Patch CVEs in vulnerable deps

Bumps cryptography, Pygments, pyasn1, PyJWT, and requests to
versions that resolve CVE-2026-34073, CVE-2026-39892, CVE-2026-4539,
CVE-2026-30922, CVE-2026-32597, and CVE-2026-25645.

requests 2.33+ dropped Python 3.9 support, so it's expressed as a
multi-constraint with 2.32.x retained for Python <3.10.

https://claude.ai/code/session_01Nsf9RKZvau6jx2vA8MULoD

Author: claude