Bump the uv group across 1 directory with 4 updates

[dependabot]

Bumps the uv group with 4 updates in the / directory: cryptography, joserfc, pillow and python-multipart.

Updates cryptography from 46.0.3 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:
46.0.4 - 2026-01-27

• Dropped support for win_arm64 wheels_.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

Commits

• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• See full diff in compare view

Updates joserfc from 1.6.1 to 1.6.3

Release notes

Sourced from joserfc's releases.

1.6.3

   🐞 Bug Fixes

• jwe: Set max value for p2c  -  by @​lepture (696a9)

    View changes on GitHub

1.6.2

   🐞 Bug Fixes

• Class does not need to inherit object  -  by @​lepture (4a9be)
• jwe: Move size limit to DeflateZipModel  -  by @​lepture (04211)
• jwe: Auto add kid when add_recipient  -  by @​lepture (10ac9)
• jwe: Auto add kid to recipient when kid exists  -  by @​lepture (9db7e)

    View changes on GitHub

Changelog

Sourced from joserfc's changelog.

1.6.3

Released on February 25, 2026

• JWE: Set a max value for p2c header.

1.6.2

Released on February 16, 2026

• JWE: Auto add kid to recipient.
• JWE: Use DeflateZipModel.MAX_SIZE to determine size limit.

Commits

• f06540f chore: release 1.6.3
• 696a961 fix(jwe): set max value for p2c
• 52c6ffd chore: release 1.6.2
• 3b36720 chore: update deps
• 91c7ecd chore: update readme
• 9db7e44 fix(jwe): auto add kid to recipient when kid exists
• 1330b49 docs: add a cheatsheet recipe
• 10ac93f fix(jwe): auto add kid when add_recipient
• 224e72a chore: remove codecov token
• 042118c fix(jwe): move size limit to DeflateZipModel
• Additional commits viewable in compare view

Updates pillow from 12.1.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

• Patch libavif for svt-av1 4.0 compatibility #9413 [@​hugovk]

Other changes

• Fix OOB Write with invalid tile extents #9427 [@​radarhere]

Commits

• 5158d98 12.1.1 version bump
• 9000313 Fix OOB Write with invalid tile extents (#9427)
• cd01118 Patch libavif for svt-av1 4.0 compatibility
• See full diff in compare view

Updates python-multipart from 0.0.21 to 0.0.22

Release notes

Sourced from python-multipart's releases.

Version 0.0.22

What's Changed

• Drop directory path from filename in File 9433f4b.

---

Full Changelog: Kludex/python-multipart@0.0.21...0.0.22

Changelog

Sourced from python-multipart's changelog.

0.0.22 (2026-01-25)

• Drop directory path from filename in File 9433f4b.

Commits

• bea7bbb Version 0.0.22 (#222)
• 0fb59a9 chore: add return type on test (#221)
• 9433f4b Merge commit from fork
• d5c91ec Bump the github-actions group with 2 updates (#219)
• 5a90631 bump uv (#218)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[greptile-apps]

No reviewable files after applying ignore patterns.