[pre-commit.ci] pre-commit autoupdate (#96)

* [pre-commit.ci] pre-commit autoupdate

updates:
- [github.com/astral-sh/uv-pre-commit: 0.10.12 → 0.11.2](astral-sh/uv-pre-commit@0.10.12...0.11.2)
- [github.com/astral-sh/ruff-pre-commit: v0.15.7 → v0.15.8](astral-sh/ruff-pre-commit@v0.15.7...v0.15.8)

* chore: bump cryptography to 46.0.6 and aiohttp to 3.13.4+ to fix CVEs

- cryptography>=46.0.6: fixes CVE-2026-34073 (DNS name constraint bypass)
- aiohttp>=3.13.4: fixes CVE-2026-34513/34514/34515/34516/34517/34518/34519/34520/34525 and CVE-2026-22815

Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: aieng-bot[bot] <aieng-bot@vectorinstitute.ai>

Author: pre-commit-ci[bot]

.pre-commit-config.yaml

@@ -20,12 +20,12 @@ repos:
     - id: check-toml
 
   - repo: https://github.com/astral-sh/uv-pre-commit
-    rev: 0.10.12
+    rev: 0.11.2
     hooks:
       - id: uv-lock
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.7
+    rev: v0.15.8
     hooks:
     - id: ruff-check
       args: [--fix, --exit-non-zero-on-fix]

pyproject.toml

@@ -8,7 +8,7 @@ license = "Apache-2.0"
 requires-python = ">=3.12,<4.0"
 dependencies = [
     "aieng-eval-agents>=0.1.0",
-    "aiohttp>=3.13.3",
+    "aiohttp>=3.13.4", # CVE-2026-34513/34514/34515/34516/34517/34518/34519/34520/34525, CVE-2026-22815: multiple DoS/security fixes in 3.13.4
     "beautifulsoup4>=4.13.4",
     "datasets>=3.6.0",
     "e2b-code-interpreter>=2.4.1",
@@ -24,6 +24,7 @@ dependencies = [
     "urllib3>=2.6.3",
     "openpyxl>=3.1.5",
     "authlib>=1.6.7", # CVE-2026-28802: alg:none JWT bypass fixed in 1.6.7
+    "cryptography>=46.0.6", # CVE-2026-34073: DNS name constraint bypass fixed in 46.0.6
     "filelock>=3.20.3",
     "pyasn1>=0.6.3", # CVE-2026-30922: DoS via uncontrolled recursion fixed in 0.6.3
     "virtualenv>=20.36.1",