[Aikido] Fix 1 critical issue in starlette and 22 other issues

[aikido-autofix]

Upgrade dependencies to fix critical buffer overflow in cryptography, Host header bypass in Starlette, RCE via malicious PSD in Pillow, decompression bomb DoS, and protobuf recursion DoS.

✅ 23 CVEs resolved by this upgrade, including 2 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-39892	🚨 CRITICAL	[cryptography] Non-contiguous buffers passed to cryptographic APIs can cause buffer overflows, potentially leading to memory corruption and arbitrary code execution.
CVE-2026-26007	MEDIUM	[cryptography] Missing validation of elliptic curve public key points allows attackers to use small-order subgroup points, enabling private key information leakage via ECDH and signature forgery via ECDSA on affected curves.
CVE-2026-34073	MEDIUM	[cryptography] DNS name constraint validation was incomplete, only checking Subject Alternative Names in child certificates but not the peer name during validation, allowing constrained domains to bypass restrictions through wildcard certificates.
AIKIDO-2026-10923	🚨 CRITICAL	[starlette] Improper Host header validation allows attackers to craft malicious headers with path or query delimiters, causing request.url.path to diverge from the actual requested path and potentially bypassing path-based security checks or authorization middleware.
CVE-2026-42311	HIGH	[pillow] is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.
CVE-2026-40192	HIGH	[pillow] A decompression bomb vulnerability in FITS image decoding allows unbounded GZIP decompression, enabling attackers to cause denial of service through excessive memory consumption via specially crafted FITS files.
CVE-2026-42308	MEDIUM	[pillow] is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
CVE-2026-42310	MEDIUM	[pillow] is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
CVE-2026-0994	HIGH	[protobuf] ParseDict() fails to properly track recursion depth when handling nested Any messages, allowing attackers to bypass the max_recursion_depth limit and trigger a RecursionError, causing denial of service.
CVE-2026-41066	HIGH	[lxml] XML External Entity (XXE) injection vulnerability allows reading local files through untrusted XML input when entity resolution is enabled in default parser configuration.
CVE-2026-42561	HIGH	[python-multipart] A denial of service vulnerability exists in multipart header parsing where attackers can send requests with excessive headers or oversized header values, causing high CPU consumption before request rejection.
CVE-2026-40347	MEDIUM	[python-multipart] A denial of service vulnerability exists in multipart form-data parsing when handling requests with large preamble or epilogue sections. Attackers can craft malicious requests to cause excessive processing and resource consumption.
AIKIDO-2026-11057	HIGH	[soupsieve] A memory exhaustion vulnerability exists in the CSS selector parser that creates excessive CSSSelector objects from large comma-separated lists without limits, allowing attackers to trigger denial of service through crafted selector strings with ~488x memory amplification.
AIKIDO-2026-11059	MEDIUM	[soupsieve] Regular expression denial of service vulnerability in CSS selector parser due to exponential backtracking on unterminated quoted attribute selectors, allowing attackers to cause severe CPU consumption and parser hangs with minimal input.
CVE-2026-45409	MEDIUM	[idna] A specially crafted input to the encode() function can cause excessive processing time through the valid_contexto function, leading to denial-of-service attacks. The vulnerability affects arbitrarily large inputs that bypass length validation checks.
AIKIDO-2026-10911	MEDIUM	[huggingface-hub] Local users can read API tokens stored with world-readable permissions in the cache directory, allowing unauthorized authentication to the Hub. The fix restricts file permissions to owner-only access for newly created and existing token files.
CVE-2026-34993	MEDIUM	[aiohttp] CookieJar.load() with untrusted input allows arbitrary code execution through unsafe deserialization. This vulnerability impacts applications that load cookie files from untrusted sources.
AIKIDO-2026-10636	MEDIUM	[tokenizers] The Python EncodingVisualizer fails to escape user-controlled text before embedding it in generated HTML, allowing attackers to inject malicious scripts or HTML that execute in browser or notebook contexts. This cross-site scripting vulnerability can compromise the security of visualization workflows that display the output to users.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
AIKIDO-2026-10472	MEDIUM	[mcp] Command injection vulnerability in example code that executes shell commands with unsanitized user-controlled URLs, allowing attackers to inject arbitrary commands and achieve remote code execution.
AIKIDO-2026-10290	MEDIUM	[onnxruntime] The ArrayFeatureExtractor operator lacks validation for negative index values, allowing only upper bound checks. An attacker can exploit this out-of-bounds read vulnerability to access unintended heap memory and leak sensitive data during model inference.
CVE-2026-44431	MEDIUM	[urllib3] is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #58