Fix dependencies

[snejus]

Fixes #6332

• Promotes packaging from a release-only dependency to a required runtime dependency by moving it into pyproject.toml's main dependencies.

• Updates poetry.lock to pick up patched versions of vulnerable libraries, notably brotli (1.1.0 → 1.2.0), urllib3 (2.5.0 → 2.6.3), werkzeug (3.1.3 → 3.1.5), and filelock (3.20.2 → 3.20.3).

[snejus]

Merging it right away for a patch release.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.95%. Comparing base (b2335b9) to head (9d7d3ae).
⚠️ Report is 4 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #6333   +/-   ##
=======================================
  Coverage   68.95%   68.95%           
=======================================
  Files         140      140           
  Lines       18685    18685           
  Branches     3058     3058           
=======================================
  Hits        12885    12885           
  Misses       5153     5153           
  Partials      647      647           

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.