[Aikido] Fix 13 security issues in gitpython, urllib3, requests and 1 more

[aikido-autofix]

Upgrade GitPython, urllib3, requests, and Pygments to fix critical RCE vulnerabilities via Git hook injection and command execution bypasses. This update includes breaking changes that require manual migration.

⚠️ Incomplete breaking changes analysis (3/4 analyzed)

⚠️ Breaking changes analysis not available for: requests

⚠️ The package upgrades contain breaking changes that affect this codebase:

gitpython (3.1.43 => 3.1.50) - Unsafe underscored git kwargs blocked

• Where your code is affected: cruft/_commands/check.py lines 21-26

• Impact: The code passes filter="blob:none" and no_checkout=True as kwargs to get_cookiecutter_repo(), which forwards them to Repo.clone_from(). GitPython 3.1.47+ blocks underscored git kwargs like no_checkout for security reasons (GHSA-rpm5-65cw-6hj4). This will cause the check command to fail with an error about unsafe parameters.

• Remediation: Replace underscored kwargs with their non-underscored equivalents or use the appropriate GitPython API methods that don't rely on passing raw git options with underscores.

Note: The project requires Python >=3.12 (as specified in pyproject.toml), so the Python version drops in urllib3 (3.8), requests (3.9), and pygments (3.8) do not affect this codebase. Additionally, urllib3 is not directly imported, and requests/pygments are not used in the codebase at all.

All breaking changes by upgrading gitpython from version 3.1.43 to 3.1.50 (CHANGELOG)

Version	Description
3.1.47	Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 - multi-options are now checked after splitting them with shlex, and unsafe underscored git kwargs are blocked
3.1.48	Prevent out-of-repo access when manipulating references
3.1.49	Reject control chars in written values in configuration

All breaking changes by upgrading urllib3 from version 2.2.3 to 2.7.0 (CHANGELOG)

Version	Description
2.3.0	Removed support for Python 3.8.
2.6.0	Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default).
2.6.0	The number of allowed chained encodings is now limited to 5, which may cause previously working requests with more than 5 chained encodings to fail.
2.6.0	Custom decompressors must be updated to respect the changed API of urllib3.response.ContentDecoder.

All breaking changes by upgrading pygments from version 2.18.0 to 2.20.0 (CHANGELOG)

Version	Description
2.20.0	Drop Python 3.8 as a supported version

✅ 13 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42284	🚨 CRITICAL	[gitpython] A command injection vulnerability in the clone function allows attackers to bypass validation and inject arbitrary Git configuration options, enabling remote code execution through malicious repository hooks during clone operations.
CVE-2026-42215	HIGH	[gitpython] A vulnerability allows attackers to bypass Git option restrictions through Python kwargs in clone, fetch, pull, and push operations, enabling arbitrary command execution when attacker-controlled arguments are passed to these methods.
CVE-2026-44244	HIGH	[gitpython] A vulnerability in GitConfigParser.set_value() allows injection of newlines into Git configuration without proper validation, enabling attackers to inject malicious [core] sections and execute arbitrary code via Git hooks during operations like commit or merge.
CVE-2026-44243	HIGH	[gitpython] A path traversal vulnerability allows attackers to write, overwrite, move, or delete files outside the repository via crafted reference paths due to insufficient validation. This enables arbitrary file manipulation on affected systems.
GHSA-mv93-w799-cj2w	HIGH	[gitpython] Incomplete patch for newline injection allows attackers to inject arbitrary section headers into .git/config via the section parameter, enabling RCE through forged [core] section with malicious hooksPath. The value parameter validation bypasses section and option validation.
CVE-2026-44431	HIGH	[urllib3] Sensitive headers (Authorization, Cookie, Proxy-Authorization) are not stripped during cross-origin redirects when using low-level APIs via ProxyManager.connection_from_url().urlopen(), leading to potential credential disclosure to untrusted origins.
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #21