deps(deps): bump the python-production group across 1 directory with 7 updates

[dependabot]

Updates the requirements on litellm, pydantic-settings, python-multipart, sse-starlette, tenacity, uvicorn and watchdog to permit the latest version.
Updates litellm to 1.84.0

Commits

• e1fc955 Merge pull request #27909 from BerriAI/backport/27908-litellm_1.84.0rc2
• fcd63b0 uv lock
• 0f741fc bump: version 0.4.71 → 0.4.72
• 321d576 Merge pull request #27904 from BerriAI/backport/27878-litellm_1.84.0rc2
• fe18665 Merge remote-tracking branch 'origin/litellm_1.84.0rc2' into backport/27878-l...
• 087003e Merge pull request #27903 from BerriAI/backport/27892-litellm_1.84.0rc2
• d35d2a7 fix: harden /key/update authorization checks (#27878)
• b2c93b1 fix: block SSRF fields in RAG ingest vector_store config
• fdb55ab fix: block client-side pricing injection via request body
• 08ea016 Merge pull request #27902 from BerriAI/litellm_/eager-euler-fd3639
• Additional commits viewable in compare view

Updates pydantic-settings to 2.14.1

Release notes

Sourced from pydantic-settings's releases.

v2.14.1

What's Changed

• Bump the python-packages group with 4 updates by @​dependabot[bot] in pydantic/pydantic-settings#850
• Bump the python-packages group with 5 updates by @​dependabot[bot] in pydantic/pydantic-settings#854
• Bump the github-actions group with 3 updates by @​dependabot[bot] in pydantic/pydantic-settings#853
• Bump the python-packages group with 2 updates by @​dependabot[bot] in pydantic/pydantic-settings#856
• Fix field named cls conflicting with classmethod parameter by @​hramezani in pydantic/pydantic-settings#858
• Prepare release 2.14.1 by @​hramezani in pydantic/pydantic-settings#859

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

Commits

• e95c30b Prepare release 2.14.1 (#859)
• 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
• 7bd0072 Bump the python-packages group with 2 updates (#856)
• b03e573 Bump the github-actions group with 3 updates (#853)
• eaa3b43 Bump the python-packages group with 5 updates (#854)
• 9f95615 Bump the python-packages group with 4 updates (#850)
• See full diff in compare view

Updates python-multipart to 0.0.28

Release notes

Sourced from python-multipart's releases.

Version 0.0.28

What's Changed

• Speed up partial-boundary tail scan via bytes.find by @​Kludex in Kludex/python-multipart#281
• Cap multipart boundary length at 256 bytes by @​Kludex in Kludex/python-multipart#282

Full Changelog: Kludex/python-multipart@0.0.27...0.0.28

Changelog

Sourced from python-multipart's changelog.

0.0.28 (2026-05-10)

• Speed up partial-boundary tail scan via bytes.find #281.
• Cap multipart boundary length at 256 bytes #282.

0.0.27 (2026-04-27)

• Add multipart header limits #267.
• Pass parse offsets via constructors #268.

0.0.26 (2026-04-10)

• Skip preamble before the first multipart boundary more efficiently #262.
• Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

• Add MIME content type info to File #143.
• Handle CTE values case-insensitively #258.
• Remove custom FormParser classes #257.
• Add UPLOAD_DELETE_TMP to FormParser config #254.
• Emit field_end for trailing bare field names on finalize #230.
• Handle multipart headers case-insensitively #252.
• Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

• Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

• Remove unused trust_x_headers parameter and X-File-Name fallback #196.
• Return processed length from QuerystringParser._internal_write #229.
• Cleanup metadata dunders from __init__.py #227.

0.0.22 (2026-01-25)

• Drop directory path from filename in File 9433f4b.

0.0.21 (2025-12-17)

• Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.

0.0.20 (2024-12-16)

• Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

• Don't warn when CRLF is found after last boundary on MultipartParser #193.

... (truncated)

Commits

• 7d8d28b Version 0.0.28 (#284)
• b0dd125 Cap multipart boundary length at 256 bytes (#282)
• d1b5739 Speed up partial-boundary tail scan via bytes.find (#281)
• 09cb8c3 Make the long_boundary benchmark dominated by the patched code path (#280)
• a6467c9 Revert "Switch CodSpeed benchmarks to walltime mode" (#279)
• 9a96900 Switch CodSpeed benchmarks to walltime mode (#278)
• 1fc7a62 Make benchmark coverage trigger the partial-boundary fallback (#277)
• 03df045 Add CodSpeed benchmark suite for parser hot paths (#276)
• 79a7c61 Bump the python-packages group with 3 updates (#273)
• bd29332 Bump the github-actions group with 5 updates (#274)
• See full diff in compare view

Updates sse-starlette to 3.4.4

Release notes

Sourced from sse-starlette's releases.

v3.4.4

Full Changelog: sysid/sse-starlette@v3.4.3...v3.4.4

Commits

• e093395 Bump version to 3.4.4
• a6799e1 new release workflow
• d033a97 Bump version to 3.4.3
• 6a34c6a Merge pull request #186 from sysid/dependabot/uv/urllib3-2.7.0
• e0be426 chore(deps): bump urllib3 from 2.6.3 to 2.7.0
• d8d43ab Merge pull request #185 from sysid/dependabot/uv/granian-2.7.4
• 5854ac0 chore(deps): bump granian from 2.6.0 to 2.7.4
• 1d56ff3 Bump version to 3.4.2
• 8387e11 update pyproject.toml
• See full diff in compare view

Updates tenacity to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

• Fix retry() annotations with async sleep= function by @​Zac-HD in jd/tenacity#555

Full Changelog: jd/tenacity@9.1.3...9.1.4

Commits

• d4e868d Fix retry() annotations with async sleep= function (#555)
• 24415eb support async sleep for sync fn (#551)
• 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
• 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
• 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
• ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
• c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
• e792bba ci: fix mypy (#546)
• 0f55245 ci: remove reno requirements (#542)
• 815c34f feat(wait): add wait_exception strategy (#541)
• Additional commits viewable in compare view

Updates uvicorn to 0.47.0

Release notes

Sourced from uvicorn's releases.

Version 0.47.0

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in Kludex/uvicorn#2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in Kludex/uvicorn#2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn's changelog.

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

• Support ws_max_size in wsproto implementation (#2915)
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

• Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

• Add --reset-contextvars flag to isolate ASGI request context (#2912)
• Accept os.PathLike for log_config (#2905)
• Accept log_level strings case-insensitively (#2907)

Changed

• Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
• Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

• Preserve forwarded client ports in proxy headers middleware (#2903)
• Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

• Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

... (truncated)

Commits

• 479a2c0 Version 0.47.0 (#2937)
• 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
• 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
• f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
• 8782666 Fix typo in docs/deployment/index.md. (#2932)
• ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
• 6761b2c Remove Hugging Face sponsor block from docs (#2923)
• 438f648 Surface sponsors on welcome page and sidebar (#2921)
• 10ddc6d Add ssl_context_factory for custom SSLContext configuration (#2920)
• b499bc4 Eagerly import the ASGI app in the parent process (#2919)
• See full diff in compare view

Updates watchdog to 6.0.0

Release notes

Sourced from watchdog's releases.

6.0.0

Breaking Changes

• [inotify] Use of select.poll() instead of deprecated select.select(), if available. (#1078)
• [utils] Removed the unused echo_class() function from the echo module.
• [utils] Removed the unused echo_instancemethod() function from the echo module.
• [utils] Removed the unused echo_module() function from the echo module.
• [utils] Removed the unused is_class_private_name() function from the echo module.
• [utils] Removed the unused is_classmethod() function from the echo module.
• [utils] Removed the unused is_method(met() function from the echo module.
• [utils] Removed the unused method_name() function from the echo module.
• [utils] Removed the unused name() function from the echo module.
• [watchmedo] Removed the --trace CLI argument from the watchmedo log command, useless since events are logged by default at the LoggerTrick class level.

Other Changes

• Pin test dependecies.
• [docs] Add typing info to quick start. (#1082)
• [inotify] Fix reading inotify file descriptor after closing it. (#1081)
• [utils] The stop_signal keyword-argument type of the AutoRestartTrick class can now be either a signal.Signals or an int.
• [utils] Added the __repr__() method to the Trick class.
• [watchmedo] Fixed Mypy issues.
• [watchmedo] Added the __repr__() method to the HelpFormatter class.
• [windows] Fixed Mypy issues.

💟 Thanks to our beloved contributors: @​g-pichler, @​ethan-vanderheijden, @​nhairs, @​BoboTiG

Changelog

Sourced from watchdog's changelog.

6.0.0

2024-11-01 • `full history <https://github.com/gorakhargosh/watchdog/compare/v5.0.3...v6.0.0>`__

Pin test dependencies.
[docs] Add typing info to quick start. ([#1082](https://github.com/gorakhargosh/watchdog/issues/1082) &lt;https://github.com/gorakhargosh/watchdog/pull/1082&gt;__)
[inotify] Use of select.poll() instead of deprecated select.select(), if available. ([#1078](https://github.com/gorakhargosh/watchdog/issues/1078) &lt;https://github.com/gorakhargosh/watchdog/pull/1078&gt;__)
[inotify] Fix reading inotify file descriptor after closing it. ([#1081](https://github.com/gorakhargosh/watchdog/issues/1081) &lt;https://github.com/gorakhargosh/watchdog/pull/1081&gt;__)
[utils] The stop_signal keyword-argument type of the AutoRestartTrick class can now be either a signal.Signals or an int.
[utils] Added the __repr__() method to the Trick class.
[utils] Removed the unused echo_class() function from the echo module.
[utils] Removed the unused echo_instancemethod() function from the echo module.
[utils] Removed the unused echo_module() function from the echo module.
[utils] Removed the unused is_class_private_name() function from the echo module.
[utils] Removed the unused is_classmethod() function from the echo module.
[utils] Removed the unused ic_method(met() function from the echo module.
[utils] Removed the unused method_name() function from the echo module.
[utils] Removed the unused name() function from the echo module.
[watchmedo] Fixed Mypy issues.
[watchmedo] Added the __repr__() method to the HelpFormatter class.
[watchmedo] Removed the --trace CLI argument from the watchmedo log command, useless since events are logged by default at the LoggerTrick class level.
[windows] Fixed Mypy issues.
Thanks to our beloved contributors: @​BoboTiG, @​g-pichler, @​ethan-vanderheijden, @​nhairs

5.0.3

2024-09-27 • full history <https://github.com/gorakhargosh/watchdog/compare/v5.0.2...v5.0.3>__

• [inotify] Improve cleaning up Inotify threads, and add eventlet test cases ([#1070](https://github.com/gorakhargosh/watchdog/issues/1070) <https://github.com/gorakhargosh/watchdog/pull/1070>__)
• Thanks to our beloved contributors: @​BoboTiG, @​ethan-vanderheijden

5.0.2

2024-09-03 • `full history <https://github.com/gorakhargosh/watchdog/compare/v5.0.1...v5.0.2>`__

Enable OS specific Mypy checks ([#1064](https://github.com/gorakhargosh/watchdog/issues/1064) &lt;https://github.com/gorakhargosh/watchdog/pull/1064&gt;__)
[watchmedo] Fix tricks argument type of schedule_tricks() ([#1063](https://github.com/gorakhargosh/watchdog/issues/1063) &lt;https://github.com/gorakhargosh/watchdog/pull/1063&gt;__)
Thanks to our beloved contributors: @​gnought, @​BoboTiG

5.0.1

2024-09-02 • full history <https://github.com/gorakhargosh/watchdog/compare/v5.0.0...v5.0.1>__

• [kqueue] Fix TypeError: kqueue.control() only accepts positional parameters ([#1062](https://github.com/gorakhargosh/watchdog/issues/1062) <https://github.com/gorakhargosh/watchdog/pull/1062>__)
• Thanks to our beloved contributors: @​apoirier, @​BoboTiG

... (truncated)

Commits

• 76c091d Version 6.0.0
• 58386d8 Fixes, and clean-up (#1084)
• db698a5 fix: reading inotify file descriptor after closing it. (#1081)
• 73d5612 [docs] Add typing info to quick start (#1082)
• d774fec docs: Update README Badges (#1083)
• 6b74737 docs: funding
• 3d1b888 [inotify] Use of select.poll() instead of deprecated select.select() (#1078)
• 6a4f1cf Bump the version
• ad6df50 Version 5.0.3
• 59650f8 fix: polish #1070
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions