fix: avoid FOSSA SciPy 1.11.0 license hit

[MapleEve]

Summary

• Raise the direct SciPy floor from >=1.11.0 to >=1.11.4.
• Document why 1.11.0 is avoided: the SciPy 1.11.0 sdist contains the vendored UNU.RAN GPL-2.0-or-later hit at scipy/_lib/unuran/unuran/src/specfunct/log1p.c.
• Keep the existing compatibility strategy otherwise: no new upper bound and no unrelated dependency changes.

FOSSA context

• PyPI sdist checks show SciPy 1.11.0 contains the flagged vendored UNU.RAN file.
• SciPy 1.11.4+ no longer contains that exact flagged file in the checked sdist versions.
• Other current FOSSA matplotlib/numpy/scipy metadata/font/doc/GCC runtime exception items have been manually reviewed and ignored at project scope; this PR addresses only the SciPy 1.11.0 source hit via code/dependency change.

Validation

• python3 requirements smoke check: confirmed scipy>=1.11.4, no scipy>=1.11.0, and note present.
• git diff --check
• python3 -m pip install --dry-run --ignore-installed --only-binary=:all: "numpy>=1.24.0,<2.0" "scipy>=1.11.4" resolved to numpy-1.26.4 scipy-1.17.1.
• PyPI sdist scan: scipy 1.11.0 contains scipy/_lib/unuran/unuran/src/specfunct/log1p.c; scipy 1.11.4 and scipy 1.17.1 do not.

Follow-up

• FOSSA needs to rerun on this branch/PR to confirm the project policy result clears the remaining SciPy 1.11.0 license hit.

[github-actions]

👍 @MapleEve

Thank you for raising your pull request and contributing to voscript.
Please make sure you have followed our contributing guidelines. We will review it as soon as possible.
If you encounter any problems, please feel free to connect with us.
非常感谢您提出拉取请求并为 voscript 做出贡献，请确保您已经遵循了我们的贡献指南，我们会尽快审查它。
如果您遇到任何问题，请随时与我们联系。

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.59%. Comparing base (10912bb) to head (fd58ccc).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #26   +/-   ##
=======================================
  Coverage   77.59%   77.59%           
=======================================
  Files          75       75           
  Lines        2906     2906           
=======================================
  Hits         2255     2255           
  Misses        651      651           

Flag	Coverage Δ
unit	77.59% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

❤️ Great PR @MapleEve ❤️

The growth of project is inseparable from user feedback and contribution, thanks for your contribution!
项目的成长离不开用户反馈和贡献，感谢您的贡献!

[Copilot]

Pull request overview

This PR adjusts the runtime dependency constraints to avoid a license-scanner (FOSSA) hit specific to SciPy 1.11.0’s sdist, by moving the minimum SciPy version to a later patch release and documenting the rationale inline in the requirements file.

Changes:

• Raise the SciPy lower bound from >=1.11.0 to >=1.11.4.
• Add an explanatory comment documenting why SciPy 1.11.0 is avoided.
• Introduce a SciPy upper bound to keep installs on the 1.11.x line.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.