Remove uv.lock from version control

[elainethale]

Summary

Removes the committed uv.lock file, which was generating the bulk of the repository's Dependabot security alerts.

Why

• Nothing consumed it. CI and docs install via pip install ".[dev]", and the PyPI publish workflow builds with python -m build — none use uv.
• It is a library, not an application. stride-load-forecast is published to PyPI, so consumers resolve dependencies from the constraints in pyproject.toml. A lock file pins exact transitive versions that no consumer ever installs.
• Those pinned transitive deps were the source of Dependabot alerts for versions that are never deployed.

Changes

• Delete uv.lock.
• Re-enable the standard uv.lock rule in .gitignore so it is not re-committed.

Notes

Existing Dependabot alerts that reference uv.lock should auto-dismiss once this merges to the default branch. If pinned, reproducible dev environments are wanted later, the alternative is to keep the lock file and add a scoped .github/dependabot.yml.

🤖 Generated with Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.55%. Comparing base (ded9c7f) to head (35de2b8).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #67   +/-   ##
=======================================
  Coverage   75.55%   75.55%           
=======================================
  Files          50       50           
  Lines        7935     7935           
=======================================
  Hits         5995     5995           
  Misses       1940     1940           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.