[Aikido] Fix 6 security issues in jinja2, orjson, idna

[aikido-autofix]

Upgrade Jinja2, orjson, and idna to fix multiple RCE vulnerabilities in template sandbox escapes and DoS via unbounded recursion.

✅ Code not affected by breaking changes.

✅ No breaking changes from either package upgrade affect this codebase.

jinja2 (3.1.4 => 3.1.6):

• The codebase uses regular Environment (not SandboxedEnvironment), so the sandbox-related breaking changes for clear, pop, and |attr filter do not apply.

• None of the Jinja2 templates in src/openapi_python_generator/language_converters/python/templates/ use the |attr filter or call .clear() or .pop() methods.

idna (3.10 => 3.15):

• The package is listed as a dependency in pyproject.toml but is not directly imported or used anywhere in the codebase.

• No code references transitional processing or makes direct calls to idna encoding/decoding functions.

• The package is likely a transitive dependency of HTTP libraries (httpx, requests, aiohttp) and the breaking changes do not affect indirect usage.

All breaking changes by upgrading jinja2 from version 3.1.4 to 3.1.6 (CHANGELOG)

Version	Description
3.1.5	Sandbox does not allow clear and pop on known mutable sequence types.
3.1.6	The ``

All breaking changes by upgrading idna from version 3.10 to 3.15 (CHANGELOG)

Version	Description
3.11.0	Transitional processing no longer has an effect and returns the same result due to Unicode ending support for it
3.14.0	Oversize inputs are now rejected up-front, which may cause previously accepted long inputs to be rejected

✅ 6 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2024-56201	HIGH	[jinja2] A compiler bug allows attackers who control both template content and filename to execute arbitrary Python code, bypassing Jinja's sandbox protections. This impacts applications that process untrusted templates where the attacker can specify the template filename.
CVE-2025-27516	HIGH	[jinja2] Sandbox bypass in the
CVE-2024-56326	HIGH	[jinja2] Sandbox bypass in template processing allows arbitrary Python code execution through indirect calls to str.format via custom filters when an attacker controls template content.
AIKIDO-2024-10560	MEDIUM	[jinja2] A sandbox bypass vulnerability allows attackers to execute arbitrary code by storing a reference to the str.format method and invoking it indirectly through a filter, circumventing Jinja's sandbox restrictions. This enables remote code execution through malicious template manipulation.
CVE-2025-67221	HIGH	[orjson] The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
CVE-2026-45409	MEDIUM	[idna] A specially crafted input to the encode() function can cause excessive processing time through the valid_contexto function, leading to denial-of-service attacks. The vulnerability affects arbitrarily large inputs that bypass length validation checks.

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #4