chore(deps): bump authlib from 1.6.9 to 1.6.12 in /mcp_server

Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.6.12.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst)
- [Commits](https://github.com/authlib/authlib/compare/v1.6.9...1.6.12)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/issue-lock-on-close.yml

@@ -29,7 +29,7 @@ jobs:
             api.github.com:443
 
       - name: Comment and lock issue
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const { owner, repo } = context.repo;

.github/workflows/issue-triage.lock.yml

@@ -75,7 +75,7 @@ jobs:
         with:
           destination: /opt/gh-aw/actions
       - name: Check workflow file timestamps
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_WORKFLOW_FILE: "issue-triage.lock.yml"
         with:
@@ -86,7 +86,7 @@ jobs:
             await main();
       - name: Compute current body text
         id: compute-text
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs');
@@ -96,7 +96,7 @@ jobs:
       - name: Add comment with workflow run link
         id: add-comment
         if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id)
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_WORKFLOW_NAME: "Issue Triage"
           GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e 🤖 Generated by [Prowler Issue Triage]({run_url}) [Experimental]\"}"
@@ -148,7 +148,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Merge remote .github folder
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_FILE: ".github/agents/issue-triage.md"
           GH_AW_AGENT_IMPORT_SPEC: "../agents/issue-triage.md"
@@ -175,7 +175,7 @@ jobs:
         id: checkout-pr
         if: |
           github.event.pull_request
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
         with:
@@ -187,7 +187,7 @@ jobs:
             await main();
       - name: Generate agentic run info
         id: generate_aw_info
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const fs = require('fs');
@@ -511,7 +511,7 @@ jobs:
           }
           GH_AW_MCP_CONFIG_EOF
       - name: Generate workflow overview
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const { generateWorkflowOverview } = require('/opt/gh-aw/actions/generate_workflow_overview.cjs');
@@ -606,7 +606,7 @@ jobs:
           {{#runtime-import .github/workflows/issue-triage.md}}
           GH_AW_PROMPT_EOF
       - name: Substitute placeholders
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt
           GH_AW_GITHUB_ACTOR: ${{ github.actor }}
@@ -640,7 +640,7 @@ jobs:
               }
             });
       - name: Interpolate variables and render templates
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt
           GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }}
@@ -757,7 +757,7 @@ jobs:
           bash /opt/gh-aw/actions/stop_mcp_gateway.sh "$GATEWAY_PID"
       - name: Redact secrets in logs
         if: always()
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs');
@@ -779,7 +779,7 @@ jobs:
           if-no-files-found: warn
       - name: Ingest agent output
         id: collect_output
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}
           GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,mcp.context7.com,mcp.prowler.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.npmjs.org,repo.anaconda.com,repo.continuum.io,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com"
@@ -808,7 +808,7 @@ jobs:
           if-no-files-found: ignore
       - name: Parse agent logs for step summary
         if: always()
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/
         with:
@@ -819,7 +819,7 @@ jobs:
             await main();
       - name: Parse MCP gateway logs for step summary
         if: always()
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs');
@@ -891,7 +891,7 @@ jobs:
           echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV"
       - name: Process No-Op Messages
         id: noop
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
           GH_AW_NOOP_MAX: 1
@@ -905,7 +905,7 @@ jobs:
             await main();
       - name: Record Missing Tool
         id: missing_tool
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
           GH_AW_WORKFLOW_NAME: "Issue Triage"
@@ -918,7 +918,7 @@ jobs:
             await main();
       - name: Handle Agent Failure
         id: handle_agent_failure
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
           GH_AW_WORKFLOW_NAME: "Issue Triage"
@@ -937,7 +937,7 @@ jobs:
             await main();
       - name: Handle No-Op Message
         id: handle_noop_message
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
           GH_AW_WORKFLOW_NAME: "Issue Triage"
@@ -954,7 +954,7 @@ jobs:
             await main();
       - name: Update reaction comment with completion status
         id: conclusion
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
           GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }}
@@ -1008,7 +1008,7 @@ jobs:
         run: |
           echo "Agent output-types: $AGENT_OUTPUT_TYPES"
       - name: Setup threat detection
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           WORKFLOW_NAME: "Issue Triage"
           WORKFLOW_DESCRIPTION: "[Experimental] AI-powered issue triage for Prowler - produces coding-agent-ready fix plans"
@@ -1062,7 +1062,7 @@ jobs:
           XDG_CONFIG_HOME: /home/runner
       - name: Parse threat detection results
         id: parse_results
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
           script: |
             const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs');
@@ -1102,7 +1102,7 @@ jobs:
       - name: Add eyes reaction for immediate feedback
         id: react
         if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id)
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_REACTION: "eyes"
         with:
@@ -1114,7 +1114,7 @@ jobs:
             await main();
       - name: Check team membership for workflow
         id: check_membership
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_REQUIRED_ROLES: admin,maintainer,write
         with:
@@ -1126,7 +1126,7 @@ jobs:
             await main();
       - name: Check user rate limit
         id: check_rate_limit
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_RATE_LIMIT_MAX: "5"
           GH_AW_RATE_LIMIT_WINDOW: "60"
@@ -1185,7 +1185,7 @@ jobs:
           echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV"
       - name: Process Safe Outputs
         id: process_safe_outputs
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         env:
           GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
           GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"hide_older_comments\":true,\"max\":1},\"missing_data\":{},\"missing_tool\":{}}"

docs/developer-guide/introduction.mdx

@@ -152,7 +152,7 @@ These should have been already installed if `uv sync` was already run.
 
 </Note>
 - [`bandit`](https://pypi.org/project/bandit/) for code security review.
-- [`safety`](https://pypi.org/project/safety/) and [`dependabot`](https://github.com/features/security) for dependencies.
+- [`osv-scanner`](https://github.com/google/osv-scanner) and [`dependabot`](https://github.com/features/security) for dependencies.
 - [`hadolint`](https://github.com/hadolint/hadolint) and [`dockle`](https://github.com/goodwithtech/dockle) for container security.
 - [`Snyk`](https://docs.snyk.io/integrations/snyk-container-integrations/container-security-with-docker-hub-integration) for container security in Docker Hub.
 - [`clair`](https://github.com/quay/clair) for container security in Amazon ECR.

docs/security/software-security.mdx

@@ -39,10 +39,11 @@ Dependencies are continuously monitored for known vulnerabilities with timely up
 
 ### Dependency Vulnerability Scanning
 
-- **Safety:** Scans Python dependencies against known vulnerability databases
-  - Runs on every commit via pre-commit hooks
-  - Integrated into CI/CD for SDK and API
-  - Configured with selective ignores for tracked exceptions
+- **osv-scanner:** Scans lockfiles against the [OSV.dev](https://osv.dev) vulnerability database
+  - Runs in CI on every pull request and push for SDK, API, and UI
+  - Fails the build on `HIGH`, `CRITICAL`, and `UNKNOWN` severity findings
+  - Posts a per-lockfile report as a PR comment
+  - Per-vulnerability ignores (with reason and expiry) live in `osv-scanner.toml` at the repo root
 - **Trivy:** Multi-purpose scanner for containers and dependencies
   - Scans all container images (UI, API, SDK, MCP Server)
   - Checks for vulnerabilities in OS packages and application dependencies

mcp_server/uv.lock

@@ -36,14 +36,14 @@ wheels = [
 
 [[package]]
 name = "authlib"
-version = "1.6.9"
+version = "1.6.12"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "cryptography" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/af/98/00d3dd826d46959ad8e32af2dbb2398868fd9fd0683c26e56d0789bd0e68/authlib-1.6.9.tar.gz", hash = "sha256:d8f2421e7e5980cc1ddb4e32d3f5fa659cfaf60d8eaf3281ebed192e4ab74f04", size = 165134, upload-time = "2026-03-02T07:44:01.998Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/d3/30/6691fdc63b35f54a5a65e04fa1e59d827f4d4e8f4a39678ba7d3088ce0c8/authlib-1.6.12.tar.gz", hash = "sha256:0656d8482f28fc8221929d5f35b2bde5d13e10555ebc06b4561b0d622e83b1bd", size = 165368, upload-time = "2026-05-04T08:11:31.826Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/53/23/b65f568ed0c22f1efacb744d2db1a33c8068f384b8c9b482b52ebdbc3ef6/authlib-1.6.9-py2.py3-none-any.whl", hash = "sha256:f08b4c14e08f0861dc18a32357b33fbcfd2ea86cfe3fe149484b4d764c4a0ac3", size = 244197, upload-time = "2026-03-02T07:44:00.307Z" },
+    { url = "https://files.pythonhosted.org/packages/cd/51/9b0b5cd4cf683a02db937a6f9bbebcdc9c56558a7bb3763ce7d3512103c3/authlib-1.6.12-py2.py3-none-any.whl", hash = "sha256:e9229ad7fde610b139dd12f5edbe97eab9ee78bfb85691247e767727850b99ab", size = 244473, upload-time = "2026-05-04T08:11:30.354Z" },
 ]
 
