[pre-commit.ci] pre-commit autoupdate

[pre-commit-ci]

updates:

• github.com/astral-sh/ruff-pre-commit: v0.15.13 → v0.15.14

[amrit110]

Security Vulnerability — No Patch Available Yet

aieng-bot found the following security vulnerability reported by pip-audit, but cannot fix it automatically because no patched version has been confirmed on PyPI:

Package	Version	Vulnerability	Status
torch	2.10.0	PYSEC-2026-139	No fix version available on PyPI

Details

The vulnerability was identified in PyTorch 2.10.0. According to the advisory, the project was informed early via a pull request but had not yet released a fix at the time of this report. pip-audit reports no confirmed fix version.

What was fixed

• ✅ pyarrow (PYSEC-2026-113): bumped to >=23.0.1 (resolved to 24.0.0)

Why torch cannot be auto-fixed

The pip-audit advisory for PYSEC-2026-139 does not list a confirmed fix version for PyTorch. A fix requires the upstream PyTorch maintainers to release a patched version and for the vulnerability database to confirm it.

Recommended next steps

1. Monitor the PYSEC-2026-139 advisory for a confirmed fix release
2. Consider whether a pip-audit ignore/exception can be added temporarily with justification (requires human review)
3. Once a patched release is confirmed on PyPI, aieng-bot can re-run and apply the update automatically

This PR will not be auto-merged until the torch vulnerability is resolved.