deps: pin transitive dependencies for security fixes

- urllib3>=2.6.3 (CVE-2025-43859)
- jaraco.context>=6.1.0 (GHSA-58pv-8j8x-9vj2)
- setuptools>=80.0 (vendored jaraco.context)

reduces High vulnerabilities from 6 to 3

pyproject.toml

@@ -7,6 +7,9 @@ requires-python = ">=3.11"
 dependencies = [
     "flask>=3.0",
     "cryptography>=42.0",
+    # Security fixes (transitive dependency pins)
+    "urllib3>=2.6.3",
+    "jaraco.context>=6.1.0",
 ]
 
 [project.optional-dependencies]

requirements.txt

@@ -9,3 +9,8 @@ prometheus-flask-exporter>=0.23
 
 # PKI support (optional)
 cryptography>=42.0
+
+# Security fixes (transitive dependency pins)
+urllib3>=2.6.3
+jaraco.context>=6.1.0
+setuptools>=80.0