[Aikido] Fix 11 security issues in gitpython, urllib3, requests and 1 more

[aikido-autofix]

Upgrade GitPython, urllib3, requests, and pygments to fix critical RCE vulnerabilities via unsafe Git option bypass, config injection, reference path traversal, and decompression DoS attacks.

⚠️ Incomplete breaking changes analysis (2/4 analyzed)

⚠️ Breaking changes analysis not available for: gitpython, urllib3

✅ After thorough analysis of the codebase, none of the breaking changes in the package upgrades affect this codebase:

Python version compatibility: The project requires Python >=3.12 (as specified in pyproject.toml), which is well above the minimum versions required by the upgraded packages (urllib3 requires 3.9+, requests requires 3.10+, pygments requires 3.9+).

urllib3 changes: No usage of HTTPResponse.getheaders(), HTTPResponse.getheader(), ContentDecoder, or chained Content-Encoding values found in the codebase.

gitpython changes:

• The security fixes in 3.1.47-3.1.49 target unsafe underscored kwargs (parameters starting with _), control characters in config values, and out-of-repo reference access.

• The codebase uses standard GitPython parameters like working_tree=True in repo.head.reset() calls (cruft/_commands/utils/generate.py:40 and tests/test_api.py:106), which are legitimate parameters, not unsafe underscored kwargs.

• The filter="blob:none" and no_checkout=True parameters passed to Repo.clone_from() in cruft/_commands/check.py:23-24 are standard snake_case parameters, not underscored kwargs that would be blocked.

• No git configuration manipulation or reference manipulation outside of repo boundaries detected.

All breaking changes are related to features not used by this codebase.

All breaking changes by upgrading requests from version 2.32.3 to 2.33.1 (CHANGELOG)

Version	Description
2.33.0	Dropped support for Python 3.9 following its end of support.

All breaking changes by upgrading pygments from version 2.18.0 to 2.20.0 (CHANGELOG)

Version	Description
2.20.0	Drop Python 3.8 as a supported version

✅ 11 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42215	HIGH	[gitpython] GitPython's unsafe option validation can be bypassed by using Python kwargs with underscores (e.g., upload_pack) instead of hyphens, which are normalized to dangerous Git flags after the safety check, enabling arbitrary command execution. This affects Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() when processing attacker-controlled kwargs.
CVE-2026-42284	HIGH	[gitpython] Validation of multi_options in clone() occurs before string splitting, allowing attackers to embed unsafe git config options (like --config core.hooksPath=) within safe-looking strings to bypass checks and achieve remote code execution during clone operations.
CVE-2026-44243	HIGH	[gitpython] Path traversal vulnerability in reference operations allows attackers to write, overwrite, move, or delete files outside the repository via insufficient validation of reference paths. This can lead to arbitrary file write/deletion and denial of service.
CVE-2026-44244	HIGH	[gitpython] GitPython's set_value() fails to validate newlines in config values, allowing attackers to inject Git config sections (e.g., [core] with malicious hooksPath). This enables arbitrary code execution when Git operations invoke hooks, particularly dangerous when user-supplied inputs like author names reach set_value() without sanitization.
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #19