[Aikido] Fix 5 security issues in jinja2, orjson

[aikido-autofix]

Upgrade Jinja2 and orjson to fix critical RCE vulnerabilities in template compilation, sandbox bypass via attr filter and str.format, and DoS via unbounded recursion.

✅ Code not affected by breaking changes.

No breaking changes from the Jinja2 3.1.4 to 3.1.6 upgrade affect this codebase.

The codebase uses Jinja2's standard Environment (not SandboxedEnvironment), so the sandbox-related restrictions on clear and pop methods (3.1.5) and the |attr filter changes (3.1.6) do not apply. Additionally, searches confirmed that:

• The |attr filter is not used in any templates

• The .clear() and .pop() methods are not called within Jinja2 templates

• No sandbox environment is configured anywhere in the codebase

The upgrade can proceed without any code changes required.

All breaking changes by upgrading jinja2 from version 3.1.4 to 3.1.6 (CHANGELOG)

Version	Description
3.1.5	Sandbox does not allow clear and pop on known mutable sequence types.
3.1.6	The ``

✅ 5 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2024-56201	HIGH	[jinja2] A compiler bug allows attackers who control both template content and filename to execute arbitrary Python code, bypassing Jinja's sandbox protections. This impacts applications that process untrusted templates where the attacker can specify the template filename.
CVE-2025-27516	HIGH	[jinja2] Sandbox bypass in the
CVE-2024-56326	HIGH	[jinja2] Sandbox bypass in template processing allows arbitrary Python code execution through indirect calls to str.format via custom filters when an attacker controls template content.
AIKIDO-2024-10560	MEDIUM	[jinja2] A sandbox bypass vulnerability allows attackers to execute arbitrary code by storing a reference to the str.format method and invoking it indirectly through a filter, circumventing Jinja's sandbox restrictions. This enables remote code execution through malicious template manipulation.
CVE-2025-67221	HIGH	[orjson] The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.