Upgrade dependencies to address Dependabot alerts

Upgraded packages in uv.lock to their latest secure versions, including:
- aiohttp 3.13.5
- tornado 6.5.5
- requests 2.33.1
- urllib3 2.6.3
- pillow 12.2.0
- nbconvert 7.17.1
- PyJWT 2.12.1
- orjson 3.11.8
- bokeh 3.9.0
- Pygments 2.20.0
- wheel 0.46.3
- virtualenv 21.2.1
- filelock 3.25.2

Note: protobuf was updated to 4.25.9, but further upgrade to 5.x is blocked by vlsir 7.0.0's strict constraint on protobuf<5.

Author: nikosavola