chore(deps): Bump the minor-and-patch group in /a2a/git_issue_agent with 2 updates

[dependabot]

Bumps the minor-and-patch group in /a2a/git_issue_agent with 2 updates: litellm and python-multipart.

Updates litellm from 1.87.0 to 1.87.1

Release notes

Sourced from litellm's releases.

v1.87.1

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.87.1

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.87.1/cosign.pub \
  ghcr.io/berriai/litellm:v1.87.1

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• chore(release): backport five staged fixes into stable/1.87.x and cut 1.87.1 by @​mateo-berri in BerriAI/litellm#29631
• chore(release): backport #29612 (session-token budget-ceiling exemption) into stable/1.87.x and cut 1.87.2 by @​mateo-berri in BerriAI/litellm#29636
• chore: restore stable/1.87.x to 1.87.1 (revert premature 1.87.2 bump) by @​mateo-berri in BerriAI/litellm#29645

Full Changelog: BerriAI/litellm@v1.87.0...v1.87.1

Commits

• cc9b99c Merge pull request #29645 from BerriAI/litellm_unbump_stable_1_87_x
• 515e874 chore: restore stable/1.87.x to 1.87.1 (revert premature 1.87.2 bump)
• cc2aff3 Merge pull request #29636 from BerriAI/litellm_cherrypick_1_87_2
• efeb101 fix(key_generate): harden GHSA-q775 session-token exemption against default_k...
• 951012c chore: update uv.lock for 1.87.2
• d97882e bump: version 1.87.1 → 1.87.2
• 3f43e0e fix(key_generate): exempt UI/CLI session tokens from the budget ceiling for t...
• b8a9e47 Merge pull request #29631 from BerriAI/litellm_cherrypick_1_87_1
• 0cc6385 chore: update uv.lock for 1.87.1
• 5e0e841 bump: version 1.87.0 → 1.87.1
• Additional commits viewable in compare view

Updates python-multipart from 0.0.30 to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

• Replace per-byte partial-boundary scan with rfind lookbehind by @​Kludex in Kludex/python-multipart#300

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Version 0.0.31

What's Changed

• Speed up multipart header parsing and callback dispatch by @​Kludex in Kludex/python-multipart#295
• Bound header field name size before validating by @​Kludex in Kludex/python-multipart#296
• Validate Content-Length is non-negative in parse_form by @​Kludex in Kludex/python-multipart#297

Full Changelog: Kludex/python-multipart@0.0.30...0.0.31

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

• Speed up partial-boundary scanning for CR/LF-dense part data #300.

0.0.31 (2026-06-04)

• Speed up multipart header parsing and callback dispatch #295.
• Bound header field name size before validating #296.
• Validate Content-Length is non-negative in parse_form #297.

Commits

• 238ead6 Version 0.0.32 (#302)
• 8672979 Replace per-byte partial-boundary scan with rfind lookbehind (#300)
• 8190779 Bump the python-packages group with 7 updates (#301)
• 0d3c086 Use uv package ecosystem for Dependabot (#299)
• 4cffc68 Version 0.0.31 (#298)
• c814948 Reject negative Content-Length in parse_form (#297)
• 6b837d4 Bound header field name size before validating (#296)
• e0c4f9d Bump the github-actions group with 3 updates (#294)
• b8a01bb Bump the python-packages group with 3 updates (#293)
• 6732164 Speed up multipart header parsing and callback dispatch (#295)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions