chore: bump starlette version (backport #4158) (#4248)

# What does this PR do? Require at least 0.49.1 which fixes a security vulnerability in the parsing logic of the Range header in FileResponse. Release note: https://github.com/Kludex/starlette/releases/tag/0.49.1 <hr>This is an automatic backport of pull request #4158 done by [Mergify](https://mergify.com). --------- Co-authored-by: Sébastien Han <seb@redhat.com> Co-authored-by: Ashwin Bharambe <ashwin.bharambe@gmail.com>
2025-12-03 01:48:05 +00:00 · 2025-12-01 10:21:16 -08:00 · 2025-12-01 10:21:16 -08:00 · c7fd3c4151
commit c7fd3c4151
parent 1d251b489a
2 changed files with 601 additions and 560 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@ -49,6 +49,7 @@ dependencies = [
    "aiosqlite>=0.21.0",                              # server - for metadata store
    "asyncpg",                                        # for metadata store
    "sqlalchemy[asyncio]>=2.0.41",                    # server - for conversations
+    "starlette>=0.49.1",
 ]

 [project.optional-dependencies]
--- a/uv.lock
+++ b/uv.lock