fix(deps): update starlette to >=1.0.1 to fix PYSEC-2026-161

Consolidates three separate starlette overrides into one entry covering
CVE-2025-54121, GHSA-7f5h-v6xp-fcq8, and PYSEC-2026-161 (fixed in 1.0.1).
Starlette resolves to 1.1.0 in the lockfile.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: dima-aignostics

pyproject.toml

@@ -133,8 +133,7 @@ dependencies = [
     "urllib3>=2.5.0",                   # CVE-2025-50181, CVE-2025-50182
     "pillow>=12.2.0",                   # CVE-2025-48379 (>=11.3.0); CVE-2026-25990 (>=12.1.1, Renovate #428); CVE-2026-40192 (>=12.2.0, Renovate #539)
     "aiohttp>=3.13.4",                  # CVE-2025-53643, CVE-2025-69223..9 (>=3.13.3); CVE-2026-22815 (>=3.13.4, Renovate #527)
-    "starlette>=0.47.2",                # CVE-2025-54121
-    "starlette>=0.49.1",                # GHSA-7f5h-v6xp-fcq8
+    "starlette>=1.0.1",                 # CVE-2025-54121, GHSA-7f5h-v6xp-fcq8, PYSEC-2026-161
     "lxml>=6.1.0",                      # CVE-2026-41066 (Renovate #556); also required for python 3.14 pre-built wheels
     "filelock>=3.20.3",                 # CVE-2025-68146 (>=3.20.1); CVE-2026-22701 (>=3.20.3, Renovate #387)
     "marshmallow>=3.26.2",              # CVE-2025-68480