chore(deps): update dependency pygments to v2.20.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pygments (changelog)	==2.18.0 → ==2.20.0

GitHub Vulnerability Alerts

CVE-2026-4539

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

---

Release Notes

pygments/pygments (pygments)

v2.20.0

Compare Source

(released March 29th, 2026)

• New lexers:

  • Rell (#​2914)

• Updated lexers:

  • archetype: Fix catastrophic backtracking in GUID and ID patterns (#​3064)
  • ASN.1: Recognize minus sign and fix range operator (#​3014, #​3060)
  • C++: Add C++26 keywords (#​2955), add integer literal suffixes (#​2966)
  • ComponentPascal: Fix analyse_text (#​3028, #​3032)
  • Coq renamed to Rocq (#​2883, #​2908)
  • Cython: Various improvements (#​2932, #​2933)
  • Debian control: Improve architecture parsing (#​3052)
  • Devicetree: Add support for overlay/fragments (#​3021), add bytestring support (#​3022), fix catastrophic backtracking (#​3057)
  • Fennel: Various improvements (#​2911)
  • Haskell: Handle escape sequences in character literals (#​3069, #​1795)
  • Java: Add module keywords (#​2955)
  • Lean4: Add operators ]', ]?, ]! (#​2946)
  • LESS: Support single-line comments (#​3005)
  • LilyPond: Update to 2.25.29 (#​2974)
  • LLVM: Support C-style comments (#​3023, #​2978)
  • Lua(u): Fix catastrophic backtracking (#​3047)
  • Macaulay2: Update to 1.25.05 (#​2893), 1.25.11 (#​2988)
  • Mathematica: Various improvements (#​2957)
  • meson: Add additional operators (#​2919)
  • MySQL: Update keywords (#​2970)
  • org-Mode: Support both schedule and deadline (#​2899)
  • PHP: Add __PROPERTY__ magic constant (#​2924), add reserved keywords (#​3002)
  • PostgreSQL: Add more keywords (#​2985)
  • protobuf: Fix namespace tokenization (#​2929)
  • Python: Add t-string support (#​2973, #​3009, #​3010)
  • Tablegen: Fix infinite loop (#​2972, #​2940)
  • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#​2951)
  • TOML: Support TOML 1.1.0 (#​3026, #​3027)
  • Turtle: Allow empty comment lines (#​2980)
  • XML: Added .xbrl as file ending (#​2890, #​2891)

• Drop Python 3.8, and add Python 3.14 as a supported version (#​2987, #​3012)

• Various improvements to autopygmentize (#​2894)

• Update onedark style to support more token types (#​2977)

• Update rtt style to support more token types (#​2895)

• Cache entry points to improve performance (#​2979)

• Fix xterm-256 color table (#​3043)

• Fix kwargs dictionary getting mutated on each call (#​3044)

v2.19.2

Compare Source

(released June 21st, 2025)

• Lua: Fix regression introduced in 2.19.0 (#​2882, #​2839)

v2.19.1

Compare Source

(released January 6th, 2025)

• Updated lexers:

  • Ini: Fix quoted string regression introduced in 2.19.0
  • Lua: Fix a regression introduced in 2.19.0

v2.19.0

Compare Source

(released January 5th, 2025)

• New lexers:

  • CodeQL (#​2819)
  • Debian Sources (#​2788, #​2747)
  • Gleam (#​2662)
  • GoogleSQL (#​2820, #​2814)
  • JSON5 (#​2734, #​1880)
  • Maple (#​2763, #​2548)
  • NumbaIR (#​2433)
  • PDDL (#​2799, #​2616)
  • Rego (#​2794)
  • TableGen (#​2751)
  • Vue.js (#​2832)

• Updated lexers:

  • BQN: Various improvements (#​2789)
  • C#: Fix number highlighting (#​986, #​2727), add file keyword (#​2726, #​2805, #​2806), add various other keywords (#​2745, #​2770)
  • CSS: Add revert (#​2766, #​2775)
  • Debian control: Add Change-By field (#​2757)
  • Elip: Improve punctuation handling (#​2651)
  • Igor: Add int (#​2801)
  • Ini: Fix quoted strings with embedded comment characters (#​2767, #​2720)
  • Java: Support functions returning types containing a question mark (#​2737)
  • JavaScript: Support private identiiers (#​2729, #​2671)
  • LLVM: Add splat, improve floating-point number parsing (#​2755)
  • Lua: Improve variable detection, add built-in functions (#​2829)
  • Macaulay2: Update to 1.24.11 (#​2800)
  • PostgreSQL: Add more EXPLAIN keywords (#​2785), handle / (#​2774)
  • S-Lexer: Fix keywords (#​2082, #​2750)
  • TransactSQL: Fix single-line comments (#​2717)
  • Turtle: Fix triple quoted strings (#​2744, #​2758)
  • Typst: Various improvements (#​2724)
  • Various: Add ^ as an operator to Matlab, Octave and Scilab (#​2798)
  • Vyper: Add staticcall and extcall (#​2719)

• Mark file extensions for HTML/XML+Evoque as aliases (#​2743)
• Add a color for Operator.Word to the rrt style (#​2709)
• Fix broken link in the documentation (#​2803, #​2804)
• Drop executable bit where not needed (#​2781)
• Reduce Mojo priority relative to Python in analyze_text (#​2771, #​2772)
• Fix documentation builds (#​2712)
• Match example file names to the lexer's name (#​2713, #​2715)
• Ensure lexer metadata is present (#​2714)
• Search more directories on macOS for fonts (#​2809)
• Improve test robustness (#​2812)

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.81%. Comparing base (b1e70c7) to head (60dc648).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #303   +/-   ##
=======================================
  Coverage   76.81%   76.81%           
=======================================
  Files          31       31           
  Lines        4542     4542           
  Branches      324      324           
=======================================
  Hits         3489     3489           
  Misses        983      983           
  Partials       70       70           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.