 [[package]]

pyproject.toml

@@ -150,7 +150,212 @@ AWS_SECURITY_TOKEN = 'testing'
 AWS_SESSION_TOKEN = 'testing'
 
 [tool.uv]
-# cartography (pulled in via the API) still pins okta<1.0.0 for its (unused-by-prowler)
-# intel.okta integration; the SDK Okta provider needs okta==3.4.2 (PR #11079). Force the
-# version prowler needs; cartography's okta module is not imported here.
+# Transitive pins matching the current lock to prevent silent drift on `uv lock`
+# (e.g. supply chain hijacks via newer releases). Bump deliberately.
+constraint-dependencies = [
+  "about-time==4.2.1",
+  "aenum==3.1.17",
+  "aiofiles==24.1.0",
+  "aiohappyeyeballs==2.6.1",
+  "aiohttp==3.13.5",
+  "aiosignal==1.4.0",
+  "alibabacloud-actiontrail20200706==2.4.1",
+  "alibabacloud-credentials==1.0.3",
+  "alibabacloud-credentials-api==1.0.0",
+  "alibabacloud-cs20151215==6.1.0",
+  "alibabacloud-darabonba-array==0.1.0",
+  "alibabacloud-darabonba-encode-util==0.0.2",
+  "alibabacloud-darabonba-map==0.0.1",
+  "alibabacloud-darabonba-signature-util==0.0.4",
+  "alibabacloud-darabonba-string==0.0.4",
+  "alibabacloud-darabonba-time==0.0.1",
+  "alibabacloud-ecs20140526==7.2.5",
+  "alibabacloud-endpoint-util==0.0.4",
+  "alibabacloud-gateway-oss==0.0.17",
+  "alibabacloud-gateway-sls==0.4.2",
+  "alibabacloud-gateway-sls-util==0.4.1",
+  "alibabacloud-gateway-spi==0.0.3",
+  "alibabacloud-openapi-util==0.2.4",
+  "alibabacloud-oss-util==0.0.6",
+  "alibabacloud-oss20190517==1.0.6",
+  "alibabacloud-ram20150501==1.2.0",
+  "alibabacloud-sas20181203==6.1.0",
+  "alibabacloud-sts20150401==1.1.6",
+  "alibabacloud-tea==0.4.3",
+  "alibabacloud-tea-openapi==0.4.4",
+  "alibabacloud-tea-util==0.3.14",
+  "alibabacloud-tea-xml==0.0.3",
+  "alibabacloud-vpc20160428==6.13.0",
+  "aliyun-log-fastpb==0.3.0",
+  "annotated-types==0.7.0",
+  "antlr4-python3-runtime==4.13.2",
+  "anyio==4.13.0",
+  "apscheduler==3.11.2",
+  "astroid==3.3.11",
+  "async-timeout==5.0.1",
+  "attrs==26.1.0",
+  "aws-sam-translator==1.109.0",
+  "aws-xray-sdk==2.15.0",
+  "azure-common==1.1.28",
+  "azure-core==1.41.0",
+  "azure-mgmt-core==1.6.0",
+  "bandit==1.8.3",
+  "black==25.1.0",
+  "blinker==1.9.0",
+  "certifi==2026.4.22",
+  "cffi==2.0.0",
+  "cfn-lint==1.51.0",
+  "charset-normalizer==3.4.7",
+  "circuitbreaker==2.1.3",
+  "click==8.3.3",
+  "click-plugins==1.1.1.2",
+  "contextlib2==21.6.0",
+  "coverage==7.6.12",
+  "darabonba-core==1.0.5",
+  "decorator==5.2.1",
+  "dill==0.4.1",
+  "distro==1.9.0",
+  "dnspython==2.8.0",
+  "docker==7.1.0",
+  "dogpile-cache==1.5.0",
+  "durationpy==0.10",
+  "email-validator==2.2.0",
+  "exceptiongroup==1.3.1",
+  "execnet==2.1.2",
+  "filelock==3.20.3",
+  "flake8==7.1.2",
+  "flask==3.1.3",
+  "freezegun==1.5.1",
+  "frozenlist==1.8.0",
+  "google-api-core==2.30.3",
+  "google-auth==2.52.0",
+  "googleapis-common-protos==1.75.0",
+  "graphemeu==0.7.2",
+  "graphql-core==3.2.8",
+  "h11==0.16.0",
+  "hpack==4.1.0",
+  "httpcore==1.0.9",
+  "httplib2==0.31.2",
+  "httpx==0.28.1",
+  "hyperframe==6.1.0",
+  "iamdata==0.1.202605131",
+  "idna==3.15",
+  "importlib-metadata==8.7.1",
+  "iniconfig==2.3.0",
+  "iso8601==2.1.0",
+  "isodate==0.7.2",
+  "isort==6.1.0",
+  "itsdangerous==2.2.0",
+  "jinja2==3.1.6",
+  "jmespath==1.1.0",
+  "joserfc==1.6.5",
+  "jsonpatch==1.33",
+  "jsonpath-ng==1.8.0",
+  "jsonpointer==3.1.1",
+  "jsonschema-path==0.3.4",
+  "jsonschema-specifications==2025.9.1",
+  "jwcrypto==1.5.7",
+  "keystoneauth1==5.14.0",
+  "lazy-object-proxy==1.12.0",
+  "lz4==4.4.5",
+  "markdown-it-py==4.2.0",
+  "markupsafe==3.0.3",
+  "mccabe==0.7.0",
+  "mdurl==0.1.2",
+  "microsoft-kiota-authentication-azure==1.9.2",
+  "microsoft-kiota-http==1.9.2",
+  "microsoft-kiota-serialization-form==1.9.2",
+  "microsoft-kiota-serialization-json==1.9.2",
+  "microsoft-kiota-serialization-multipart==1.9.2",
+  "microsoft-kiota-serialization-text==1.9.2",
+  "mock==5.2.0",
+  "moto==5.1.11",
+  "mpmath==1.3.0",
+  "msal==1.36.0",
+  "msal-extensions==1.3.1",
+  "msgraph-core==1.3.8",
+  "msrest==0.7.1",
+  "multidict==6.7.1",
+  "multipart==1.3.1",
+  "mypy-extensions==1.1.0",
+  "narwhals==2.21.0",
+  "nest-asyncio==1.6.0",
+  "networkx==3.4.2",
+  "oauthlib==3.3.1",
+  "openapi-schema-validator==0.6.3",
+  "openapi-spec-validator==0.7.1",
+  "opentelemetry-api==1.41.1",
+  "opentelemetry-sdk==1.41.1",
+  "opentelemetry-semantic-conventions==0.62b1",
+  "os-service-types==1.8.2",
+  "packaging==26.2",
+  "pathable==0.4.4",
+  "pathspec==1.1.1",
+  "pbr==7.0.3",
+  "platformdirs==4.9.6",
+  "plotly==6.7.0",
+  "pluggy==1.6.0",
+  "prek==0.3.9",
+  "propcache==0.5.2",
+  "proto-plus==1.28.0",
+  "protobuf==7.34.1",
+  "psutil==7.2.2",
+  "py-partiql-parser==0.6.1",
+  "pyasn1==0.6.3",
+  "pyasn1-modules==0.4.2",
+  "pycodestyle==2.12.1",
+  "pycparser==3.0",
+  "pycryptodomex==3.23.0",
+  "pydantic-core==2.41.5",
+  "pydash==8.0.6",
+  "pyflakes==3.2.0",
+  "pygments==2.20.0",
+  "pyjwt==2.12.1",
+  "pylint==3.3.4",
+  "pynacl==1.6.2",
+  "pyopenssl==26.2.0",
+  "pyparsing==3.3.2",
+  "pytest==8.3.5",
+  "pytest-cov==6.0.0",
+  "pytest-env==1.1.5",
+  "pytest-randomly==3.16.0",
+  "pytest-xdist==3.6.1",
+  "pywin32==311",
+  "pyyaml==6.0.3",
+  "referencing==0.36.2",
+  "regex==2026.5.9",
+  "requests==2.34.0",
+  "requests-file==3.0.1",
+  "requests-oauthlib==2.0.0",
+  "requestsexceptions==1.4.0",
+  "responses==0.26.0",
+  "retrying==1.4.2",
+  "rfc3339-validator==0.1.4",
+  "rich==15.0.0",
+  "rpds-py==0.30.0",
+  "s3transfer==0.14.0",
+  "setuptools==82.0.1",
+  "six==1.17.0",
+  "sniffio==1.3.1",
+  "std-uritemplate==2.0.8",
+  "stevedore==5.7.0",
+  "sympy==1.14.0",
+  "tldextract==5.3.1",
+  "tomli==2.4.1",
+  "tomlkit==0.15.0",
+  "typing-extensions==4.15.0",
+  "typing-inspection==0.4.2",
+  "tzdata==2026.2",
+  "uritemplate==4.2.0",
+  "urllib3==2.7.0",
+  "vulture==2.14",
+  "websocket-client==1.9.0",
+  "werkzeug==3.1.8",
+  "wrapt==2.1.2",
+  "xlsxwriter==3.2.9",
+  "xmltodict==1.0.4",
+  "yarl==1.23.0",
+  "zipp==3.23.1",
+  "zstd==1.5.7.3"
+]
 override-dependencies = ["okta==3.4.2"]

uv.lock

@@ -8,6 +8,212 @@ resolution-markers = [
 ]
 
 [manifest]
+constraints = [
+    { name = "about-time", specifier = "==4.2.1" },
+    { name = "aenum", specifier = "==3.1.17" },
+    { name = "aiofiles", specifier = "==24.1.0" },
+    { name = "aiohappyeyeballs", specifier = "==2.6.1" },
+    { name = "aiohttp", specifier = "==3.13.5" },
+    { name = "aiosignal", specifier = "==1.4.0" },
+    { name = "alibabacloud-actiontrail20200706", specifier = "==2.4.1" },
+    { name = "alibabacloud-credentials", specifier = "==1.0.3" },
+    { name = "alibabacloud-credentials-api", specifier = "==1.0.0" },
+    { name = "alibabacloud-cs20151215", specifier = "==6.1.0" },
+    { name = "alibabacloud-darabonba-array", specifier = "==0.1.0" },
+    { name = "alibabacloud-darabonba-encode-util", specifier = "==0.0.2" },
+    { name = "alibabacloud-darabonba-map", specifier = "==0.0.1" },
+    { name = "alibabacloud-darabonba-signature-util", specifier = "==0.0.4" },
+    { name = "alibabacloud-darabonba-string", specifier = "==0.0.4" },
+    { name = "alibabacloud-darabonba-time", specifier = "==0.0.1" },
+    { name = "alibabacloud-ecs20140526", specifier = "==7.2.5" },
+    { name = "alibabacloud-endpoint-util", specifier = "==0.0.4" },
+    { name = "alibabacloud-gateway-oss", specifier = "==0.0.17" },
+    { name = "alibabacloud-gateway-sls", specifier = "==0.4.2" },
+    { name = "alibabacloud-gateway-sls-util", specifier = "==0.4.1" },
+    { name = "alibabacloud-gateway-spi", specifier = "==0.0.3" },
+    { name = "alibabacloud-openapi-util", specifier = "==0.2.4" },
+    { name = "alibabacloud-oss-util", specifier = "==0.0.6" },
+    { name = "alibabacloud-oss20190517", specifier = "==1.0.6" },
+    { name = "alibabacloud-ram20150501", specifier = "==1.2.0" },
+    { name = "alibabacloud-sas20181203", specifier = "==6.1.0" },
+    { name = "alibabacloud-sts20150401", specifier = "==1.1.6" },
+    { name = "alibabacloud-tea", specifier = "==0.4.3" },
+    { name = "alibabacloud-tea-openapi", specifier = "==0.4.4" },
+    { name = "alibabacloud-tea-util", specifier = "==0.3.14" },
+    { name = "alibabacloud-tea-xml", specifier = "==0.0.3" },
+    { name = "alibabacloud-vpc20160428", specifier = "==6.13.0" },
+    { name = "aliyun-log-fastpb", specifier = "==0.3.0" },
+    { name = "annotated-types", specifier = "==0.7.0" },
+    { name = "antlr4-python3-runtime", specifier = "==4.13.2" },
+    { name = "anyio", specifier = "==4.13.0" },
+    { name = "apscheduler", specifier = "==3.11.2" },
+    { name = "astroid", specifier = "==3.3.11" },
+    { name = "async-timeout", specifier = "==5.0.1" },
+    { name = "attrs", specifier = "==26.1.0" },
+    { name = "aws-sam-translator", specifier = "==1.109.0" },
+    { name = "aws-xray-sdk", specifier = "==2.15.0" },
+    { name = "azure-common", specifier = "==1.1.28" },
+    { name = "azure-core", specifier = "==1.41.0" },
+    { name = "azure-mgmt-core", specifier = "==1.6.0" },
+    { name = "bandit", specifier = "==1.8.3" },
+    { name = "black", specifier = "==25.1.0" },
+    { name = "blinker", specifier = "==1.9.0" },
+    { name = "certifi", specifier = "==2026.4.22" },
+    { name = "cffi", specifier = "==2.0.0" },
+    { name = "cfn-lint", specifier = "==1.51.0" },
+    { name = "charset-normalizer", specifier = "==3.4.7" },
+    { name = "circuitbreaker", specifier = "==2.1.3" },
+    { name = "click", specifier = "==8.3.3" },
+    { name = "click-plugins", specifier = "==1.1.1.2" },
+    { name = "contextlib2", specifier = "==21.6.0" },
+    { name = "coverage", specifier = "==7.6.12" },
+    { name = "darabonba-core", specifier = "==1.0.5" },
+    { name = "decorator", specifier = "==5.2.1" },
+    { name = "dill", specifier = "==0.4.1" },
+    { name = "distro", specifier = "==1.9.0" },
+    { name = "dnspython", specifier = "==2.8.0" },
+    { name = "docker", specifier = "==7.1.0" },
+    { name = "dogpile-cache", specifier = "==1.5.0" },
+    { name = "durationpy", specifier = "==0.10" },
+    { name = "email-validator", specifier = "==2.2.0" },
+    { name = "exceptiongroup", specifier = "==1.3.1" },
+    { name = "execnet", specifier = "==2.1.2" },
+    { name = "filelock", specifier = "==3.20.3" },
+    { name = "flake8", specifier = "==7.1.2" },
+    { name = "flask", specifier = "==3.1.3" },
+    { name = "freezegun", specifier = "==1.5.1" },
+    { name = "frozenlist", specifier = "==1.8.0" },
+    { name = "google-api-core", specifier = "==2.30.3" },
+    { name = "google-auth", specifier = "==2.52.0" },
+    { name = "googleapis-common-protos", specifier = "==1.75.0" },
+    { name = "graphemeu", specifier = "==0.7.2" },
+    { name = "graphql-core", specifier = "==3.2.8" },
+    { name = "h11", specifier = "==0.16.0" },
+    { name = "hpack", specifier = "==4.1.0" },
+    { name = "httpcore", specifier = "==1.0.9" },
+    { name = "httplib2", specifier = "==0.31.2" },
+    { name = "httpx", specifier = "==0.28.1" },
+    { name = "hyperframe", specifier = "==6.1.0" },
+    { name = "iamdata", specifier = "==0.1.202605131" },
+    { name = "idna", specifier = "==3.15" },
+    { name = "importlib-metadata", specifier = "==8.7.1" },
+    { name = "iniconfig", specifier = "==2.3.0" },
+    { name = "iso8601", specifier = "==2.1.0" },
+    { name = "isodate", specifier = "==0.7.2" },
+    { name = "isort", specifier = "==6.1.0" },
+    { name = "itsdangerous", specifier = "==2.2.0" },
+    { name = "jinja2", specifier = "==3.1.6" },
+    { name = "jmespath", specifier = "==1.1.0" },
+    { name = "joserfc", specifier = "==1.6.5" },
+    { name = "jsonpatch", specifier = "==1.33" },
+    { name = "jsonpath-ng", specifier = "==1.8.0" },
+    { name = "jsonpointer", specifier = "==3.1.1" },
+    { name = "jsonschema-path", specifier = "==0.3.4" },
+    { name = "jsonschema-specifications", specifier = "==2025.9.1" },
+    { name = "jwcrypto", specifier = "==1.5.7" },
+    { name = "keystoneauth1", specifier = "==5.14.0" },
+    { name = "lazy-object-proxy", specifier = "==1.12.0" },
+    { name = "lz4", specifier = "==4.4.5" },
+    { name = "markdown-it-py", specifier = "==4.2.0" },
+    { name = "markupsafe", specifier = "==3.0.3" },
+    { name = "mccabe", specifier = "==0.7.0" },
+    { name = "mdurl", specifier = "==0.1.2" },
+    { name = "microsoft-kiota-authentication-azure", specifier = "==1.9.2" },
+    { name = "microsoft-kiota-http", specifier = "==1.9.2" },
+    { name = "microsoft-kiota-serialization-form", specifier = "==1.9.2" },
+    { name = "microsoft-kiota-serialization-json", specifier = "==1.9.2" },
+    { name = "microsoft-kiota-serialization-multipart", specifier = "==1.9.2" },
+    { name = "microsoft-kiota-serialization-text", specifier = "==1.9.2" },
+    { name = "mock", specifier = "==5.2.0" },
+    { name = "moto", specifier = "==5.1.11" },
+    { name = "mpmath", specifier = "==1.3.0" },
+    { name = "msal", specifier = "==1.36.0" },
+    { name = "msal-extensions", specifier = "==1.3.1" },
+    { name = "msgraph-core", specifier = "==1.3.8" },
+    { name = "msrest", specifier = "==0.7.1" },
+    { name = "multidict", specifier = "==6.7.1" },
+    { name = "multipart", specifier = "==1.3.1" },
+    { name = "mypy-extensions", specifier = "==1.1.0" },
+    { name = "narwhals", specifier = "==2.21.0" },
+    { name = "nest-asyncio", specifier = "==1.6.0" },
+    { name = "networkx", specifier = "==3.4.2" },
+    { name = "oauthlib", specifier = "==3.3.1" },
+    { name = "openapi-schema-validator", specifier = "==0.6.3" },
+    { name = "openapi-spec-validator", specifier = "==0.7.1" },
+    { name = "opentelemetry-api", specifier = "==1.41.1" },
+    { name = "opentelemetry-sdk", specifier = "==1.41.1" },
+    { name = "opentelemetry-semantic-conventions", specifier = "==0.62b1" },
+    { name = "os-service-types", specifier = "==1.8.2" },
+    { name = "packaging", specifier = "==26.2" },
+    { name = "pathable", specifier = "==0.4.4" },
+    { name = "pathspec", specifier = "==1.1.1" },
+    { name = "pbr", specifier = "==7.0.3" },
+    { name = "platformdirs", specifier = "==4.9.6" },
+    { name = "plotly", specifier = "==6.7.0" },
+    { name = "pluggy", specifier = "==1.6.0" },
+    { name = "prek", specifier = "==0.3.9" },
+    { name = "propcache", specifier = "==0.5.2" },
+    { name = "proto-plus", specifier = "==1.28.0" },
+    { name = "protobuf", specifier = "==7.34.1" },
+    { name = "psutil", specifier = "==7.2.2" },
+    { name = "py-partiql-parser", specifier = "==0.6.1" },
+    { name = "pyasn1", specifier = "==0.6.3" },
+    { name = "pyasn1-modules", specifier = "==0.4.2" },
+    { name = "pycodestyle", specifier = "==2.12.1" },
+    { name = "pycparser", specifier = "==3.0" },
+    { name = "pycryptodomex", specifier = "==3.23.0" },
+    { name = "pydantic-core", specifier = "==2.41.5" },
+    { name = "pydash", specifier = "==8.0.6" },
+    { name = "pyflakes", specifier = "==3.2.0" },
+    { name = "pygments", specifier = "==2.20.0" },
+    { name = "pyjwt", specifier = "==2.12.1" },
+    { name = "pylint", specifier = "==3.3.4" },
+    { name = "pynacl", specifier = "==1.6.2" },
+    { name = "pyopenssl", specifier = "==26.2.0" },
+    { name = "pyparsing", specifier = "==3.3.2" },
+    { name = "pytest", specifier = "==8.3.5" },
+    { name = "pytest-cov", specifier = "==6.0.0" },
+    { name = "pytest-env", specifier = "==1.1.5" },
+    { name = "pytest-randomly", specifier = "==3.16.0" },
+    { name = "pytest-xdist", specifier = "==3.6.1" },
+    { name = "pywin32", specifier = "==311" },
+    { name = "pyyaml", specifier = "==6.0.3" },
+    { name = "referencing", specifier = "==0.36.2" },
+    { name = "regex", specifier = "==2026.5.9" },
+    { name = "requests", specifier = "==2.34.0" },
+    { name = "requests-file", specifier = "==3.0.1" },
+    { name = "requests-oauthlib", specifier = "==2.0.0" },
+    { name = "requestsexceptions", specifier = "==1.4.0" },
+    { name = "responses", specifier = "==0.26.0" },
+    { name = "retrying", specifier = "==1.4.2" },
+    { name = "rfc3339-validator", specifier = "==0.1.4" },
+    { name = "rich", specifier = "==15.0.0" },
+    { name = "rpds-py", specifier = "==0.30.0" },
+    { name = "s3transfer", specifier = "==0.14.0" },
+    { name = "setuptools", specifier = "==82.0.1" },
+    { name = "six", specifier = "==1.17.0" },
+    { name = "sniffio", specifier = "==1.3.1" },
+    { name = "std-uritemplate", specifier = "==2.0.8" },
+    { name = "stevedore", specifier = "==5.7.0" },
+    { name = "sympy", specifier = "==1.14.0" },
+    { name = "tldextract", specifier = "==5.3.1" },
+    { name = "tomli", specifier = "==2.4.1" },
+    { name = "tomlkit", specifier = "==0.15.0" },
+    { name = "typing-extensions", specifier = "==4.15.0" },
+    { name = "typing-inspection", specifier = "==0.4.2" },
+    { name = "tzdata", specifier = "==2026.2" },
+    { name = "uritemplate", specifier = "==4.2.0" },
+    { name = "urllib3", specifier = "==2.7.0" },
+    { name = "vulture", specifier = "==2.14" },
+    { name = "websocket-client", specifier = "==1.9.0" },
+    { name = "werkzeug", specifier = "==3.1.8" },
+    { name = "wrapt", specifier = "==2.1.2" },
+    { name = "xlsxwriter", specifier = "==3.2.9" },
+    { name = "xmltodict", specifier = "==1.0.4" },
+    { name = "yarl", specifier = "==1.23.0" },
+    { name = "zipp", specifier = "==3.23.1" },
+    { name = "zstd", specifier = "==1.5.7.3" },
+]
 overrides = [{ name = "okta", specifier = "==3.4.2" }]
 
 [[package]]
@@ -1208,8 +1414,7 @@ source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "aws-sam-translator" },
     { name = "jsonpatch" },
-    { name = "networkx", version = "3.4.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" },
-    { name = "networkx", version = "3.6.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" },
+    { name = "networkx" },
     { name = "pyyaml" },
     { name = "regex" },
     { name = "sympy" },
@@ -2619,27 +2824,11 @@ wheels = [
 name = "networkx"
 version = "3.4.2"
 source = { registry = "https://pypi.org/simple" }
-resolution-markers = [
-    "python_full_version < '3.11'",
-]
 sdist = { url = "https://files.pythonhosted.org/packages/fd/1d/06475e1cd5264c0b870ea2cc6fdb3e37177c1e565c43f56ff17a10e3937f/networkx-3.4.2.tar.gz", hash = "sha256:307c3669428c5362aab27c8a1260aa8f47c4e91d3891f48be0141738d8d053e1", size = 2151368, upload-time = "2024-10-21T12:39:38.695Z" }
 wheels = [
     { url = "https://files.pythonhosted.org/packages/b9/54/dd730b32ea14ea797530a4479b2ed46a6fb250f682a9cfb997e968bf0261/networkx-3.4.2-py3-none-any.whl", hash = "sha256:df5d4365b724cf81b8c6a7312509d0c22386097011ad1abe274afd5e9d3bbc5f", size = 1723263, upload-time = "2024-10-21T12:39:36.247Z" },
 ]
 
-[[package]]
-name = "networkx"
-version = "3.6.1"
-source = { registry = "https://pypi.org/simple" }
-resolution-markers = [
-    "python_full_version >= '3.12'",
-    "python_full_version == '3.11.*'",
-]
-sdist = { url = "https://files.pythonhosted.org/packages/6a/51/63fe664f3908c97be9d2e4f1158eb633317598cfa6e1fc14af5383f17512/networkx-3.6.1.tar.gz", hash = "sha256:26b7c357accc0c8cde558ad486283728b65b6a95d85ee1cd66bafab4c8168509", size = 2517025, upload-time = "2025-12-08T17:02:39.908Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/9e/c9/b2622292ea83fbb4ec318f5b9ab867d0a28ab43c5717bb85b0a5f6b3b0a4/networkx-3.6.1-py3-none-any.whl", hash = "sha256:d47fbf302e7d9cbbb9e2555a0d267983d2aa476bac30e90dfbe5669bd57f3762", size = 2068504, upload-time = "2025-12-08T17:02:38.159Z" },
-]
-
 [[package]]
 name = "numpy"
 version = "2.0.2"