[Aikido] Fix 23 security issues in aiohttp, pypdf, requests and 5 more

[aikido-autofix]

Upgrade dependencies to fix critical buffer overflow in cryptography and multiple high-severity vulnerabilities in aiohttp including header injection, DoS, and information disclosure.

✅ 23 CVEs resolved by this upgrade, including 2 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-39892	🚨 CRITICAL	[cryptography] Non-contiguous buffers passed to cryptographic APIs can cause buffer overflows, potentially leading to memory corruption and arbitrary code execution.
CVE-2026-34073	MEDIUM	[cryptography] DNS name constraint validation was incomplete, only checking Subject Alternative Names in child certificates but not the peer name during validation, allowing constrained domains to bypass restrictions through wildcard certificates.
CVE-2026-34520	🚨 CRITICAL	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.
CVE-2026-34515	HIGH	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.
CVE-2026-34516	HIGH	[aiohttp] A response with an excessive number of multipart headers can consume more memory than intended, leading to a denial of service (DoS) vulnerability through resource exhaustion.
CVE-2026-34513	HIGH	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4.
CVE-2026-22815	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.
CVE-2026-34525	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
CVE-2026-34514	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.
CVE-2026-34517	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.
CVE-2026-34518	MEDIUM	[aiohttp] When following redirects to a different origin, the framework fails to drop the Cookie and Proxy-Authorization headers alongside the Authorization header, potentially leaking sensitive authentication credentials to untrusted domains.
CVE-2026-34519	MEDIUM	[aiohttp] is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.
CVE-2026-33699	HIGH	[pypdf] A crafted PDF can trigger an infinite loop when processed in non-strict mode, causing a denial of service. This vulnerability allows attackers to crash or hang applications that parse untrusted PDF files.
CVE-2026-40260	MEDIUM	[pypdf] Manipulated XMP metadata entity declarations in PDF files can cause excessive RAM consumption, leading to denial of service. An attacker can craft a malicious PDF that exhausts memory when its XMP metadata is parsed.
GHSA-4pxv-j86v-mhcw	MEDIUM	[pypdf] A crafted PDF with a large trailer /Size value can cause excessive runtime when loaded in incremental mode, resulting in a denial of service condition.
GHSA-7gw9-cf7v-778f	MEDIUM	[pypdf] A crafted PDF with FlateDecode compression and specific predictor parameters can exhaust system RAM, causing a denial of service attack. An attacker can exploit this by processing maliciously designed PDF streams with large predictor values.
GHSA-x284-j5p8-9c5p	MEDIUM	[pypdf] A crafted PDF with a /FlateDecode image using large size values can exhaust system RAM, causing a denial of service attack. An attacker can exploit this vulnerability by processing a malicious PDF file.
GHSA-jj6c-8h6c-hppx	MEDIUM	[pypdf] A maliciously crafted PDF with incorrect cross-reference stream /Size values or object stream /N values can cause excessive runtime, leading to a denial of service attack. An attacker can exploit this to make PDF processing operations hang or consume significant computational resources.
CVE-2026-25645	MEDIUM	[requests] The extract_zipped_paths() utility function uses predictable filenames when extracting zip archives to the temp directory, allowing local attackers to pre-create malicious files that get loaded instead of legitimate ones, resulting in arbitrary code execution.
AIKIDO-2026-10472	MEDIUM	[mcp] Command injection vulnerability in example code that executes shell commands with unsanitized user-controlled URLs, allowing attackers to inject arbitrary commands and achieve remote code execution.
GHSA-jj8c-mmj3-mmgv	MEDIUM	[authlib] Missing CSRF protection in cache-based OAuth state storage allows attackers to hijack authentication flows and tie their accounts to victims' accounts through state parameter manipulation.
CVE-2026-40347	MEDIUM	[python-multipart] A denial of service vulnerability exists in multipart form-data parsing when handling requests with large preamble or epilogue sections. Attackers can craft malicious requests to cause excessive processing and resource consumption.
CVE-2026-4539	LOW	[pygments] A regular expression denial of service (ReDoS) vulnerability exists in the AdlLexer function that can be exploited locally to cause inefficient processing and potential denial of service. The vulnerability requires local access to trigger the malicious input against the vulnerable regex pattern.