[Aikido] Fix 12 security issues in gitpython, urllib3, requests and 1 more

[aikido-autofix]

Upgrade GitPython, urllib3, requests, and Pygments to fix critical RCE vulnerabilities via Git hook injection and command execution bypasses. This update includes breaking changes that require manual migration.

⚠️ Incomplete breaking changes analysis (3/4 analyzed)

⚠️ Breaking changes analysis not available for: urllib3

⚠️ The gitpython upgrade from 3.1.43 to 3.1.50 introduces a breaking change that affects this codebase.

Breaking Change: Underscored git kwargs blocked (gitpython 3.1.47)

• Where your code is affected: cruft/_commands/check.py lines 23-24, where filter="blob:none" and no_checkout=True are passed to get_cookiecutter_repo(), which forwards them to Repo.clone_from().

• Impact: The check command will fail when gitpython blocks these underscored kwargs as part of the security fix for GHSA-rpm5-65cw-6hj4. The git clone operation will raise an error about unsafe parameters.

• Remediation: Replace the underscored kwargs with their non-underscored equivalents or use gitpython's approved API methods. For filter and no_checkout, check gitpython 3.1.50 documentation for the correct parameter names (likely --filter via git command options) or refactor to use multi-option syntax that gitpython now requires.

All breaking changes by upgrading gitpython from version 3.1.43 to 3.1.50 (CHANGELOG)

Version	Description
3.1.47	Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 - multi-options are now checked after splitting them with shlex, and unsafe underscored git kwargs are blocked
3.1.48	Prevent out-of-repo access when manipulating references
3.1.49	Reject control chars in written values in configuration

All breaking changes by upgrading requests from version 2.32.3 to 2.33.1 (CHANGELOG)

Version	Description
2.33.0	Dropped support for Python 3.9 following its end of support.

All breaking changes by upgrading pygments from version 2.18.0 to 2.20.0 (CHANGELOG)

Version	Description
2.20.0	Drop Python 3.8 as a supported version

✅ 12 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42284	🚨 CRITICAL	[gitpython] A command injection vulnerability in the clone function allows attackers to bypass validation and inject arbitrary Git configuration options, enabling remote code execution through malicious repository hooks during clone operations.
CVE-2026-42215	HIGH	[gitpython] A vulnerability allows attackers to bypass Git option restrictions through Python kwargs in clone, fetch, pull, and push operations, enabling arbitrary command execution when attacker-controlled arguments are passed to these methods.
CVE-2026-44244	HIGH	[gitpython] A vulnerability in GitConfigParser.set_value() allows injection of newlines into Git configuration without proper validation, enabling attackers to inject malicious [core] sections and execute arbitrary code via Git hooks during operations like commit or merge.
CVE-2026-44243	HIGH	[gitpython] A path traversal vulnerability allows attackers to write, overwrite, move, or delete files outside the repository via crafted reference paths due to insufficient validation. This enables arbitrary file manipulation on affected systems.
GHSA-mv93-w799-cj2w	HIGH	[gitpython] Incomplete patch for newline injection allows attackers to inject arbitrary section headers into .git/config via the section parameter, enabling RCE through forged [core] section with malicious hooksPath. The value parameter validation bypasses section and option validation.
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #20