fix(deps): bump starlette and python-multipart to remediate CVEs [security]

- starlette 0.41.2 -> 1.0.0: fixes CVE-2025-54121 (MEDIUM), CVE-2025-62727 (HIGH)
- python-multipart 0.0.22 -> 0.0.27: fixes CVE-2026-40347 (MEDIUM)
- Remove starlette==0.41.2 constraint pin (only CORS middleware used, no breakage)
- Bump service version 0.1.5 -> 0.1.6

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: lawrence-u10d

CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.1.6
+
+### Security
+
+- **Bump starlette** to latest to remediate CVE-2025-54121 (MEDIUM) and CVE-2025-62727 (HIGH). Removes the `starlette==0.41.2` constraint pin.
+- **Bump python-multipart** to latest to remediate CVE-2026-40347 (MEDIUM).
+
 ## 0.1.5
 
 ### Security

prepline_general/api/__version__.py

@@ -1 +1 @@
-__version__ = "0.1.5"  # pragma: no cover
+__version__ = "0.1.6"  # pragma: no cover

pyproject.toml

@@ -41,8 +41,6 @@ path = "prepline_general/api/__version__.py"
 [tool.uv]
 # Constraints for transitive dependencies that need pinning for functional reasons
 constraint-dependencies = [
-    # later versions of Starlette break middleware
-    "starlette==0.41.2",
     # pdfminer.six 20260107 includes performance fix
     "pdfminer-six==20260107",
 ]