0.0.27

Changelog

Sourced from python-multipart's changelog.

0.0.27 (2026-04-27)

  • Add multipart header limits #267.
  • Pass parse offsets via constructors #268.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump python-multipart in the pip group across 1 directory
7141cb4 
Bumps the pip group with 1 update in the / directory: [python-multipart](https://github.com/Kludex/python-multipart).


Updates `python-multipart` from 0.0.26 to 0.0.27
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.26...0.0.27)

---
updated-dependencies:
- dependency-name: python-multipart
  dependency-version: 0.0.27
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
@ttlequals0 ttlequals0 mentioned this pull request May 11, 2026
Merged
6 tasks
@ttlequals0
Copy link
Copy Markdown
Owner

ttlequals0 commented May 11, 2026

Superseded by #17 (v2.9.6), which incorporates this bump (python-multipart ^0.0.27) along with the urllib3 >=2.7.0 floor, the SDK 0.1.81 bump, the upstream RichardAtCT#46 dynamic-models sync, and a reworked check-sdk-version.yml that auto-opens bump PRs. Closing.

@ttlequals0 ttlequals0 closed this May 11, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 11, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/pip/pip-14c377a4fb branch May 11, 2026 22:17
ttlequals0 added a commit that referenced this pull request May 11, 2026
@ttlequals0 @RichardAtCT
fix(v2.9.6): SDK 0.1.81, urllib3/python-multipart sec fixes, dynamic …
41f1d17 
…models from upstream, SDK-drift auto-PR (#17)

* feat: dynamically refresh Anthropic model list (RichardAtCT#46)

* feat: dynamically refresh Anthropic model list

* fix: harden /v1/models cache and resolve default model live

- Lock + double-check refresh path so concurrent requests at TTL
  expiry don't stampede the Anthropic Models API.
- Use a short MODEL_LIST_ERROR_TTL_SECONDS (default 60s) for the
  fallback cache so transient outages don't suppress live discovery
  for a full hour.
- Populate `created` (unix timestamp) on both live and fallback
  /v1/models entries to match OpenAI's model object schema.
- Resolve DEFAULT_MODEL at startup by picking the latest Sonnet from
  the live Models API; honor explicit DEFAULT_MODEL env override.

* docs: clarify ANTHROPIC_API_KEY is optional for live model discovery

- README: expand env vars table with ANTHROPIC_API_KEY (optional),
  DEFAULT_MODEL, FAST_MODEL, CLAUDE_MODELS_OVERRIDE, and the model
  list cache/timeout knobs. Rewrite the Supported Models section to
  explain the live-vs-static behavior and refresh the catalog around
  Claude 4.6 family. Bump model examples to claude-sonnet-4-6.
- .env.example: add a Model Discovery (optional) block documenting
  ANTHROPIC_API_KEY, CLAUDE_MODELS_OVERRIDE, and the cache TTLs;
  comment out DEFAULT_MODEL so live resolution drives it by default.
- main.py: log a single explicit info line at startup when live
  discovery is disabled (no ANTHROPIC_API_KEY) so operators see
  whether the dynamic path activated.
- tests: cover the new disabled-path log and update the env-key gate
  in the existing resolve_default_model test.

* chore(v2.9.6): SDK 0.1.81 bump, urllib3/python-multipart sec fixes, SDK-drift workflow auto-PR

- claude-agent-sdk 0.1.68 -> 0.1.81 (13 patch releases since v2.9.5).
- python-multipart ^0.0.26 -> ^0.0.27 (GHSA-pp6c-gr5w-3c5g, supersedes Dependabot PR #16).
- urllib3 security floor >=2.6.3 -> >=2.7.0 (GHSA-qccp-gfcp-xxvc, GHSA-mf9v-mfxr-j63j).
- check-sdk-version.yml opens a draft chore/sdk-bump-<latest> PR on drift instead
  of only writing to the run summary. Permissions widened to contents: write +
  pull-requests: write; idempotent by head branch; fallback summary still fires.

Lockfile regenerated locally with Poetry 2.3.4. Full suite at 664 passed, 31 skipped
(+14 from upstream test_dynamic_models.py picked up in the prior cherry-pick).

* docs(readme): bump to v2.9.6, document new model-discovery env vars, tighten supported-models intro

- Version 2.9.3 -> 2.9.6 in header and docker pin example
- Test count 650 -> 664 in Status and Testing sections
- Add 2.9.6 highlight bullet covering SDK 0.1.81, urllib3/python-multipart sec
  fixes, upstream PR RichardAtCT#46 dynamic-models sync, and check-sdk-version auto-PR
- Add ANTHROPIC_MODELS_URL, ANTHROPIC_VERSION, ANTHROPIC_BETA/ANTHROPIC_BETA_HEADER
  rows to the env var table (advanced overrides for the new live-discovery path)
- Tighten the Supported Models intro paragraph (was 3 dense sentences)

---------

Co-authored-by: Richard A <richardatk01@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ttlequals0