Python dependency: Update safety requirement from >=3.7.0 to >=3.8.1 in /tools

[dependabot]

Updates the requirements on safety to permit the latest version.

Release notes

Sourced from safety's releases.

Version 3.8.1

What's Changed

• bump: version 3.8.0 → 3.8.1 (ec3368a)
• fix: support SFTY-format vulnerability IDs in policy files (#868) (796af4d)

Changelog

Sourced from safety's changelog.

3.8.1 (2026-05-27)

Fix

• support SFTY-format vulnerability IDs in policy files (#868)

3.8.0 (2026-05-26)

3.8.0b4 (2026-05-26)

Fix

• pin typer <0.26.0 to fix CLI import crash (#865)

3.8.0b3 (2026-03-12)

Feat

• report global/user packages linked (#843)

3.8.0b2 (2026-03-10)

Feat

• firewall: emit v2.0 auth envelope for machine token (MDM) auth (#841)
• auth: implement cross-org enrollment prevention (CLI side) (#839)
• auth: add org_slug to MachineCredentialConfig from enrollment API

Fix

• firewall: configure global package manager indexes on firewall init (#842)
• firewall: align auth priority in index_credentials with platform client
• auth: align auth priority to API Key > OAuth > Machine Token everywhere
• scan: display machine token auth in scan header instead of "Offline"

3.8.0b1 (2026-02-25)

Feat

• implement MDM enrollment authentication system (#834)
• display system scan summary to stdout after interactive scan completes (#832)
• major revamp of the system scan beta command (#829)

Fix

• drop FF for MDM authd cases (#838)
• system-scan: disable feature flag gate for MDM auth compatibility (#837)
• system-scan: resolve tool detection for versioned Windows executables (#835)
• cli: correct typos in check command docstring (#833)

... (truncated)

Commits

• ec3368a bump: version 3.8.0 → 3.8.1
• 796af4d fix: support SFTY-format vulnerability IDs in policy files (#868)
• a4d6a5c bump: version 3.8.0b4 → 3.8.0
• 2042d7b chore: update system-scan details in the README (#867)
• 7dfee9a bump: version 3.8.0b3 → 3.8.0b4
• 304fe88 fix: pin typer <0.26.0 to fix CLI import crash (#865)
• 5049dbf chore(core): remove system-scan command (#846)
• a86ed3c chore: format codebase (#844)
• c272016 bump: version 3.8.0b2 → 3.8.0b3
• 456f649 feat: report global/user packages linked (#843)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)