build(deps): bump langchain-openai to 1.1.14 and pytest to 9.0.3 (#537)

Closes Dependabot alerts:
- #190-195: langchain-openai SSRF via DNS rebinding (GHSA-r7w7-9xr2-qq2r)
- #171-173: pytest tmpdir handling

Required transitive bumps:
- openlit 1.38 -> 1.41 (to allow openai>=2)
- pytest-asyncio 0.25 -> 1.3 (for pytest 9 compatibility)
- openai 1.109 -> 2.x (required by langchain-openai 1.1.14)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: hbrodin

common/pyproject.toml

@@ -18,7 +18,7 @@ dependencies = [
 [project.optional-dependencies]
 full = [
     "protobuf>=5.0",
-    "openlit ~=1.38.0",
+    "openlit ~=1.41.0",
     "langfuse ~=4.0.1",
 ]
 

common/uv.lock

@@ -40,8 +40,8 @@ buttercup-ui = "buttercup.orchestrator.ui.__cli__:main"
 [dependency-groups]
 dev = [
     # Testing tools
-    "pytest ~=8.3.4",
-    "pytest-asyncio ~=0.25.2",
+    "pytest ~=9.0.3",
+    "pytest-asyncio ~=1.3.0",
     "pytest-cov ~=6.0.0",
     "pytest-xdist ~=3.6.1",
     "fastapi[standard] ~=0.128.0",

fuzzer/uv.lock

@@ -28,8 +28,8 @@ buttercup-patcher = "buttercup.patcher.__cli__:main"
 [dependency-groups]
 dev = [
     # Testing tools
-    "pytest ~=8.3.4",
-    "pytest-asyncio ~=0.25.2",
+    "pytest ~=9.0.3",
+    "pytest-asyncio ~=1.3.0",
     "pytest-cov ~=6.0.0",
     "pytest-xdist ~=3.6.1",
     # Linting and type checking

orchestrator/pyproject.toml

@@ -33,9 +33,9 @@ build-backend = "hatchling.build"
 [dependency-groups]
 dev = [
     # Testing tools
-    "pytest ~=8.3.4",
+    "pytest ~=9.0.3",
     "pytest-cov ~=6.0.0",
-    "pytest-asyncio ~=0.25.2",
+    "pytest-asyncio ~=1.3.0",
     # Linting and type checking
     "ruff ~=0.14.0",
     "ty",  # Astral type checker (replaces mypy)