Bump gitpython from 3.1.46 to 3.1.47 (#176)

* Bump gitpython from 3.1.46 to 3.1.47

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.46 to 3.1.47.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.46...3.1.47)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-version: 3.1.47
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: bump pip to >=26.1 to fix CVE-2026-3219

pip 26.0.1 is vulnerable to CVE-2026-3219 (tar/ZIP confusion attack).
pip 26.1 patches this. Add explicit pip>=26.1 to dev dependency group
so uv manages the patched version in the virtual environment.

Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>

* fix: remove unused type: ignore comment in model_utils.py

yaml type stubs are now available so the import-untyped ignore
comment is no longer needed and causes mypy to fail.

Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: aieng-bot[bot] <aieng-bot@vectorinstitute.ai>

Author: dependabot[bot]

odyssey/models/model_utils.py

@@ -8,7 +8,7 @@
 
 import pandas as pd
 import polars as pl
-import yaml  # type: ignore[import-untyped]
+import yaml
 
 
 def load_config(config_dir: str, model_type: str) -> Any:

pyproject.toml

@@ -53,6 +53,7 @@ dev = [
     "mypy>=1.7.0",
     "ruff>=0.3.0",
     "nbqa[toolchain]>=1.7.0",
+    "pip>=26.1",
 ]
 docs = [
     "mkdocs>=1.5.0",