fix(deps): upgrade vulnerable transitive dependencies [security] (#566)

## Summary

Automated scan found CVEs in transitive dependencies locked in `uv.lock`
files.
These packages were upgraded to patched versions.

### Remediated vulnerabilities

| Package | From | To | Severity | CVE |
|---|---|---|---|---|
| cryptography | 46.0.6 | 46.0.7 | Medium | CVE-2026-39892 |
| pypdf | 6.9.2 | 6.10.0 | Medium | CVE-2026-40260 |
| starlette | 0.41.2 | 0.47.2 | Medium | CVE-2025-54121 |
| starlette | 0.41.2 | 0.49.1 | High | CVE-2025-62727 |

### What this PR does
1. Scans all `uv.lock` files with
[grype](https://github.com/anchore/grype) for known CVEs
2. Runs `uv lock --upgrade-package <pkg>` for each fixable vulnerability
(skips major bumps)
3. Bumps component versions (patch) and updates CHANGELOGs via
`version-bump`

> Created by
[lockfile-security-scan](https://github.com/Unstructured-IO/infra/actions/workflows/lockfile-security-scan.yml).
> Targets **transitive dependencies** that Renovate cannot reach.

Co-authored-by: utic-renovate[bot] <utic-renovate[bot]@users.noreply.github.com>

Author: utic-github-cicd-token-generator[bot]

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.1.3
+
+### Security
+
+- **security:** fix(deps): upgrade vulnerable transitive dependencies [security]
+
 ## 0.1.2
 * Bump all packages (refresh uv.lock), pulling `unstructured==0.22.12` which replaces NLTK with spaCy
 * Replace `download_nltk_packages` calls with spaCy model pre-download in Makefile, Dockerfile, and CI

prepline_general/api/__version__.py

@@ -1 +1 @@
-__version__ = "0.1.2"  # pragma: no cover
+__version__ = "0.1.3"  # pragma: no cover