deps(deps): bump the python-production group across 1 directory with 4 updates

[dependabot]

Updates the requirements on pydantic-settings, python-multipart, sse-starlette and tenacity to permit the latest version.
Updates pydantic-settings to 2.14.1

Release notes

Sourced from pydantic-settings's releases.

v2.14.1

What's Changed

• Bump the python-packages group with 4 updates by @​dependabot[bot] in pydantic/pydantic-settings#850
• Bump the python-packages group with 5 updates by @​dependabot[bot] in pydantic/pydantic-settings#854
• Bump the github-actions group with 3 updates by @​dependabot[bot] in pydantic/pydantic-settings#853
• Bump the python-packages group with 2 updates by @​dependabot[bot] in pydantic/pydantic-settings#856
• Fix field named cls conflicting with classmethod parameter by @​hramezani in pydantic/pydantic-settings#858
• Prepare release 2.14.1 by @​hramezani in pydantic/pydantic-settings#859

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

Commits

• e95c30b Prepare release 2.14.1 (#859)
• 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
• 7bd0072 Bump the python-packages group with 2 updates (#856)
• b03e573 Bump the github-actions group with 3 updates (#853)
• eaa3b43 Bump the python-packages group with 5 updates (#854)
• 9f95615 Bump the python-packages group with 4 updates (#850)
• See full diff in compare view

Updates python-multipart to 0.0.28

Release notes

Sourced from python-multipart's releases.

Version 0.0.28

What's Changed

• Speed up partial-boundary tail scan via bytes.find by @​Kludex in Kludex/python-multipart#281
• Cap multipart boundary length at 256 bytes by @​Kludex in Kludex/python-multipart#282

Full Changelog: Kludex/python-multipart@0.0.27...0.0.28

Changelog

Sourced from python-multipart's changelog.

0.0.28 (2026-05-10)

• Speed up partial-boundary tail scan via bytes.find #281.
• Cap multipart boundary length at 256 bytes #282.

0.0.27 (2026-04-27)

• Add multipart header limits #267.
• Pass parse offsets via constructors #268.

0.0.26 (2026-04-10)

• Skip preamble before the first multipart boundary more efficiently #262.
• Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

• Add MIME content type info to File #143.
• Handle CTE values case-insensitively #258.
• Remove custom FormParser classes #257.
• Add UPLOAD_DELETE_TMP to FormParser config #254.
• Emit field_end for trailing bare field names on finalize #230.
• Handle multipart headers case-insensitively #252.
• Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

• Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

• Remove unused trust_x_headers parameter and X-File-Name fallback #196.
• Return processed length from QuerystringParser._internal_write #229.
• Cleanup metadata dunders from __init__.py #227.

0.0.22 (2026-01-25)

• Drop directory path from filename in File 9433f4b.

0.0.21 (2025-12-17)

• Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.

0.0.20 (2024-12-16)

• Handle messages containing only end boundary #142.

0.0.19 (2024-11-30)

• Don't warn when CRLF is found after last boundary on MultipartParser #193.

... (truncated)

Commits

• 7d8d28b Version 0.0.28 (#284)
• b0dd125 Cap multipart boundary length at 256 bytes (#282)
• d1b5739 Speed up partial-boundary tail scan via bytes.find (#281)
• 09cb8c3 Make the long_boundary benchmark dominated by the patched code path (#280)
• a6467c9 Revert "Switch CodSpeed benchmarks to walltime mode" (#279)
• 9a96900 Switch CodSpeed benchmarks to walltime mode (#278)
• 1fc7a62 Make benchmark coverage trigger the partial-boundary fallback (#277)
• 03df045 Add CodSpeed benchmark suite for parser hot paths (#276)
• 79a7c61 Bump the python-packages group with 3 updates (#273)
• bd29332 Bump the github-actions group with 5 updates (#274)
• See full diff in compare view

Updates sse-starlette to 3.4.4

Release notes

Sourced from sse-starlette's releases.

v3.4.4

Full Changelog: sysid/sse-starlette@v3.4.3...v3.4.4

Commits

• e093395 Bump version to 3.4.4
• a6799e1 new release workflow
• d033a97 Bump version to 3.4.3
• 6a34c6a Merge pull request #186 from sysid/dependabot/uv/urllib3-2.7.0
• e0be426 chore(deps): bump urllib3 from 2.6.3 to 2.7.0
• d8d43ab Merge pull request #185 from sysid/dependabot/uv/granian-2.7.4
• 5854ac0 chore(deps): bump granian from 2.6.0 to 2.7.4
• 1d56ff3 Bump version to 3.4.2
• 8387e11 update pyproject.toml
• See full diff in compare view

Updates tenacity to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

• Fix retry() annotations with async sleep= function by @​Zac-HD in jd/tenacity#555

Full Changelog: jd/tenacity@9.1.3...9.1.4

Commits

• d4e868d Fix retry() annotations with async sleep= function (#555)
• 24415eb support async sleep for sync fn (#551)
• 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
• 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
• 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
• ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
• c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
• e792bba ci: fix mypy (#546)
• 0f55245 ci: remove reno requirements (#542)
• 815c34f feat(wait): add wait_exception strategy (#541)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.