From c66d75a6fb2d4b078d24b3c018a71fc945fe93ff Mon Sep 17 00:00:00 2001
From: arigatoexpress <95630102+arigatoexpress@users.noreply.github.com>
Date: Tue, 16 Jun 2026 23:10:05 -0600
Subject: [PATCH] chore(deps): bump python-multipart 0.0.27 -> 0.0.31 (4
 Dependabot alerts)

Clears all 4 open Dependabot alerts on python-multipart (FastAPI's form parser):
- HIGH: quadratic-time querystring parsing -> CPU DoS (fixed 0.0.30)
- LOW: negative Content-Length buffers full body in memory (fixed 0.0.31)
- LOW: semicolon treated as field separator -> param smuggling (fixed 0.0.30)
- LOW: RFC 2231/5987 extended-parameter smuggling (fixed 0.0.30)

Patch-level bump within 0.0.x. Full suite green (1044 passed, 0 failed); no
FastAPI/Starlette dependency conflict.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 9ed47e9..3e076e5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,7 +12,7 @@ reportlab==4.2.5
 Pillow==12.2.0
 pydantic>=2.11.1,<3
 fastapi==0.136.3
-python-multipart==0.0.27
+python-multipart==0.0.31
 uvicorn==0.34.0
 redis==5.2.1
 dnspython==2.7.0