chore(dependencies): re-generate uv lockfile to bring in patched Pygments version

[lukeroantreeONS]

📌 Address Dependabot Alerts

✨ Summary

Dependabot flagged two vulnerabilities in two dependencies, re-generating the uv.lock file was sufficient to bring in the patched versions.

dependencies:

• pygments
• cryptography

📜 Changes Introduced

• chore: re-generated lockfile to bring in patched pygments version (v2.20.0) and patched cryptography version (v46.0.7)

✅ Checklist

Please confirm you've completed these checks before requesting a review.

• Code passes linting with Ruff
• Security checks pass using Bandit
• API and Unit tests are written and pass using pytest
• Terraform files (if applicable) follow best practices and have been validated (terraform fmt & terraform validate)
• DocStrings follow Google-style and are added as per Pylint recommendations
• Documentation has been updated if needed

🔍 How to Test

• checkout the branch
• sync your environment with the updated uv.lock file; uv sync
• confirm the patched version of pygments is installed; uv tree | grep --color=always -E 'pygments|$'

[rileyok-ons]

Passed testing and using uv audit, looks great

[Tom-Owen-ONS]

Wonder if you don't need to regenerate the whole lock file if you just do

uv sync --upgrade

Should just update the deps that have available updates rather than requiring a whole lock file rewrite, though the results should be pretty much the same.

[Tom-Owen-ONS]

I can't find the dependabot config file (dependabot.yml) to see how it's set up... has it been done another way?

[lukeroantreeONS]

I can't find the dependabot config file (dependabot.yml) to see how it's set up... has it been done another way?

We haven't set one up yet (although I'll add a backlog ticket for that now), so it's operating on the default behaviour - I think that's just scanning any 'standard' dependency management files (e.g. requirements.txt, poetry.lock, uv.lock, etc.) once a day.

Wonder if you don't need to regenerate the whole lock file if you just do

uv sync --upgrade

Should just update the deps that have available updates rather than requiring a whole lock file rewrite, though the results should be pretty much the same.

That's good to know, thanks - does this make changes just to your local environment, or to the lockfile too (such that they can be committed)?

[Tom-Owen-ONS]

That's good to know, thanks - does this make changes just to your local environment, or to the lockfile too (such that they can be committed)?

Yep, it updates the lock file too... I think it's possibly the same as doing uv lock --upgrade but I'm not too sure.

[lukeroantreeONS]

Thanks both.

@Tom-Owen-ONS I'll try to use that method as an initial attempt to resolve dependabot issues going forward, thanks - I'll merge this as-is for now though.