fix: update web3 dependency to allow security fix GHSA-5hr4-253g-cpx2

[Kubudak90]

Description

Fixes #636

Updates the web3.py dependency from <=7.10.0 to <8.0.0 to allow the security fix for GHSA-5hr4-253g-cpx2 (SSRF via CCIP Read).

The security fix shipped in web3.py v7.15.0 on April 2, 2026. The current pin (<=7.10.0) blocks this and all future security updates.

Changes

• python/pyproject.toml: Changed web3>=7.6.0,<=7.10.0 to web3>=7.6.0,<8.0.0
• Added changelog entry

Security Impact

This resolves a Server-Side Request Forgery (SSRF) vulnerability via CCIP Read that could allow attackers to make requests to internal services.

Testing

• Verify package installs with web3 v7.15.0+
• Run existing test suite to ensure compatibility

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 1 Sum 2