chore(deps): bump python-multipart from 0.0.26 to 0.0.27#3123
Conversation
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.26 to 0.0.27. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.26...0.0.27) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.27 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Python API breakage checks — ✅ PASSEDResult: ✅ PASSED |
REST API breakage checks (OpenAPI) — ✅ PASSEDResult: ✅ PASSED |
Coverage Report •
|
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
Taste Rating: 🟢 Good taste
Straightforward dependency update. python-multipart 0.0.27 (uploaded 2026-04-27) is 11 days old, well past the repo's 7-day supply-chain guardrail. Release adds multipart header limits and parse offset improvements with no breaking changes.
[RISK ASSESSMENT]
- [Overall PR]
⚠️ Risk Assessment: 🟢 LOW
Routine dependency patch bump with no breaking changes, security issues, or compatibility concerns.
VERDICT:
✅ Worth merging: Clean dependency update, no issues found.
KEY INSIGHT:
Low-risk maintenance update that complies with repository supply-chain security policy.
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
✅ QA Report: PASS
Dependency update verified successfully. The upgrade from python-multipart 0.0.26 to 0.0.27 works as expected with no regressions.
Does this PR achieve its stated goal?
Yes. The PR successfully updates python-multipart from version 0.0.26 to 0.0.27. The dependency is correctly updated in uv.lock, the project builds successfully, and all functionality that relies on python-multipart (file uploads through FastAPI/Starlette) continues to work without any regressions.
| Phase | Result |
|---|---|
| Environment Setup | ✅ Build completed successfully with all 233 packages installed |
| CI Status | ✅ All core tests passing (sdk-tests, agent-server-tests, tools-tests, workspace-tests, windows-tests, cross-tests) |
| Functional Verification | ✅ File upload functionality verified with before/after comparison |
Functional Verification
Test 1: Version Update Verification
Step 1 — Verify baseline version (main branch):
grep -A 3 'name = "python-multipart"' uv.lock | grep versionversion = "0.0.26"
This confirms the baseline version is 0.0.26.
Step 2 — Switch to PR branch and verify upgrade:
git checkout pr-3123
grep -A 3 'name = "python-multipart"' uv.lock | grep versionversion = "0.0.27"
This confirms the PR successfully updates to 0.0.27.
Test 2: Library Import and Basic Functionality
Step 1 — Verify library imports correctly:
python -c "import multipart; print(f'python-multipart version: {multipart.__version__}'); from multipart.multipart import FormParser; print('FormParser imported successfully')"python-multipart version: 0.0.27
FormParser imported successfully
The library imports and loads successfully.
Test 3: File Upload Functionality (Before/After Comparison)
python-multipart is used by FastAPI/Starlette for handling multipart form data, which powers the file upload functionality in the agent-server.
Step 1 — Baseline: Run upload tests with version 0.0.26 (main branch):
python -c "import multipart; print(f'Baseline version: {multipart.__version__}')"
pytest tests/agent_server/test_file_router.py -v -k uploadBaseline version: 0.0.26
...
8 passed, 15 deselected, 5 warnings in 1.73s
All 8 file upload tests pass with the old version.
Step 2 — With PR changes: Run same tests with version 0.0.27:
git checkout pr-3123
uv sync --dev
python -c "import multipart; print(f'Updated version: {multipart.__version__}')"
pytest tests/agent_server/test_file_router.py -v -k uploadUpdated version: 0.0.27
...
8 passed, 15 deselected, 5 warnings in 1.65s
All 8 file upload tests pass with the new version, including:
- test_upload_file_query_param_success
- test_upload_file_query_param_creates_parent_dirs
- test_upload_file_query_param_relative_path_fails
- test_upload_file_query_param_missing_path
- test_upload_file_query_param_missing_file
- test_upload_large_file_chunked
- test_upload_overwrites_existing_file
- test_upload_file_with_special_characters_in_path
Interpretation: No regression detected. The new version maintains backward compatibility and all multipart/file upload functionality works identically to the previous version.
Issues Found
None.
Summary: This is a clean dependency update. The new version (0.0.27) adds multipart header limits and passes parse offsets via constructors, but maintains full backward compatibility with existing code. All tests pass and file upload functionality works correctly.
2 participants
Bumps python-multipart from 0.0.26 to 0.0.27.
Release notes
Sourced from python-multipart's releases.
Changelog
Sourced from python-multipart's changelog.
Commits
6d1d689Version 0.0.27 (#272)0b10220Run CI on main branch pull requests (#271)3e64f5fAdd multipart header limits (#267)eb109ccPass parse offsets via constructors (#268)78e29abBump pytest from 9.0.2 to 9.0.3 (#266)b2ddd09fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (#264)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server
Variants & Base Images
eclipse-temurin:17-jdknikolaik/python-nodejs:python3.13-nodejs22-slimgolang:1.21-bookwormPull (multi-arch manifest)
# Each variant is a multi-arch manifest supporting both amd64 and arm64 docker pull ghcr.io/openhands/agent-server:33ceb36-pythonRun
All tags pushed for this build
About Multi-Architecture Support
33ceb36-python) is a multi-arch manifest supporting both amd64 and arm6433ceb36-python-amd64) are also available if needed