fix(deps): bump cryptography to 47.0.0 and pygments to 2.20.0

[andrewbolster]

Summary

Resolves 4 open Dependabot security alerts by updating transitive dependencies in `uv.lock`:

Package	From	To	Alerts resolved
cryptography	45.0.7	47.0.0	#55 (high), #66 (low), #68 (medium)
pygments	2.19.1	2.20.0	#67 (low)
cffi	1.17.1	2.0.0	(required by cryptography 47.x)

All are transitive dependencies — no changes to `pyproject.toml` required.

Why cffi? cryptography 46+ dropped cffi as a runtime dep (switched to pure Rust), but the uv resolver was stuck in a cycle: it selected cryptography 45.x to satisfy a cffi constraint that only existed because it had selected 45.x. Upgrading cffi to 2.0.0 alongside cryptography broke the cycle.

Test plan

• `uv run pre-commit run --all-files` — clean
• Unit tests (rss, datatables) pass against new dep versions
• CI will validate all Python versions (3.10–3.13)

🤖 Generated with Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.23%. Comparing base (fca21da) to head (6d9dae5).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1729   +/-   ##
=======================================
  Coverage   69.23%   69.23%           
=======================================
  Files          38       38           
  Lines        8296     8296           
  Branches      725      725           
=======================================
  Hits         5744     5744           
  Misses       2403     2403           
  Partials      149      149           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.