[Aikido] Fix 7 security issues in urllib3, requests, pygments

[aikido-autofix]

Upgrade urllib3, requests, and pygments to fix decompression bomb DoS vulnerabilities, redirect bypass SSRF issues, and other critical security flaws.

✅ Code not affected by breaking changes.

No breaking changes from these package upgrades affect this codebase:

• Python version compatibility: The project requires Python >=3.12, which is well above the minimum requirements of urllib3 (>=3.9), requests (>=3.10), and pygments (>=3.9). The dropped support for Python 3.8 and 3.9 does not affect this project.

• urllib3 deprecated methods: The codebase does not directly use urllib3 or any of the removed methods (HTTPResponse.getheaders(), HTTPResponse.getheader(), or custom ContentDecoder implementations).

• Indirect usage: While these packages are transitive dependencies (requests depends on urllib3, and other dev tools may use pygments), the codebase does not directly interact with them, so the API changes do not impact the code.

All breaking changes by upgrading urllib3 from version 2.2.3 to 2.6.3 (CHANGELOG)

Version	Description
2.3.0	Removed support for Python 3.8.
2.6.0	Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default).
2.6.0	The number of allowed chained encodings is now limited to 5, which may cause previously working requests with more than 5 chained Content-Encoding values to fail.
2.6.0	Custom decompressors must be updated to respect the changed API of urllib3.response.ContentDecoder.

All breaking changes by upgrading requests from version 2.32.3 to 2.33.0 (CHANGELOG)

Version	Description
2.33.0	Dropped support for Python 3.9 following its end of support.

All breaking changes by upgrading pygments from version 2.18.0 to 2.20.0 (CHANGELOG)

Version	Description
2.20.0	Drop Python 3.8 as a supported version

✅ 7 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #18