[Aikido] Fix 14 security issues in gitpython, urllib3, requests and 2 more

[aikido-autofix]

Upgrade GitPython, urllib3, requests, idna, and Pygments to fix critical RCE vulnerabilities via Git hook injection and command execution bypasses. This update includes breaking changes that require manual migration.

⚠️ Incomplete breaking changes analysis (3/5 analyzed)

⚠️ Breaking changes analysis not available for: requests, idna

⚠️ The gitpython upgrade contains a breaking change that affects this codebase:

Breaking Change: Underscored git kwargs blocked (gitpython 3.1.47)

• Where your code is affected: cruft/_commands/check.py lines 21-26 passes no_checkout=True and filter="blob:none" as kwargs to get_cookiecutter_repo(), which forwards them via **clone_kwargs to Repo.clone_from().

• Impact: The security fix in gitpython 3.1.47 blocks unsafe underscored git kwargs. The no_checkout parameter (with underscore) will be rejected, causing the check command to fail with a security error.

• Remediation: Replace underscored parameter names with their hyphenated equivalents (e.g., no_checkout=True should become no-checkout=True) or use the proper GitPython API methods instead of passing raw git options.

All breaking changes by upgrading gitpython from version 3.1.43 to 3.1.50 (CHANGELOG)

Version	Description
3.1.47	Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 - multi-options are now checked after splitting them with shlex, and unsafe underscored git kwargs are blocked
3.1.48	Prevent out-of-repo access when manipulating references
3.1.49	Reject control chars in written values in configuration

All breaking changes by upgrading urllib3 from version 2.2.3 to 2.7.0 (CHANGELOG)

Version	Description
2.3.0	Removed support for Python 3.8.
2.6.0	Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default).
2.6.0	The number of allowed chained encodings is now limited to 5, which may cause previously working requests with more than 5 chained encodings to fail.
2.6.0	Custom decompressors must be updated to respect the changed API of urllib3.response.ContentDecoder.

All breaking changes by upgrading pygments from version 2.18.0 to 2.20.0 (CHANGELOG)

Version	Description
2.20.0	Drop Python 3.8 as a supported version

✅ 14 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42284	🚨 CRITICAL	[gitpython] A command injection vulnerability in the clone function allows attackers to bypass validation and inject arbitrary Git configuration options, enabling remote code execution through malicious repository hooks during clone operations.
CVE-2026-42215	HIGH	[gitpython] A vulnerability allows attackers to bypass Git option restrictions through Python kwargs in clone, fetch, pull, and push operations, enabling arbitrary command execution when attacker-controlled arguments are passed to these methods.
CVE-2026-44244	HIGH	[gitpython] A vulnerability in GitConfigParser.set_value() allows injection of newlines into Git configuration without proper validation, enabling attackers to inject malicious [core] sections and execute arbitrary code via Git hooks during operations like commit or merge.
CVE-2026-44243	HIGH	[gitpython] A path traversal vulnerability allows attackers to write, overwrite, move, or delete files outside the repository via crafted reference paths due to insufficient validation. This enables arbitrary file manipulation on affected systems.
GHSA-mv93-w799-cj2w	HIGH	[gitpython] Incomplete patch for newline injection allows attackers to inject arbitrary section headers into .git/config via the section parameter, enabling RCE through forged [core] section with malicious hooksPath. The value parameter validation bypasses section and option validation.
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-44431	MEDIUM	[urllib3] is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
CVE-2026-45409	LOW	[idna] A denial-of-service vulnerability exists where specially crafted inputs with repeated Unicode characters cause excessive processing time in domain name validation. Enforcing a 253-character length limit before processing mitigates the issue.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.