chore(deps): bump python-multipart from 0.0.27 to 0.0.31 in the uv group across 1 directory

[dependabot]

Bumps the uv group with 1 update in the / directory: python-multipart.

Updates python-multipart from 0.0.27 to 0.0.31

Release notes

Sourced from python-multipart's releases.

Version 0.0.31

What's Changed

• Speed up multipart header parsing and callback dispatch by @​Kludex in Kludex/python-multipart#295
• Bound header field name size before validating by @​Kludex in Kludex/python-multipart#296
• Validate Content-Length is non-negative in parse_form by @​Kludex in Kludex/python-multipart#297

Full Changelog: Kludex/python-multipart@0.0.30...0.0.31

Version 0.0.30

What's Changed

• Treat only & as the urlencoded field separator by @​Kludex in Kludex/python-multipart#290
• Ignore RFC 2231 extended parameters in parse_options_header by @​Kludex in Kludex/python-multipart#291

Full Changelog: Kludex/python-multipart@0.0.29...0.0.30

Version 0.0.29

What's Changed

• Handle malformed RFC 2231 continuations in parse_options_header by @​manunio in Kludex/python-multipart#270

Full Changelog: Kludex/python-multipart@0.0.28...0.0.29

Version 0.0.28

What's Changed

• Speed up partial-boundary tail scan via bytes.find by @​Kludex in Kludex/python-multipart#281
• Cap multipart boundary length at 256 bytes by @​Kludex in Kludex/python-multipart#282

Full Changelog: Kludex/python-multipart@0.0.27...0.0.28

Changelog

Sourced from python-multipart's changelog.

0.0.31 (2026-06-04)

• Speed up multipart header parsing and callback dispatch #295.
• Bound header field name size before validating #296.
• Validate Content-Length is non-negative in parse_form #297.

0.0.30 (2026-05-31)

• Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator #290.
• Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2 #291.

0.0.29 (2026-05-17)

• Handle malformed RFC 2231 continuations in parse_options_header #270.

0.0.28 (2026-05-10)

• Speed up partial-boundary tail scan via bytes.find #281.
• Cap multipart boundary length at 256 bytes #282.

Commits

• 4cffc68 Version 0.0.31 (#298)
• c814948 Reject negative Content-Length in parse_form (#297)
• 6b837d4 Bound header field name size before validating (#296)
• e0c4f9d Bump the github-actions group with 3 updates (#294)
• b8a01bb Bump the python-packages group with 3 updates (#293)
• 6732164 Speed up multipart header parsing and callback dispatch (#295)
• 9d3ead5 Version 0.0.30 (#292)
• 3506c15 Ignore RFC 2231 extended parameters in parse_options_header (#291)
• d69df35 Treat only & as the urlencoded field separator (#290)
• 1e6ff97 Bump idna from 3.11 to 3.15 (#289)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🔴 Performance Regression Detected

Performance Analysis Report

CDT Performance Analysis Report

Generated: 2026-06-16T23:28:28+00:00

Summary

• Total benchmarks: 34
• Regressions: 8
• Improvements: 1
• Stable: 25
• New benchmarks: 0
• Average change: 11.9%
• Median change: 9.2%

🔴 Performance Regressions

Benchmark	Change	Current	Baseline	Ratio
cdt_random_move_sweeps_2d/toroidal_tiny/24	+143.4%	1.93s	792.1ms	2.43x
cdt_proposal_site_move_attempts_2d/toroidal_probe_Move31Remove/1024	+13.5%	13.4ms	11.8ms	1.14x
cdt_proposal_site_move_attempts_2d/toroidal_probe_EdgeFlip/1024	+11.7%	34.5ms	30.9ms	1.12x
cdt_random_move_sweeps_2d/open_strip_small/30	+11.0%	131.0ms	118.0ms	1.11x
cdt_proposal_site_move_attempts_2d/toroidal_probe_Move13Add/1024	+10.5%	44.0ms	39.8ms	1.10x
cdt_single_metropolis_proposal_2d/toroidal_probe/1024	+10.5%	67.4ms	61.0ms	1.10x
cdt_proposal_site_move_attempts_2d/open_strip_medium_Move13Add/342	+10.1%	5.6ms	5.1ms	1.10x
cdt_validation_2d/open_strip_large/594	+10.1%	5.5ms	5.0ms	1.10x

🟢 Performance Improvements

Benchmark	Change	Current	Baseline	Ratio
cdt_proposal_site_move_attempts_2d/toroidal_medium_Move31Remove/240	-34.5%	6.0ms	9.1ms	1.53x

✅ Stable Benchmarks

No significant changes detected in 25 benchmarks.

⚠️ This PR introduces performance regressions that exceed the threshold. Please review the changes.

---

Performance analysis powered by Criterion.rs