cp: Update cve for python-multipart (#1450)

[thomasdhc]

Description

Usage

# Add snippet demonstrating usage

Checklist

• I am familiar with the Contributing Guide.
• New or Existing tests cover these changes.
• The documentation is up to date with these changes.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[thomasdhc]

/ok to test 125fc43

[greptile-apps]

Greptile Overview

Greptile Summary

This PR cherry-picks security fix #1450 from main to the r1.1.0 release branch, updating python-multipart from version 0.0.21 to 0.0.22 to address CVE GHSA-wp53-j4wj-2cfg.

Key changes:

• Added python-multipart>=0.0.22 to constraint-dependencies in pyproject.toml
• Updated uv.lock with the new version and constraint
• Minor formatting fix: standardized comment spacing for urllib3 and wheel entries

Analysis:
The changes are minimal and focused solely on addressing the security vulnerability. The python-multipart package is a transitive dependency brought in by FastAPI and other web framework dependencies used in the project. The constraint ensures all installations will use the patched version.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• Clean cherry-pick of an already merged security fix with no logic changes, only dependency version constraint updates
• No files require special attention

Important Files Changed

Filename	Overview
pyproject.toml	Added python-multipart>=0.0.22 constraint to address CVE GHSA-wp53-j4wj-2cfg, fixed spacing in comments
uv.lock	Updated python-multipart from 0.0.21 to 0.0.22 with constraint added to manifest

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant UV as UV Package Manager
    participant PyPI as PyPI Registry
    participant Project as NeMo Curator

    Dev->>Project: Cherry-pick PR #1450 to r1.1.0 branch
    Dev->>Project: Update pyproject.toml constraint-dependencies
    Note over Project: Add python-multipart>=0.0.22<br/>to address CVE GHSA-wp53-j4wj-2cfg
    Dev->>UV: Run uv lock
    UV->>PyPI: Resolve python-multipart dependency
    PyPI-->>UV: Return version 0.0.22
    UV->>Project: Update uv.lock with new version
    Note over Project: Lock file updated:<br/>0.0.21 → 0.0.22
    Dev->>Project: Commit changes to r1.1.0 branch

Loading

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}