chore(deps): update dependency pygments to v2.20.0 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
pygments (changelog)	==2.19.2 → ==2.20.0

GitHub Vulnerability Alerts

CVE-2026-4539

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

---

Release Notes

pygments/pygments (pygments)

v2.20.0

Compare Source

(released March 29th, 2026)

• New lexers:

  • Rell (#​2914)

• Updated lexers:

  • archetype: Fix catastrophic backtracking in GUID and ID patterns (#​3064)
  • ASN.1: Recognize minus sign and fix range operator (#​3014, #​3060)
  • C++: Add C++26 keywords (#​2955), add integer literal suffixes (#​2966)
  • ComponentPascal: Fix analyse_text (#​3028, #​3032)
  • Coq renamed to Rocq (#​2883, #​2908)
  • Cython: Various improvements (#​2932, #​2933)
  • Debian control: Improve architecture parsing (#​3052)
  • Devicetree: Add support for overlay/fragments (#​3021), add bytestring support (#​3022), fix catastrophic backtracking (#​3057)
  • Fennel: Various improvements (#​2911)
  • Haskell: Handle escape sequences in character literals (#​3069, #​1795)
  • Java: Add module keywords (#​2955)
  • Lean4: Add operators ]', ]?, ]! (#​2946)
  • LESS: Support single-line comments (#​3005)
  • LilyPond: Update to 2.25.29 (#​2974)
  • LLVM: Support C-style comments (#​3023, #​2978)
  • Lua(u): Fix catastrophic backtracking (#​3047)
  • Macaulay2: Update to 1.25.05 (#​2893), 1.25.11 (#​2988)
  • Mathematica: Various improvements (#​2957)
  • meson: Add additional operators (#​2919)
  • MySQL: Update keywords (#​2970)
  • org-Mode: Support both schedule and deadline (#​2899)
  • PHP: Add __PROPERTY__ magic constant (#​2924), add reserved keywords (#​3002)
  • PostgreSQL: Add more keywords (#​2985)
  • protobuf: Fix namespace tokenization (#​2929)
  • Python: Add t-string support (#​2973, #​3009, #​3010)
  • Tablegen: Fix infinite loop (#​2972, #​2940)
  • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#​2951)
  • TOML: Support TOML 1.1.0 (#​3026, #​3027)
  • Turtle: Allow empty comment lines (#​2980)
  • XML: Added .xbrl as file ending (#​2890, #​2891)

• Drop Python 3.8, and add Python 3.14 as a supported version (#​2987, #​3012)

• Various improvements to autopygmentize (#​2894)

• Update onedark style to support more token types (#​2977)

• Update rtt style to support more token types (#​2895)

• Cache entry points to improve performance (#​2979)

• Fix xterm-256 color table (#​3043)

• Fix kwargs dictionary getting mutated on each call (#​3044)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Code Review

This pull request updates the pygments dependency from version 2.19.2 to 2.20.0 in the requirements file. A review comment suggests reverting the package name to lowercase to maintain consistency with the naming convention used for other packages in the file.

[gemini-code-assist]

The package name has been changed to Pygments (capitalized), which is inconsistent with the lowercase naming convention used for other packages in this file (e.g., pyasn1-modules on line 977 and pypandoc on line 985). It is recommended to keep the name in lowercase to maintain consistency.

pygments==2.20.0 \