chore(deps): bump starlette to 1.0.1, connexion to 3.3.0

[Odilhao]

Bumps starlette to 1.0.1 to fix CVE-2026-48710.

CVE: CVE-2026-48710 — Starlette: Security restriction bypass via malformed HTTP Host header. Missing Host header validation poisons request.url.path, allowing path-based security checks to be bypassed.

Fix version: starlette 1.0.1
Advisory: GHSA-86qp-5c8j-p5mr

[jdobes]

Swagger UI test started to fail, it doesn't happen on master, this branch has out of date libs and bumping only starlette is not compatible with other lib versions

[Odilhao]

Updated — connexion bumped from 3.1.0 to 3.3.0 alongside starlette 1.0.1 to resolve the Swagger UI regression. connexion issue #2029 (which motivated the ~=3.1.0 lock) is now closed; the constraint has been relaxed to ^3.3.0 matching master. anyio bumped from 4.11.0 to 4.13.0 to match. All hashes verified against PyPI.