Update python dependencies

[jcchr]

📝 Description

Updates python dependencies to get rid of potential security risks due to known CVEs.

✨ Type of Change

Select the type of change your PR introduces:

• 🐞 Bug fix – Non-breaking change which fixes an issue
• 🚀 New feature – Non-breaking change which adds functionality
• 🔨 Refactor – Non-breaking change which refactors the code base
• 💥 Breaking change – Changes that break existing functionality
• 📚 Documentation update
• 🔒 Security update
• 🧪 Tests

🧪 Testing Scenarios

Describe how the changes were tested and how reviewers can test them too:

• ✅ Tested manually
• 🤖 Run automated end-to-end tests

✅ Checklist

Before submitting the PR, ensure the following:

• 🔍 PR title is clear and meaningful
• ✍️ PR description clearly explains the changes and their reason
• 📝 I have linked the PR to the corresponding GitHub Issues, if any
• 💬 I have commented my code, especially in hard-to-understand areas
• 📄 I have made corresponding changes to the documentation
• ✅ I have added tests that prove my fix is effective or my feature works

[Copilot]

Pull request overview

This PR updates Python dependency pins/lower bounds across multiple services and internal libraries to address known CVEs (notably around urllib3, plus bumps to fastapi/starlette, PyJWT, and protobuf) and refreshes the corresponding uv.lock files.

Changes:

• Raise urllib3 minimum versions (and refresh uv.lock resolutions) across several components.
• Upgrade fastapi and starlette versions/constraints in multiple services.
• Upgrade PyJWT and protobuf versions/constraints across services and shared libs, updating lock files accordingly.

Reviewed changes

Copilot reviewed 16 out of 32 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
platform/services/weights_uploader/pyproject.toml	Bumps urllib3 lower bound for CVE mitigation.
platform/services/weights_uploader/uv.lock	Updates locked resolution to reflect new urllib3 constraint.
platform/services/user_directory/pyproject.toml	Upgrades fastapi, raises starlette lower bound, bumps pyjwt.
platform/services/user_directory/uv.lock	Refreshes lock with new FastAPI/Starlette/PyJWT and transitives.
platform/services/onboarding/pyproject.toml	Upgrades fastapi, raises starlette/urllib3 lower bounds, bumps PyJWT.
platform/services/onboarding/uv.lock	Refreshes lock for updated FastAPI/Starlette/PyJWT/urllib3.
platform/services/observability/pyproject.toml	Upgrades fastapi, raises starlette lower bound.
platform/services/observability/uv.lock	Refreshes lock for updated FastAPI/Starlette and transitives.
platform/services/initial_user/pyproject.toml	Bumps pyjwt and dev protobuf constraint.
platform/services/initial_user/uv.lock	Refreshes lock for updated PyJWT/Protobuf and transitives.
platform/services/account/tests/pyproject.toml	Bumps PyJWT[crypto] for tests.
platform/services/account/tests/uv.lock	Refreshes lock for updated PyJWT test dependency.
platform/libs/users_handler/pyproject.toml	Bumps pyjwt and dev protobuf constraint.
libs/grpc_interfaces/pyproject.toml	Bumps protobuf constraint for model_registration extra.
libs/grpc_interfaces/uv.lock	Refreshes lock to newer protobuf and transitives.
libs/fastapi_tools/pyproject.toml	Bumps PyJWT constraint.
libs/fastapi_tools/uv.lock	Refreshes lock metadata for updated PyJWT constraint.
interactive_ai/tests/e2e/pyproject.toml	Bumps urllib3; adds virtualenv and filelock deps.
interactive_ai/tests/e2e/uv.lock	Refreshes lock for updated urllib3 and added deps.
interactive_ai/services/visual_prompt/pyproject.toml	Upgrades fastapi and raises starlette lower bound.
interactive_ai/services/visual_prompt/uv.lock	Refreshes lock for new FastAPI/Starlette and transitives.
interactive_ai/services/resource/pyproject.toml	Upgrades fastapi and raises starlette lower bound.
interactive_ai/services/resource/uv.lock	Refreshes lock for new FastAPI/Starlette and transitives.
interactive_ai/services/jobs/pyproject.toml	Upgrades fastapi and raises starlette lower bound.
interactive_ai/services/jobs/uv.lock	Refreshes lock for new FastAPI/Starlette and transitives.
interactive_ai/services/director/pyproject.toml	Upgrades fastapi and raises starlette lower bound.
interactive_ai/services/director/uv.lock	Refreshes lock for new FastAPI/Starlette and transitives.
interactive_ai/migration_job/pyproject.toml	Raises urllib3 lower bound; bumps dev protobuf constraint.
interactive_ai/migration_job/uv.lock	Refreshes lock for updated urllib3/protobuf and transitives.
interactive_ai/libs/iai_core_py/pyproject.toml	Raises urllib3 lower bound.
interactive_ai/libs/iai_core_py/uv.lock	Refreshes lock metadata to reflect urllib3 constraint.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.