[codex] Update urllib3 for Dependabot alerts

[davidchris]

Summary

Updates the locked transitive urllib3 dependency from 2.6.3 to 2.7.0.

Addresses the two open high-severity Dependabot alerts on uv.lock:

• [codex] Update urllib3 for Dependabot alerts #40 / GHSA-mf9v-mfxr-j63j / CVE-2026-44432: decompression-bomb safeguards bypass in parts of the streaming API
• chore(deps): bump idna from 3.10 to 3.15 in the uv group across 1 directory #41 / GHSA-qccp-gfcp-xxvc / CVE-2026-44431: sensitive headers forwarded across origins in proxied low-level redirects

Also hardens the only npm-using helper script by installing Playwright with --ignore-scripts and invoking the local Playwright binary instead of npx -y.

Shai-Hulud compromise checks

Checked the repo against the May 2026 public indicators for Mini Shai-Hulud npm and PyPI campaigns.

npm/TanStack indicators:

• no tracked Node dependency manifests or lockfiles (package.json, package-lock.json, pnpm-lock.yaml, yarn.lock, bun.lock, bun.lockb)
• no affected package namespace/package markers found (@tanstack, @squawk, @uipath, @mistralai, etc.)
• no payload/dependency markers found (router_init.js, router_runtime.js, tanstack_runner.js, @tanstack/setup, github:tanstack/router#79ac49...)
• GitHub Actions workflow is Python-only, has contents: read, and does not publish npm packages or request OIDC/npm publish privileges

PyPI indicators:

• uv.lock and pyproject.toml do not include the reported compromised packages/versions: lightning==2.6.2, lightning==2.6.3, mistralai==2.4.6, or guardrails-ai==0.10.1
• uv tree --locked --all-groups confirms all dependency groups resolve without those packages
• local .venv metadata check shows lightning, pytorch-lightning, mistralai, guardrails-ai, and opensearch-py are not installed
• no PyPI payload markers found (transformers.pyz, _runtime/start.py, router_runtime.js, git-tanstack, 83.142.209.194, Shai-Hulud strings)

Validation

• pre-commit run --all-files
• uv run pytest
• uv build
• pre-push hook during git push