Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update dependency pygments to v2.15.0 [SECURITY] #104

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 21, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pygments (changelog) ==2.13.0 -> ==2.15.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer.


Release Notes

pygments/pygments (pygments)

v2.15.0

Compare Source

(released April 10th, 2023)

  • Added lexers:

  • Updated lexers:

    • AMDGPU: Add support for scratch_ instructions, the attr*.* argument,
      as well as the off modifier (#​2327).

    • APDL: Miscellaneous improvements (#​2314)

    • bash/tcsh:

    • Chapel: Support attributes (#​2376)

    • CMake: Implement bracket style comments (#​2338, #​2354)

    • CSS: Improve lexing of numbers inside function calls (#​2382, #​2383)

    • diff: Support normal diff syntax, as opposed to unified diff syntax (#​2321)

    • GLSL, HLSL:

      • Support line continuations in preprocessor code (#​2350)
      • Improve preprocessor directive handling (#​2357)
    • LilyPond: minor update of builtins

    • PHP: support attributes (#​2055, #​2347, #​2360), fix anonymous classes without
      parameters (#​2359), improve lexing of variable variable syntax (#​2358)

    • Python:

    • Rebol/Red: Don't require script headers (#​2348, #​2349)

    • Spice: Update keywords (#​2336)

    • SQL+Jinja (analyse_text method): Fix catastrophic backtracking (#​2355)

    • Terraform: Add hcl alias (#​2375)

  • Declare support for Python 3.11 and drop support for Python 3.6 (#​2324).

  • Update native style to improve contrast (#​2325).

  • Update `github-dark`` style to match latest Primer style (#​2401)

  • Revert a change that made guessing lexers based on file names slower
    on Python 3.10 and older (#​2328).

  • Fix some places where a locale-dependent encoding could unintentionally
    be used instead of UTF-8 (#​2326).

  • Fix Python traceback handling (#​2226, #​2329).

  • Groff formatter: sort color definitions for reproducibility (#​2343)

  • Move project metadata to pyproject.toml, remove setup.py
    and setup.cfg (#​2342)

  • The top-level Makefile has been removed. Instead, all shortcuts
    for developing are now defined and run through tox. The doc folder
    still contains a Makefile as an alternative to tox -e doc.

v2.14.0

Compare Source

(released January 1st, 2023)

  • Added lexers:

  • Updated lexers:

    • Abap: Update keywords (#​2281)

    • Alloy: Update for Alloy 6 (#​1963)

    • C family (C, C++ and many others):

      • Fix an issue where a chunk would be wrongly recognized as a function
        definition due to braces in comments (#​2210)
      • Improve parantheses handling for function definitions (#​2207, #​2208)
    • C#: Fix number and operator recognition (#​2256, #​2257)

    • CSound: Updated builtins (#​2268)

    • F#: Add .fsx file extension (#​2282)

    • gas (GNU assembler): recognize braces as punctuation (#​2230)

    • HTTP: Add CONNECT keyword (#​2242)

    • Inform 6: Fix lexing of properties and doubles (#​2214)

    • INI: Allow comments that are not their own line (#​2217, #​2161)

    • Java properties: Fix issue with whitespace-delimited keys, support
      comments starting with ! and escapes, no longer support undocumented
      ; and // comments (#​2241)

    • LilyPond: Improve heuristics, add \maxima duration (#​2283)

    • LLVM: Add opaque pointer type (#​2269)

    • Macaulay2: Update keywords (#​2305)

    • Minecraft-related lexers (SNB and Minecraft function) moved to
      pygments.lexers.minecraft (#​2276)

    • Nim: General improvements (#​1970)

    • Nix: Fix single quotes inside indented strings (#​2289)

    • Objective J: Fix catastrophic backtracking (#​2225)

    • NASM: Add support for SSE/AVX/AVX-512 registers as well as 'rel'
      and 'abs' address operators (#​2212)

    • Powershell:

    • Solidity: Add boolean operators (#​2292)

    • Spice: Add enum keyword and fix a bug regarding binary,
      hexadecimal and octal number tokens (#​2227)

    • YAML: Accept colons in key names (#​2277)

  • Fix make mapfiles when Pygments is not installed in editable mode
    (#​2223)

  • Support more filetypes and compression types in autopygmentize (#​2219)

  • Merge consecutive tokens in Autohotkey, Clay (#​2248)

  • Add .nasm as a recognized file type for NASM (#​2280)

  • Add *Spec.hs as a recognized file type for HSpec (#​2308)

  • Add *.pyi (for typing stub files) as a recognized file type for
    Python (#​2231)

  • The HTML lexer no longer emits empty spans for whitespace (#​2304)

  • Fix IRCFormatter inserting linenumbers incorrectly (#​2270)


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner April 21, 2024 08:59
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 1eec39e to f8ea491 Compare May 1, 2024 14:38
@renovate renovate bot changed the title chore: Update dependency pygments to v2.15.0 [SECURITY] chore: Update dependency pygments to v2.17.2 [SECURITY] May 1, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from f8ea491 to 85b2abf Compare May 1, 2024 16:46
@renovate renovate bot changed the title chore: Update dependency pygments to v2.17.2 [SECURITY] chore: Update dependency pygments to v2.15.0 [SECURITY] May 1, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 85b2abf to 9329f3d Compare May 9, 2024 08:47
@renovate renovate bot changed the title chore: Update dependency pygments to v2.15.0 [SECURITY] chore: Update dependency pygments to v2.18.0 [SECURITY] May 9, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 9329f3d to 217ed5b Compare May 9, 2024 10:16
@renovate renovate bot changed the title chore: Update dependency pygments to v2.18.0 [SECURITY] chore: Update dependency pygments to v2.15.0 [SECURITY] May 9, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 217ed5b to 1ddd5f7 Compare May 15, 2024 17:14
@renovate renovate bot changed the title chore: Update dependency pygments to v2.15.0 [SECURITY] chore: Update dependency pygments to v2.18.0 [SECURITY] May 15, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 1ddd5f7 to 21576f7 Compare May 16, 2024 00:42
@renovate renovate bot changed the title chore: Update dependency pygments to v2.18.0 [SECURITY] chore: Update dependency pygments to v2.15.0 [SECURITY] May 16, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 21576f7 to 6dd923e Compare June 27, 2024 11:10
@renovate renovate bot changed the title chore: Update dependency pygments to v2.15.0 [SECURITY] chore: Update dependency pygments to v2.18.0 [SECURITY] Jun 27, 2024
@renovate renovate bot changed the title chore: Update dependency pygments to v2.18.0 [SECURITY] chore: Update dependency pygments to v2.15.0 [SECURITY] Jun 27, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 6dd923e to bc27e81 Compare June 27, 2024 14:25
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from bc27e81 to 04fd399 Compare July 14, 2024 08:01
@renovate renovate bot changed the title chore: Update dependency pygments to v2.15.0 [SECURITY] chore: Update dependency pygments to v2.18.0 [SECURITY] Jul 14, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 04fd399 to dea5e30 Compare July 14, 2024 11:56
@renovate renovate bot changed the title chore: Update dependency pygments to v2.18.0 [SECURITY] chore: Update dependency pygments to v2.15.0 [SECURITY] Jul 14, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from dea5e30 to 0e9ea1a Compare July 28, 2024 14:31
@renovate renovate bot changed the title chore: Update dependency pygments to v2.15.0 [SECURITY] chore: Update dependency pygments to v2.18.0 [SECURITY] Jul 28, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from 0e9ea1a to bf5102a Compare July 28, 2024 17:12
@renovate renovate bot changed the title chore: Update dependency pygments to v2.18.0 [SECURITY] chore: Update dependency pygments to v2.15.0 [SECURITY] Jul 28, 2024
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from bf5102a to d2e6cef Compare August 6, 2024 16:13
@renovate renovate bot force-pushed the renovate/pypi-pygments-vulnerability branch from d2e6cef to 7f263f9 Compare August 7, 2024 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants