[pre-commit.ci] pre-commit autoupdate

[pre-commit-ci]

updates:

• github.com/astral-sh/uv-pre-commit: 0.10.12 → 0.11.2
• github.com/astral-sh/ruff-pre-commit: v0.15.7 → v0.15.8

[amrit110]

Security Vulnerability — No Patch Available Yet

aieng-bot found the following security vulnerabilities reported by pip-audit, but cannot fix them automatically because no patched version has been released to PyPI yet:

Package	Version	Vulnerability	Status
pygments	2.19.2	GHSA-5239-wwwm-4pmq	No fix available on PyPI

Why this cannot be auto-fixed

The vulnerability exists in pygments itself (inefficient regular expression complexity in pygments/lexers/archetype.py). A fix requires the upstream maintainers to release a new version. According to the advisory, the project was informed of the problem but has not yet responded. Once a patched release is published to PyPI, aieng-bot can re-run and apply the update automatically.

What was fixed in this run

The following vulnerabilities were fixed:

• cryptography bumped to >=46.0.6 to fix GHSA-m959-cc7f-wv43
• requests bumped to >=2.33.0 to fix GHSA-gc5v-m9x4-r6x2

Recommended next steps

1. Monitor the pygments GHSA-5239-wwwm-4pmq advisory for a patch release
2. Check if a pip-audit ignore/exception can be added temporarily with justification (requires human review)
3. Consider whether this dependency can be replaced with an alternative

This PR will not be auto-merged until the vulnerability is resolved.