chore(deps): lock file maintenance [skip pre-commit.ci]

[renovate]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cubic-dev-ai]

No issues found across 1 file

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[github-actions]

📚 Documentation Preview

Type	URL	Version	Message
Production	https://tux.atl.dev	-	-
Preview	https://d092ef79-tux-docs.allthingslinux.workers.dev	d092ef79-fed4-4a93-905d-e31518a97413	Preview: tux@5b5015e15569de1cd5b512b9dea30e10d8b1c513 on 1236/merge by renovate[bot] (run 536)

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 25 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3c5e7aa.

Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

Vulnerabilities

uv.lock

Name	Version	Vulnerability	Severity
ecdsa	0.19.2	Minerva timing attack on P-256 in python-ecdsa	high

Only included vulnerabilities with severity high or higher.

License Issues

uv.lock

Package	Version	License	Issue Type
aiohttp	3.13.5	Null	Unknown License
cryptography	46.0.7	Null	Unknown License
django	6.0.4	Null	Unknown License
fastapi	0.136.0	Null	Unknown License
filelock	3.28.0	Null	Unknown License
greenlet	3.4.0	Null	Unknown License
mako	1.3.11	Null	Unknown License
nodejs-wheel-binaries	24.14.1	Null	Unknown License
packaging	26.1	Null	Unknown License
platformdirs	4.9.6	Null	Unknown License
pydantic	2.13.2	Null	Unknown License
pymdown-extensions	10.21.2	Null	Unknown License
pytest	9.0.3	Null	Unknown License
python-discovery	1.2.2	Null	Unknown License
rapidfuzz	3.14.5	Null	Unknown License
ruff	0.15.11	Null	Unknown License
starlette	1.0.0	Null	Unknown License
types-aiofiles	25.1.0.20260409	Null	Unknown License
types-mock	5.2.0.20260408	Null	Unknown License
types-psutil	7.2.2.20260408	Null	Unknown License
types-pytz	2026.1.1.20260408	Null	Unknown License
types-pyyaml	6.0.12.20260408	Null	Unknown License
virtualenv	21.2.4	Null	Unknown License
ecdsa	0.19.2	Null	Unknown License
tzdata	2026.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/ecdsa	0.19.2	🟢 5.4	Details Check Score Reason Code-Review 🟢 3 Found 5/14 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 8 SAST tool detected but not run on all commits
pip/aiohttp	3.13.5	Unknown	Unknown
pip/anyio	4.13.0	Unknown	Unknown
pip/attrs	26.1.0	Unknown	Unknown
pip/click	8.3.2	Unknown	Unknown
pip/coverage	7.13.5	Unknown	Unknown
pip/cryptography	46.0.7	Unknown	Unknown
pip/django	6.0.4	Unknown	Unknown
pip/fastapi	0.136.0	Unknown	Unknown
pip/filelock	3.28.0	Unknown	Unknown
pip/greenlet	3.4.0	Unknown	Unknown
pip/identify	2.6.19	🟢 5.9	Details Check Score Reason Code-Review 🟢 8 Found 15/17 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mako	1.3.11	Unknown	Unknown
pip/nodejs-wheel-binaries	24.14.1	Unknown	Unknown
pip/numpy	2.4.4	Unknown	Unknown
pip/packaging	26.1	Unknown	Unknown
pip/platformdirs	4.9.6	Unknown	Unknown
pip/pyasn1	0.6.3	Unknown	Unknown
pip/pydantic	2.13.2	Unknown	Unknown
pip/pydantic-core	2.46.2	🟢 6.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pygments	2.20.0	Unknown	Unknown
pip/pymdown-extensions	10.21.2	Unknown	Unknown
pip/pytest	9.0.3	Unknown	Unknown
pip/pytest-cov	7.1.0	Unknown	Unknown
pip/python-discovery	1.2.2	Unknown	Unknown
pip/rapidfuzz	3.14.5	Unknown	Unknown
pip/ruff	0.15.11	Unknown	Unknown
pip/sentry-sdk	2.58.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 23/25 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/starlette	1.0.0	Unknown	Unknown
pip/types-aiofiles	25.1.0.20260409	Unknown	Unknown
pip/types-mock	5.2.0.20260408	Unknown	Unknown
pip/types-psutil	7.2.2.20260408	Unknown	Unknown
pip/types-pytz	2026.1.1.20260408	Unknown	Unknown
pip/types-pyyaml	6.0.12.20260408	Unknown	Unknown
pip/tzdata	2026.1	🟢 5.4	Details Check Score Reason Code-Review 🟢 7 Found 16/22 approved changesets -- score normalized to 7 Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/virtualenv	21.2.4	Unknown	Unknown
pip/zensical	0.0.33	Unknown	Unknown

Scanned Files

• uv.lock

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 42.96%. Comparing base (c0e1a1e) to head (3c5e7aa).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1236      +/-   ##
==========================================
+ Coverage   42.83%   42.96%   +0.13%     
==========================================
  Files         233      233              
  Lines       18398    18398              
  Branches     2424     2424              
==========================================
+ Hits         7881     7905      +24     
+ Misses      10517    10493      -24     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.