Fix/update packages to address security alert

[woodsh17]

📋 PR Checklist

• This PR is tagged as a draft if it is still under development and not ready for review.

  This avoids auto-triggering the slower tests in the CI and needlessly wasting resources.

• I have ensured that all my commits follow angular commit message conventions.

  Format: <type>[optional scope]: <subject>
  Example: fix(af3): add missing crop transform to the af3 pipeline

  This affects semantic versioning as follows:

  • fix: patch version increment (0.0.1 → 0.0.2)
  • feat: minor version increment (0.0.1 → 0.1.0)
  • BREAKING CHANGE: major version increment (0.0.1 → 1.0.0)
  • All other types do not affect versioning

  The format ensures readable changelogs through auto-generation from commit messages.

• I have run make format on the codebase before submitting the PR (this autoformats the code and lints it).

• I have named the PR in angular PR message format as well (c.f. above), with a sensible tag line that summarizes all the changes in the PR.

  This is useful as the name of the PR is the default name of the commit that will be used if you merge with a squash & merge.
  Format: <type>[optional scope]: <subject>
  Example: fix(af3): add missing crop transform to the af3 pipeline

---

ℹ️ PR Description

This PR updates packages in pyproject.toml to address security risks

What changes were made and why?

Updated packages are:
urlib3, pillow, idna, requests, filelock, cryptography, tornado, python-dotenv, pygments

How were the changes tested?

I ran the slow and not slow tests locally. I did not run the benchmark tests locally.

Additional Notes

[nscorley]

Thank you! One small question about torch requirements

[nscorley]

What is the reason we need this torch bump? It's a pretty important dependency and I know of some projects that were using 2.7

[woodsh17]

This was based on this alert, but we can revert it back to 2.2.0 for now.