chore(deps): update nc-py-api requirement from >=0.23.0 to >=0.30.2

[dependabot]

Updates the requirements on nc-py-api to permit the latest version.

Release notes

Sourced from nc-py-api's releases.

v0.30.2

Changed

• download_directory_as_zip: the order of entries inside the returned archive is no longer guaranteed; it now depends on the Nextcloud server's database backend, after Nextcloud server #60225 removed the implicit ORDER BY name ASC. #429

Security

• Pinned starlette>=1.0.1 to address BadHost (CVE-2026-48710): a crafted Host header could desync request.url.path from the routed path in Starlette ≤ 1.0.0, bypassing path-based authorization. FastAPI does not constrain Starlette's upper bound, so an explicit floor is required to guarantee the fix. The fastapi floor was also raised to >=0.133 (the first release compatible with Starlette 1.0+).

Changelog

Sourced from nc-py-api's changelog.

[0.30.2 - 2026-06-02]

Changed

• download_directory_as_zip: the order of entries inside the returned archive is no longer guaranteed; it now depends on the Nextcloud server's database backend, after Nextcloud server #60225 removed the implicit ORDER BY name ASC. #429

Security

• Pinned starlette>=1.0.1 to address BadHost (CVE-2026-48710): a crafted Host header could desync request.url.path from the routed path in Starlette ≤ 1.0.0, bypassing path-based authorization. FastAPI does not constrain Starlette's upper bound, so an explicit floor is required to guarantee the fix. The fastapi floor was also raised to >=0.133 (the first release compatible with Starlette 1.0+).

[0.30.1 - 2026-04-26]

Added

• Share.token property to expose the share token (e.g. for passing to external applications that access Nextcloud shares via WebDAV). #427 Thanks to @​meck-gd

[0.30.0 - 2026-03-29]

Added

• Teams (Circles) async API on AsyncNextcloud/AsyncNextcloudApp: full CRUD, member management, and join/leave flows. #403
• FsNodeInfo.download_url and FsNodeInfo.download_url_expiration properties exposing S3 presigned download URLs (when the storage backend is S3 with use_presigned_url enabled). #419

Changed

• Sync API for Activity, Notes, UserStatus, and WeatherStatus removed; use the async counterparts on AsyncNextcloud/AsyncNextcloudApp. #405
• All remaining sync entry points (Nextcloud, NextcloudApp, TalkBot, nc_app, talk_bot_msg, sync enabled_handler/trigger_handler in set_handlers) now emit DeprecationWarning; they will be removed in v0.31.0. #422
• README and examples/as_client/ scripts converted to AsyncNextcloud/AsyncNextcloudApp. #422
• caldav dependency upgraded to >=3.1,<4. #416

[0.24.2 - 2026-03-02]

Changed

• Use new /ex-app/status endpoint for set_init_status instead of deprecated /apps/status/{appId}

[0.24.1 - 2026-02-25]

Fixed

• ExApps: Use FileLock with atomic rename for safe concurrent model downloads. #396
• Upgrade caldav dependency for icalendar 7.x compatibility. #397

[0.24.0 - 2026-02-04]

Added

• Include the Response object in NextcloudException #394

[0.23.1 - 2026-01-16]

... (truncated)

Commits

• 9058723 v0.30.2 [publish]
• d2acdc7 fix(deps): pin starlette>=1.0.1 to fix BadHost (CVE-2026-48710) (#438)
• 0b35fe0 [pre-commit.ci] pre-commit autoupdate (#437)
• 5dfe496 chore(deps): update anthropics/claude-code-action digest to 787c5a0 (#431)
• e655287 ci: keep Notes app compatible across the stable31/32/33 matrix (#436)
• 9d15e79 [pre-commit.ci] pre-commit autoupdate (#434)
• 36b42d8 [pre-commit.ci] pre-commit autoupdate (#430)
• 69e0406 [pre-commit.ci] pre-commit autoupdate (#424)
• 84b7cb4 chore(deps): update anthropics/claude-code-action digest to 51ea8ea (#425)
• 2307c4c fix(tests): make zip-download assertions order-tolerant (#429)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)