Security issues with dependencies

[kantselovich]

Describe the bug

data-diff dependencies contain software packages with security vulnerabilities

	PACKAGE	FILE	CVE ID	INSTALLED VERSION	FIXED VERSION
	deepdiff	./uv.lock	CVE-2025-58367	7.0.1	8.6.1	View in code
	deepdiff	./uv.lock	CVE-2026-33155	7.0.1	8.6.2	View in code
	mysql-connector-python	./uv.lock	CVE-2024-21272	8.0.29	9.1.0	View in code
	orjson	./uv.lock	CVE-2025-67221	3.11.5	3.11.6	View in code
	protobuf	./uv.lock	CVE-2026-0994	4.25.8	6.33.5, 5.29.6	View in code
	pyjwt	./uv.lock	CVE-2026-32597	2.9.0	2.12.0	View in code
	pyopenssl	./uv.lock	CVE-2026-27459	25.3.0	26.0.0	View in code
	urllib3	./uv.lock	CVE-2025-66418	1.26.20	2.6.0	View in code
	urllib3	./uv.lock	CVE-2025-66471	1.26.20	2.6.0	View in code
	urllib3	./uv.lock	CVE-2026-21441	1.26.20	2.6.3	View in code

Note: The scan should have failed if no policies were configured in warn-only mode.

☢️ The following Vulnerabilities (CVEs) have been detected

PACKAGE FILE CVE ID INSTALLED VERSION FIXED VERSION
critical deepdiff ./uv.lock GHSA-mw26-5g2v-hqw3 7.0.1 8.6.1 View in code
high deepdiff ./uv.lock GHSA-54jj-px8x-5w5q 7.0.1 8.6.2 View in code
high mysql-connector-python ./uv.lock GHSA-hgjp-83m4-h4fj 8.0.29 9.1.0 View in code
high orjson ./uv.lock GHSA-hx9q-6w63-j58v 3.11.5 3.11.6 View in code
high protobuf ./uv.lock GHSA-7gcm-g887-7qv7 4.25.8 6.33.5, 5.29.6 View in code
high pyjwt ./uv.lock GHSA-752w-5fwx-jx9f 2.9.0 2.12.0 View in code
high pyopenssl ./uv.lock GHSA-5pwr-322w-8jr4 25.3.0 26.0.0 View in code
high urllib3 ./uv.lock GHSA-gm62-xv2j-4w53 1.26.20 2.6.0 View in code
high urllib3 ./uv.lock GHSA-2xpw-w6gg-jr37 1.26.20 2.6.0 View in code
high urllib3 ./uv.lock GHSA-38jv-5279-wg99 1.26.20 2.6.3 View in code
Note: The scan should have failed if no policies were configured in warn-only mode.

If possible, please paste these as text, and not a screenshot.

Describe the environment

Describe which OS you're using, which data-diff version, and any other information that might be relevant to this bug.