[Aikido] Fix 4 security issues in nokogiri, psych

[aikido-autofix]

Upgrade Nokogiri and Psych to fix ReDoS, memory leak, canonicalization bypass, and heap buffer overflow vulnerabilities.

✅ 4 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
GHSA-v2fc-qm4h-8hqv	LOW	[nokogiri] XSLT transform leaks small heap allocations when passed Ruby strings containing null bytes, potentially enabling denial of service attacks on long-running processes through sustained attacker-controlled input. Memory corruption and information disclosure do not occur.
GHSA-wx95-c6cv-8532	LOW	[nokogiri] Canonicalization failure in canonicalize methods returns empty string instead of raising an exception, allowing downstream libraries to accept invalid XML and bypass signature validation in SAML implementations.
GHSA-c4rq-3m3g-8wgx	LOW	[nokogiri] CSS selector tokenizer contains regular expressions vulnerable to ReDoS attacks on adversarial selectors, allowing attackers to cause exponential regex backtracking and denial of service through CSS parsing methods.
AIKIDO-2026-11069	LOW	[psych] A heap out-of-bounds write vulnerability exists in the YAML parser's IO reader callback, which fails to validate the length of data returned by IO#read operations. This allows attackers to trigger a buffer overflow and achieve remote code execution through Psych.load, Psych.safe_load, or Psych.parse.

🔗 Related Tasks

• https://aikido.atlassian.net/browse/AIK-14573

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #299