[Aikido] Fix 13 security issues in gitpython, urllib3, requests and 1 more

[aikido-autofix]

Upgrade GitPython, urllib3, requests, and Pygments to fix critical RCE vulnerabilities via Git hook injection and command execution bypasses. This update includes breaking changes that require manual migration.

⚠️ Incomplete breaking changes analysis (3/4 analyzed)

⚠️ Breaking changes analysis not available for: requests

⚠️ The package upgrades contain breaking changes that affect this codebase:

gitpython (3.1.43 => 3.1.50)

1. Blocked unsafe underscored git kwargs (GHSA-rpm5-65cw-6hj4)

• Where your code is affected: cruft/_commands/check.py lines 21-26

• Impact: The code passes no_checkout=True as a kwarg to Repo.clone_from(). This underscored parameter is now blocked by GitPython's security fix as it gets converted to the --no-checkout git option, which is subject to the new security validation.

• Remediation: Replace no_checkout=True with the non-underscored equivalent parameter or use a different approach that doesn't rely on underscored git kwargs.

2. Out-of-repo access prevention when manipulating references

• Where your code is affected: cruft/_commands/utils/generate.py line 41

• Impact: The code accesses repo.remotes.origin.refs["HEAD"] which may be affected by the new security restrictions on reference manipulation to prevent out-of-repo access.

• Remediation: Verify that the reference access pattern is within the allowed security boundaries or use alternative methods to get the HEAD reference that comply with the new restrictions.

urllib3, requests, pygments

No breaking changes from these packages affect this codebase:

• This project requires Python >= 3.12 (per pyproject.toml), so dropping support for Python 3.8 and 3.9 has no impact

• No direct usage of urllib3.HTTPResponse.getheaders(), getheader(), or ContentDecoder found in the codebase

• No direct usage of urllib3 found in the codebase

All breaking changes by upgrading gitpython from version 3.1.43 to 3.1.50 (CHANGELOG)

Version	Description
3.1.47	Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 - multi-options are now checked after splitting them with shlex, and unsafe underscored git kwargs are blocked
3.1.48	Prevent out-of-repo access when manipulating references
3.1.49	Reject control chars in written values in configuration

All breaking changes by upgrading urllib3 from version 2.2.3 to 2.7.0 (CHANGELOG)

Version	Description
2.3.0	Removed support for Python 3.8.
2.6.0	Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default).
2.6.0	The number of allowed chained encodings is now limited to 5, which may cause previously working requests with more than 5 chained encodings to fail.
2.6.0	Custom decompressors must be updated to respect the changed API of urllib3.response.ContentDecoder.

All breaking changes by upgrading pygments from version 2.18.0 to 2.20.0 (CHANGELOG)

Version	Description
2.20.0	Drop Python 3.8 as a supported version

✅ 13 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42284	🚨 CRITICAL	[gitpython] A command injection vulnerability in the clone function allows attackers to bypass validation and inject arbitrary Git configuration options, enabling remote code execution through malicious repository hooks during clone operations.
CVE-2026-42215	HIGH	[gitpython] A vulnerability allows attackers to bypass Git option restrictions through Python kwargs in clone, fetch, pull, and push operations, enabling arbitrary command execution when attacker-controlled arguments are passed to these methods.
CVE-2026-44244	HIGH	[gitpython] A vulnerability in GitConfigParser.set_value() allows injection of newlines into Git configuration without proper validation, enabling attackers to inject malicious [core] sections and execute arbitrary code via Git hooks during operations like commit or merge.
CVE-2026-44243	HIGH	[gitpython] A path traversal vulnerability allows attackers to write, overwrite, move, or delete files outside the repository via crafted reference paths due to insufficient validation. This enables arbitrary file manipulation on affected systems.
GHSA-mv93-w799-cj2w	HIGH	[gitpython] Incomplete patch for newline injection allows attackers to inject arbitrary section headers into .git/config via the section parameter, enabling RCE through forged [core] section with malicious hooksPath. The value parameter validation bypasses section and option validation.
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-44431	MEDIUM	[urllib3] is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #22