Merge branch 'main' into fix/windows-fcntl-import-crash

Author: WolffM

pyproject.toml

@@ -2,6 +2,14 @@
 [tool.uv.workspace]
 members = ["openhands-sdk", "openhands-tools", "openhands-workspace", "openhands-agent-server"]
 
+# Security: Enforce minimum versions for transitive dependencies with known CVEs
+[tool.uv]
+constraint-dependencies = [
+    "starlette>=0.49.1",  # CVE-2025-62727
+    "aiohttp>=3.13.3",  # CVE-2025-69223 + 7 others
+    "urllib3>=2.6.3",  # CVE-2026-21441, CVE-2025-66471, CVE-2025-66418
+]
+
 # Workspace sources for intra-repo dependencies
 [tool.uv.sources]
 openhands-sdk = { workspace = true }