Add urllib3>=2.7.0 pin to fix CVE-2026-44431 and CVE-2026-44432

- urllib3>=2.7.0 fixes sensitive-header leak on proxied cross-origin
  redirects (CVE-2026-44431) and decompression-bomb bypass in the
  streaming API (CVE-2026-44432)

Author: dpark01

docker/requirements/baseimage.txt

@@ -22,6 +22,7 @@ jaraco.context>=6.1.0
 pyopenssl>=26.0.0
 pyasn1>=0.6.3
 tornado>=6.5.4
+urllib3>=2.7.0
 
 # General utilities
 csvkit>=1.0.4