Bump the all-pip group in /backend with 3 updates

[dependabot]

Updates the requirements on typer, python-multipart and pypdfium2 to permit the latest version.
Updates typer to 0.26.5

Release notes

Sourced from typer's releases.

0.26.5

Fixes

• 🐛 Ensure that hidden commands are not shown when Rich markup is disabled. PR #1812 by @​svlandeg.

Internal

• 🔥 Remove old stub packages. PR #1810 by @​tiangolo.

Changelog

Sourced from typer's changelog.

0.26.5 (2026-06-01)

Fixes

• 🐛 Ensure that hidden commands are not shown when Rich markup is disabled. PR #1812 by @​svlandeg.

Internal

• 🔥 Remove old stub packages. PR #1810 by @​tiangolo.

0.26.4 (2026-05-30)

Features

• 📝 Update AI Library Skill to avoid verbose code for CLI Options. PR #1808 by @​tiangolo.

Internal

• 👷 Add CI to create draft release after merging a release PR. PR #1807 by @​tiangolo.
• 👷 Update labeler to accept label release. PR #1806 by @​tiangolo.
• 👷 Update GitHub Action permissions for prepare-release. PR #1804 by @​tiangolo.
• 👷 Add GitHub Actions prepare release workflow. PR #1802 by @​tiangolo.
• 👷 Update publish action, do not use uv cache. PR #1803 by @​tiangolo.
• ⬆ Bump the python-packages group across 1 directory with 5 updates. PR #1793 by @​dependabot[bot].

0.26.3 (2026-05-28)

Refactors

• ♻️ Unify the testing functionality. PR #1792 by @​svlandeg.

Internal

• 👷 Update version of latest-changes GitHub action. PR #1798 by @​tiangolo.

0.26.2 (2026-05-27)

Fixes

• 🐛 Ensure that an envvar set for a typer.Option list is split on whitespace. PR #1791 by @​svlandeg.

0.26.1 (2026-05-26)

Fixes

• 🐛 Ensure that an envvar set for typer.Option works as expected. PR #1788 by @​svlandeg.

Internal

• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #1714 by @​dependabot[bot].

... (truncated)

Commits

• 1888fa2 🔖 Release version 0.26.5 (#1813)
• a493a98 📝 Update release notes
• 9172486 🐛 Ensure that hidden commands are not shown when Rich markup is disabled (#1812)
• c2d97d1 📝 Update release notes
• 4910a3b 🔥 Remove old stub packages (#1810)
• b1310f8 🔖 Release version 0.26.4 (#1809)
• e4bb679 📝 Update release notes
• 361221d 📝 Update AI Library Skill to avoid verbose code for CLI Options (#1808)
• e9efaab 📝 Update release notes
• 90f087a 👷 Add CI to create draft release after merging a release PR (#1807)
• Additional commits viewable in compare view

Updates python-multipart to 0.0.30

Release notes

Sourced from python-multipart's releases.

Version 0.0.30

What's Changed

• Treat only & as the urlencoded field separator by @​Kludex in Kludex/python-multipart#290
• Ignore RFC 2231 extended parameters in parse_options_header by @​Kludex in Kludex/python-multipart#291

Full Changelog: Kludex/python-multipart@0.0.29...0.0.30

Changelog

Sourced from python-multipart's changelog.

0.0.30 (2026-05-31)

• Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator #290.
• Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2 #291.

0.0.29 (2026-05-17)

• Handle malformed RFC 2231 continuations in parse_options_header #270.

0.0.28 (2026-05-10)

• Speed up partial-boundary tail scan via bytes.find #281.
• Cap multipart boundary length at 256 bytes #282.

0.0.27 (2026-04-27)

• Add multipart header limits #267.
• Pass parse offsets via constructors #268.

0.0.26 (2026-04-10)

• Skip preamble before the first multipart boundary more efficiently #262.
• Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

• Add MIME content type info to File #143.
• Handle CTE values case-insensitively #258.
• Remove custom FormParser classes #257.
• Add UPLOAD_DELETE_TMP to FormParser config #254.
• Emit field_end for trailing bare field names on finalize #230.
• Handle multipart headers case-insensitively #252.
• Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

• Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

• Remove unused trust_x_headers parameter and X-File-Name fallback #196.
• Return processed length from QuerystringParser._internal_write #229.
• Cleanup metadata dunders from __init__.py #227.

0.0.22 (2026-01-25)

• Drop directory path from filename in File 9433f4b.

0.0.21 (2025-12-17)

... (truncated)

Commits

• 9d3ead5 Version 0.0.30 (#292)
• 3506c15 Ignore RFC 2231 extended parameters in parse_options_header (#291)
• d69df35 Treat only & as the urlencoded field separator (#290)
• 1e6ff97 Bump idna from 3.11 to 3.15 (#289)
• See full diff in compare view

Updates pypdfium2 to 5.9.0

Release notes

Sourced from pypdfium2's releases.

5.9.0

Changes (Release 5.9.0)

Summary (pypdfium2)

• Finally updated native sourcebuild from pdfium 7191 to 7841. Updating the script & patches, and tracking down any issues that cropped up, adding new patches to fix them, turned out to be a great deal of work.
• Created gn-dist project providing recent builds of GN (generate-ninja) for Linux (glibc and musl, full set of architectures). Updated pypdfium2's cibuildwheel config and workflows accordingly to use gn-dist rather than outdated distro packages of GN. Scripting to build GN from source previously included in pypdfium2's setup has moved to gn-dist. In build_native.py, patches for legacy GN are still included and enabled by default for now, but you can pass --no-legacy-gn to skip them. To make updating more straightforward, this mode will be made default and the patches will be removed in the future.
• Workflows overhaul.
  • Deduplicated workflow_dispatch and workflow_call inputs using YAML anchors & aliases (available on GHA since 09/2025).
  • Replaced benc-uk/workflow-dispatch action with reusable workflow calls.
  • Deduplicated series of individual jobs by switching to matrices. Handle if-conditions through an input parameter to the called workflow, because (unlike jobs) matrix entries have no built-in conditionality.
  • Updated to Python 3.14 (mostly). Simplified test matrices to probe just a few Python versions (e.g. 3.8, 3.11, 3.14).
• Limited who has maintainer access to the repo and project sites. mara004, the author and so far only active committer of pypdfium2, now is (and will remain) sole owner. Inactive co-maintainers no longer have access, but are welcome to submit PRs. In the event of the author being unable to pursue this project further, it can be forked and a new maintainer may build their own trust, but given the risks inherent to maintainer changes, it has been decided that pypdfium2 will remain mara004's personal project. The existing userbase will not be handed over to another maintainer.

Commits between 5.8.0 and 5.9.0 (latest commit first):

• f4b4032a [autorelease main] update 5.9.0
• 073a8730 Add another note to the changelog
• fbcf26ce bulid_native: make --version main work (in gcc mode)
• 22530e39 Prepare changelog for next release
• 3628a5a0 fix typo 'pouplar' (to 'popular') (cf. #436)
• 1838acb1 build_native.py: ack //build/toolchain/linux/unbundle
• 6570b33b build_native: cherry-pick openjpeg security fix
• ce1f0f77 android: set use_mold to false
• 53c58228 justfile: open browser in background
• 71568ff6 AutoCloseable style nit
• af847562 correction: negative crop does not actually work
• f729f447 pyproject.toml: align order of commented-out system libs
• 2044a804 Make autoflake happy
• 1da966ec Drop gn_build.patch
• a6d1ee6a cibw/loongarch64: fix GN version
• 9cae361a Improve gn-dist integration
• ca980469 build_toolchained: rework GN task, call honor_gn_dist()
• 767bd0f9 Bring recent GN to sbuild/sbuild_native workflows
• ababbbd6 cibw: move down gn-dist handlers
• 57f496cd cibw: spell out list of CPUs instead of using || true
• 96f527b7 cibw: fix loongarch64 not getting gn_dist binary
• 4cb251ee Use gn-dist (#432)

... (truncated)

Commits

• f4b4032 [autorelease main] update 5.9.0
• 073a873 Add another note to the changelog
• fbcf26c bulid_native: make --version main work (in gcc mode)
• 22530e3 Prepare changelog for next release
• 3628a5a fix typo 'pouplar' (to 'popular') (cf. #436)
• 1838acb build_native.py: ack //build/toolchain/linux/unbundle
• 6570b33 build_native: cherry-pick openjpeg security fix
• ce1f0f7 android: set use_mold to false
• 53c5822 justfile: open browser in background
• 71568ff AutoCloseable style nit
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions