Bump filelock from 3.20.1 to 3.20.3 (#135)

* Bump filelock from 3.20.1 to 3.20.3

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.20.1 to 3.20.3.
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.20.1...3.20.3)

---
updated-dependencies:
- dependency-name: filelock
  dependency-version: 3.20.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix security vulnerabilities in dependencies

Security updates:
- Update aiohttp from 3.12.15 to 3.13.3 (fixes GHSA-6mq8-rvhq-8wgg, GHSA-69f9-5gxw-wvc2, GHSA-6jhg-hg63-jvvf, GHSA-g84x-mcqj-x9qq, GHSA-fh55-r93g-j68g, GHSA-54jq-c3m8-4m76, GHSA-jj3x-wxrx-4x23, GHSA-mqqc-3gqh-h2x8)
- Update urllib3 from 2.6.2 to 2.6.3 (fixes GHSA-38jv-5279-wg99)
- Update virtualenv from 20.34.0 to 20.36.1 (fixes GHSA-597g-3phw-6986)

All vulnerabilities have been addressed with patched versions.

Severity: High (8 aiohttp DoS/request smuggling vulnerabilities)

Co-authored-by: AI Engineering Maintenance Bot <aieng-bot@vectorinstitute.ai>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amrit Krishnan <amrit110@gmail.com>
Co-authored-by: AI Engineering Maintenance Bot <aieng-bot@vectorinstitute.ai>

Author: 3 people

pyproject.toml

@@ -18,8 +18,8 @@ dependencies = [
     "idna==3.7",
     "scipy>=1.15.3",
     "scikit-learn>=1.6.1",
-    "urllib3>=2.6.0",
-    "filelock==3.20.1",
+    "urllib3>=2.6.3",
+    "filelock==3.20.3",
 ]
 
 [dependency-groups]
@@ -32,6 +32,8 @@ test = [
     "ruff>=0.2.0",
     "nbqa[toolchain]>=1.7.0",
     "pip-audit>=2.7.1",
+    "aiohttp>=3.13.3",
+    "virtualenv>=20.36.1",
 ]
 docs = [
     "jinja2>=3.1.6", # Pinning version to address vulnerability GHSA-cpwx-vrp4-4pq7