fix(security): Patch 28 all+ vulnerabilities

[git-steer]

Security Fix

This PR addresses 28 security vulnerabilities.

Vulnerabilities Fixed

CVE	Package	Severity	Fix Version
CVE-2026-48817	starlette	MEDIUM	1.1.0
CVE-2026-54285	@opentelemetry/core	MEDIUM	2.8.0
CVE-2026-53539	python-multipart	HIGH	0.0.30
CVE-2026-53540	python-multipart	LOW	0.0.31
CVE-2026-53538	python-multipart	LOW	0.0.30
CVE-2026-53537	python-multipart	LOW	0.0.30
CVE-2026-48526	pyjwt	HIGH	2.13.0
CVE-2026-48522	PyJWT	MEDIUM	2.13.0
CVE-2026-48525	pyjwt	MEDIUM	2.13.0
CVE-2026-48523	pyjwt	MEDIUM	2.13.0
CVE-2026-48524	pyjwt	LOW	2.13.0
CVE-2026-48712	protobufjs	HIGH	8.4.1
CVE-2026-54269	protobufjs	MEDIUM	8.6.0
CVE-2026-48068	@grpc/grpc-js	HIGH	1.14.4
CVE-2026-48069	@grpc/grpc-js	HIGH	1.14.4
CVE-2026-48710	starlette	MEDIUM	1.0.1
CVE-2026-45736	ws	MEDIUM	8.20.1
CVE-2026-45740	protobufjs	MEDIUM	7.5.8
CVE-2026-8723	qs	MEDIUM	6.15.2
CVE-2026-41907	uuid	MEDIUM	11.1.1
CVE-2026-41907	uuid	MEDIUM	11.1.1
CVE-2026-45409	idna	MEDIUM	3.15
CVE-2026-45740	protobufjs	MEDIUM	8.2.0
CVE-2026-45134	langsmith	HIGH	0.8.0
CVE-2026-44289	protobufjs	HIGH	7.5.6
CVE-2026-44293	protobufjs	HIGH	7.5.6
CVE-2026-44294	protobufjs	MEDIUM	7.5.6
CVE-2026-44292	protobufjs	MEDIUM	7.5.6

Summary

• Critical: 0 High: 8 Medium: 16 Low: 4

---

Generated by git-steer

[github-actions]

⚠️ Extra large PR detected. Please split into smaller, focused PRs for easier review.

[git-steer]

🚦 Functional-integrity gate: NO-GO (ADR-005)

Dimension	Result
BUILD	PASS
TEST	FAIL
SMOKE	NOT_APPLICABLE
SURFACE	NOT_APPLICABLE

Auto-merge withheld — held for human review. A GO verdict is required to auto-merge.