fix(deps): vuln minor upgrades — 15 packages (minor: 6 · patch: 9)

[gh-worker-campaigns-3e9aa4]

Summary: Security update — 15 packages upgraded (MINOR changes included)

Manifests changed:

• . (uv)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
uv	0.8.11	0.8.24	patch	Direct	3 MODERATE, 2 LOW
ada-url	1.15.3	1.25.0	minor	Direct	-
datadog-api-client	2.46	2.53.0	minor	Direct	-
hvac	2.3.0	2.4.0	minor	Direct	-
keyring	25.6.0	25.7.0	minor	Direct	-
psutil	7.0	7.2.2	minor	Direct	-
rich	14.0	14.3.4	minor	Direct	-
boto3	1.38.8	1.38.46	patch	Direct	-
click	8.1	8.1.8	patch	Direct	-
msgspec	0.18	0.18.6	patch	Direct	-
msgspec-click	0.2	0.2.1	patch	Direct	-
platformdirs	4.3	4.3.8	patch	Direct	-
tomlkit	0.13	0.13.3	patch	Direct	-
truststore	0.10.1	0.10.4	patch	Direct	-
typing-extensions	4.6.0	4.6.3	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (5)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
uv	GHSA-pqhf-p39g-3x64	MODERATE	uv allows ZIP payload obfuscation through parsing differentials	0.8.11	0.9.6
uv	CVE-2025-13327	MODERATE	-	0.8.11	-
uv	GHSA-v653-r55g-hcmg	MODERATE	uv has ZIP payload obfuscation through parsing differentials	0.8.11	0.9.6
uv	GHSA-pjjw-68hj-v9mw	LOW	uv vulnerable to arbitrary file deletion through RECORD entries	0.8.11	0.11.6
uv	GHSA-w476-p2h3-79g9	LOW	uv has differential in tar extraction with PAX headers	0.8.11	0.9.5

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
typing-extensions	4.6.0	-	4.6.3	pyproject.toml

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System