[Aikido] Fix 27 critical issues in streamlit, torch, requests and 8 more

[aikido-autofix]

Upgrade dependencies to fix critical RCE in fontTools arbitrary file write, high-severity DoS vulnerabilities in protobuf recursion bypass and urllib3 decompression bombs.

✅ 27 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-66034	🚨 CRITICAL	[fonttools] An arbitrary file write vulnerability in the varLib module allows remote code execution when processing malicious .designspace files, enabling attackers to write files to arbitrary locations on the system.
CVE-2026-0994	HIGH	[protobuf] ParseDict() fails to properly track recursion depth when handling nested Any messages, allowing attackers to bypass the max_recursion_depth limit and trigger a RecursionError, causing denial of service.
CVE-2025-66418	HIGH	[urllib3] An unbounded decompression chain vulnerability allows malicious servers to insert unlimited compression steps, causing excessive CPU usage and memory allocation. This leads to denial of service through resource exhaustion.
CVE-2025-66471	HIGH	[urllib3] The Streaming API improperly handles highly compressed data, allowing attackers to cause excessive CPU usage and massive memory allocation through decompression of small compressed payloads. This results in a denial-of-service vulnerability via resource exhaustion.
CVE-2026-21441	HIGH	[urllib3] Decompression bomb vulnerability in streaming API for HTTP redirects. Malicious servers can trigger excessive resource consumption by sending compressed redirect responses that are fully decompressed without respecting read limits.
CVE-2025-50181	MEDIUM	[urllib3] A vulnerability allows disabling redirects for all requests through improper PoolManager instantiation with retries configuration, potentially bypassing SSRF and open redirect mitigations. Applications relying on disabled redirects to prevent these vulnerabilities remain exposed to attacks.
CVE-2025-50182	MEDIUM	[urllib3] A vulnerability allows uncontrolled HTTP redirects in browser and Node.js environments when using Pyodide, as redirect control parameters are ignored by the runtime. This could enable open redirect attacks or redirect-based security bypasses.
CVE-2026-25990	HIGH	[pillow] is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
AIKIDO-2025-10201	HIGH	[streamlit] The file_uploader widget fails to validate file type restrictions on the server side, allowing attackers to bypass client-side restrictions and upload arbitrary files. This vulnerability enables unauthorized file uploads that could lead to remote code execution or other malicious activities.
CVE-2025-68146	MEDIUM	[filelock] A TOCTOU race condition in lock file creation allows local attackers to corrupt or truncate arbitrary files via symlink attacks on Unix, Linux, macOS, and Windows. Attackers can exploit the time gap between file existence checks and file opening to redirect writes to victim files.
CVE-2026-22701	MEDIUM	[filelock] A TOCTOU race condition in SoftFileLock allows local attackers to create symlinks between permission validation and file creation, causing lock operations to fail or operate on unintended targets. This can lead to denial of service or unexpected lock behavior.
CVE-2025-3730	MEDIUM	[torch] The ctc_loss function in torch.nn.functional is vulnerable to denial of service through malicious input manipulation. This local attack vector can crash the application when processing untrusted models or data.
CVE-2025-2953	MEDIUM	[torch] A denial of service vulnerability exists in the mkldnn_max_pool2d function that can be exploited locally through malicious models. The vulnerability allows attackers to cause application crashes or resource exhaustion.
GHSA-78cv-mqj4-43f7	MEDIUM	[tornado] Insufficient validation of domain, path, and samesite cookie arguments allows semicolons, enabling attackers to inject arbitrary cookie attributes. This could lead to session hijacking or other cookie-based attacks.
CVE-2026-31958	LOW	[tornado] Insufficient limits on multipart/form-data parts allow attackers to cause denial-of-service by sending requests with many parts that consume excessive parsing resources on the main thread.
CVE-2024-47081	MEDIUM	[requests] A URL parsing vulnerability allows maliciously-crafted URLs to leak .netrc credentials to third parties. This could enable credential theft and unauthorized access to authenticated services.
CVE-2025-2099	LOW	[transformers] The preprocess_string() function in the testing utilities module contains a Regular Expression Denial of Service (ReDoS) vulnerability with nested quantifiers that causes exponential backtracking. An attacker can exploit this with specially crafted input to trigger high CPU usage and application downtime.
CVE-2025-6638	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in MarianTokenizer's remove_language_code() method allows attackers to cause excessive CPU consumption through crafted malformed language code patterns, resulting in denial of service.
CVE-2025-6921	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in the AdamWeightDecay optimizer allows malicious regex patterns in weight decay configuration lists to cause catastrophic backtracking, resulting in 100% CPU utilization and service denial.
CVE-2025-3777	LOW	[transformers] Improper URL validation in image utilities allows attackers to bypass domain checks through username injection, enabling crafted URLs to redirect to malicious domains for phishing, malware distribution, or data exfiltration attacks.
CVE-2025-1194	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in the GPT-NeoX-Japanese tokenizer causes exponential regex backtracking on specially crafted inputs, leading to high CPU usage and potential application downtime.
CVE-2025-3263	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in the configuration file retrieval function allows attackers to cause excessive CPU consumption through crafted input strings, leading to service disruption and resource exhaustion.
CVE-2025-3264	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in the get_imports() function allows attackers to cause excessive CPU consumption through crafted input, leading to resource exhaustion and service disruption.
CVE-2025-3933	LOW	[transformers] A ReDoS vulnerability in the DonutProcessor's token2json() method allows attackers to cause excessive CPU consumption through crafted input strings, leading to denial of service and resource exhaustion.
CVE-2025-5197	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in the weight name conversion function allows attackers to cause excessive CPU consumption through crafted input strings, leading to service disruption and resource exhaustion.
CVE-2025-6051	LOW	[transformers] A Regular Expression Denial of Service (ReDoS) vulnerability in the normalize_numbers() method allows attackers to cause excessive CPU consumption through crafted numeric input strings, leading to service disruption and resource exhaustion in text-to-speech and normalization tasks.
AIKIDO-2025-10325	LOW	[numpy] A heap buffer overflow vulnerability exists in the strings.find function due to incorrect memory allocation calculations, leading to out-of-bounds access. This can cause application crashes or potentially enable arbitrary code execution.