chore: update dependencies (31 of 38 packages)

[KyleKing]

Update dependencies in batches to reduce security vulnerabilities and benefit from bug fixes:

Batch 1 - Patch updates (5 packages):

• certifi, charset-normalizer, idna, markupsafe, wcwidth

Batch 2 - Tool updates (2 packages):

• ruff 0.13.0 → 0.14.5
• mypy 1.17.1 → 1.18.2

Batch 3 - Testing (1 package):

• pytest-randomly 4.0.0 → 4.0.1

Batch 4 - Major version updates (2 packages):

• syrupy 4.9.1 → 5.0.0
• pytest 8.4.2 → 9.0.1

Batch 5 - Remaining updates (21 packages):

• rich, platformdirs, mkdocs-material, commitizen, nox
• markdown, pyyaml, pyparsing, termcolor, virtualenv
• pymdown-extensions, colorlog, griffe, mkdocstrings-python
• argcomplete, invoke, coverage, filelock, iniconfig
• types-python-dateutil, and more

Still outdated (7 packages - blocked by constraints):

• arrow, attrs, backrefs, beartype, click, markdown-it-py, prompt-toolkit

All tests pass. Addresses critical finding from project review.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Align lockfile format with CI Poetry version

poetry.lock was regenerated by Poetry 2.2.1, bumping the lock-format to 2.1 (poetry.lock lines 2329‑2331, header line 1). The CI setup still pins Poetry 1.8.3 (.github/actions/setup/action.yml lines 10‑25), and Poetry 1.x rejects lockfiles with a higher lock-version. As soon as CI runs poetry install, it will fail to parse this lockfile until the workflow is upgraded to Poetry ≥2.2 or the lockfile is regenerated with the pinned 1.8.x tool.

Useful? React with 👍 / 👎.