Update dependency Pygments to v2.15.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Pygments (changelog)	==2.9.0 -> ==2.15.0

GitHub Vulnerability Alerts

CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer.

---

Release Notes

pygments/pygments (Pygments)

v2.15.0

Compare Source

(released April 10th, 2023)

• Added lexers:

  • Carbon (#​2362, #​2365, #​2366, #​2367, #​2368, #​2369, #​2370)
  • Dax (#​2335, #​2345)
  • MediaWiki Wikitext (#​2373, #​827)
  • PostgreSQL Explain (#​2398)
  • WGSL (WebGPU Shading Language) (#​2386)
  • X++ (#​2339)

• Updated lexers:

  • AMDGPU: Add support for scratch_ instructions, the attr*.* argument,
    as well as the off modifier (#​2327).

  • APDL: Miscellaneous improvements (#​2314)

  • bash/tcsh:

    • Move break to keywords (#​2377)
    • Improve bash math expansion lexing (#​2255, #​2353)

  • Chapel: Support attributes (#​2376)

  • CMake: Implement bracket style comments (#​2338, #​2354)

  • CSS: Improve lexing of numbers inside function calls (#​2382, #​2383)

  • diff: Support normal diff syntax, as opposed to unified diff syntax (#​2321)

  • GLSL, HLSL:

    • Support line continuations in preprocessor code (#​2350)
    • Improve preprocessor directive handling (#​2357)

  • LilyPond: minor update of builtins

  • PHP: support attributes (#​2055, #​2347, #​2360), fix anonymous classes without
    parameters (#​2359), improve lexing of variable variable syntax (#​2358)

  • Python:

    • Add missing builtins (#​2334)
    • Fix inconsistent lexing of None (#​2406)

  • Rebol/Red: Don't require script headers (#​2348, #​2349)

  • Spice: Update keywords (#​2336)

  • SQL+Jinja (analyse_text method): Fix catastrophic backtracking (#​2355)

  • Terraform: Add hcl alias (#​2375)

• Declare support for Python 3.11 and drop support for Python 3.6 (#​2324).

• Update native style to improve contrast (#​2325).

• Update `github-dark`` style to match latest Primer style (#​2401)

• Revert a change that made guessing lexers based on file names slower
  on Python 3.10 and older (#​2328).

• Fix some places where a locale-dependent encoding could unintentionally
  be used instead of UTF-8 (#​2326).

• Fix Python traceback handling (#​2226, #​2329).

• Groff formatter: sort color definitions for reproducibility (#​2343)

• Move project metadata to pyproject.toml, remove setup.py
  and setup.cfg (#​2342)

• The top-level Makefile has been removed. Instead, all shortcuts
  for developing are now defined and run through tox. The doc folder
  still contains a Makefile as an alternative to tox -e doc.

v2.14.0

Compare Source

(released January 1st, 2023)

• Added lexers:

  • Arturo (#​2259)
  • GAP session (#​2211)
  • Fift (#​2249)
  • func (#​2232)
  • Jsonnet (#​2239)
  • Minecraft schema (#​2276)
  • MIPS (#​2228)
  • Phix (#​2222)
  • Portugol (#​2300)
  • TL-b (#​2247)
  • World of Warcraft TOC format (#​2244, #​2245)
  • Wren (#​2271)

• Updated lexers:

  • Abap: Update keywords (#​2281)

  • Alloy: Update for Alloy 6 (#​1963)

  • C family (C, C++ and many others):

    • Fix an issue where a chunk would be wrongly recognized as a function
      definition due to braces in comments (#​2210)
    • Improve parantheses handling for function definitions (#​2207, #​2208)

  • C#: Fix number and operator recognition (#​2256, #​2257)

  • CSound: Updated builtins (#​2268)

  • F#: Add .fsx file extension (#​2282)

  • gas (GNU assembler): recognize braces as punctuation (#​2230)

  • HTTP: Add CONNECT keyword (#​2242)

  • Inform 6: Fix lexing of properties and doubles (#​2214)

  • INI: Allow comments that are not their own line (#​2217, #​2161)

  • Java properties: Fix issue with whitespace-delimited keys, support
    comments starting with ! and escapes, no longer support undocumented
    ; and // comments (#​2241)

  • LilyPond: Improve heuristics, add \maxima duration (#​2283)

  • LLVM: Add opaque pointer type (#​2269)

  • Macaulay2: Update keywords (#​2305)

  • Minecraft-related lexers (SNB and Minecraft function) moved to
    pygments.lexers.minecraft (#​2276)

  • Nim: General improvements (#​1970)

  • Nix: Fix single quotes inside indented strings (#​2289)

  • Objective J: Fix catastrophic backtracking (#​2225)

  • NASM: Add support for SSE/AVX/AVX-512 registers as well as 'rel'
    and 'abs' address operators (#​2212)

  • Powershell:

    • Add local: keyword (#​2254)
    • Allow continuations without markers (#​2262, #​2263)

  • Solidity: Add boolean operators (#​2292)

  • Spice: Add enum keyword and fix a bug regarding binary,
    hexadecimal and octal number tokens (#​2227)

  • YAML: Accept colons in key names (#​2277)

• Fix make mapfiles when Pygments is not installed in editable mode
  (#​2223)

• Support more filetypes and compression types in autopygmentize (#​2219)

• Merge consecutive tokens in Autohotkey, Clay (#​2248)

• Add .nasm as a recognized file type for NASM (#​2280)

• Add *Spec.hs as a recognized file type for HSpec (#​2308)

• Add *.pyi (for typing stub files) as a recognized file type for
  Python (#​2231)

• The HTML lexer no longer emits empty spans for whitespace (#​2304)

• Fix IRCFormatter inserting linenumbers incorrectly (#​2270)

v2.13.0

Compare Source

(released August 15th, 2022)

• Added lexers:

  • COMAL-80 (#​2180)
  • JMESPath (#​2174, #​2175, #​2179, #​2182)
  • Sql+Jinja (#​2148)

• Updated lexers:

  • Ada: support Ada 2022 (#​2121); disable recognition of namespaces
    because it disturbs lexing of aspects (#​2125)
  • Agda: allow straight quotes in module names (#​2163)
  • C family (C, C++ and many others): allow comments between
    elements of function headers, e.g. between the arguments and
    the opening brace for the body (#​1891)
  • C++: Resolve several cases of Error tokens (#​2207, #​2208)
  • Coq: Add some common keywords, improve recognition of Set
    and qualified identifiers (#​2158)
  • F*: Allow C-style comments anywhere in a line
  • Fortran: Fix catastrophic backtracking with backslashes in strings
    (#​2194)
  • Go: add support for generics (#​2167)
  • Inform: Update for version 6.40 (#​2190)
  • Isabelle: recognize cartouches (#​2089)
  • Java: support multiline strings aka. text blocks (#​2132)
  • Kotlin: Add value modifier (#​2142)
  • LilyPond: Add some missing builtins
  • Macaulay2: Update builtins (#​2139)
  • Matlab session: fix traceback when a line continuation ellipsis
    appears in the output (#​2166)
  • .NET: Add aliases for LibreOffice Basic, OpenOfficeBasic and
    StarOffice Basic (#​2170)
  • Nim: Use Name.Builtin instead of Keyword.Type (#​2136)
  • PHP: fix \"$var\" inside strings (#​2105)
  • Python: only recognize \N, \u and \U escape sequences
    in string literals, but not in bytes literals where they are
    not supported (#​2204)
  • Tcl: support ${name} variables (#​2145)
  • Terraform: Accept leading whitespace for << heredoc
    delimiters (#​2162)
  • Teraterm: Various improvements (#​2165)
  • Spice: add support for the recently added features including more
    builtin functions and bin, oct, hex number formats (#​2206)

• Added styles:

  • GitHub dark (#​2192)
  • StarOffice (#​2168)
  • Nord (nord and nord-darker; #​2189, #​1799, #​1678)

• Pygments now tries to use the importlib.metadata module to
  discover plugins instead of the slower pkg_resources (#​2155). In
  particular, this largely speeds up the pygmentize script when
  the lexer is not specified.

  importlib.metadata is only available in the Python standard
  library since Python 3.8. For older versions, there exists an
  importlib_metadata backport on PyPI. For this reason, Pygments
  now defines a packaging extra plugins, which adds a requirement
  on importlib_metadata if the Python version is older than
  3.8. Thus, in order to install Pygments with optimal plugin
  support even for old Python versions, you should do::

  pip install pygments[plugins]

  Pygments still falls back on pkg_resources if neither
  importlib.metadata nor importlib_metadata is found, but it
  will be slower.

• Silently ignore BrokenPipeError in the command-line interface
  (#​2193).

• The HtmlFormatter now uses the linespans attribute for
  anchorlinenos if the lineanchors attribute is unset (#​2026).

• The highlight, lex and format functions no longer
  wrongly report "argument must be a lexer/formatter instance, not a
  class" in some cases where this is not the actual problem (#​2123).

• Fix warnings in doc build (#​2124).

• The codetagify filter now recognizes FIXME tags by default (#​2150).

• The pygmentize command now recognizes if the COLORTERM
  environment variable is set to a value indicating that true-color
  support is available. In that case, it uses the TerminalTrueColorFormatter
  by default (#​2160)

• Remove redundant caches for filename patterns (#​2153)

• Use new non-deprecated Pillow API for text bounding box in ImageFormatter
  (#​2198)

• Remove default_style (#​930, #​2183)

• Stop treating DeprecationWarnings as errors in the unit tests (#​2196)

v2.12.0

Compare Source

(released April 24th, 2022)

• Added lexers:

  • Berry (#​2070)
  • Cplint (#​2045)
  • Macaulay2 (#​1791)
  • MCFunction (#​2107)
  • Minecraft (#​2107)
  • Qlik (#​1925)
  • UnixConfigLexer for "colon-separated" config files, like /etc/passwd (#​2112)
  • Uxntal (#​2086)
  • K and Q (#​2073)

• Updated lexers:

  • Agda: Update keyword list (#​2017)

  • C family: Fix identifiers after case statements (#​2084)

  • Clojure: Highlight ratios (#​2042)

  • Csound: Update to 6.17 (#​2064)

  • CSS: Update the list of properties (#​2113)

  • Elpi:

    • Fix catastrophic backtracking (#​2053, #​2061)
    • Fix handling of -> (#​2028)

  • Futhark: Add missing tokens (#​2118)

  • Gherkin: Add But (#​2046)

  • Inform6: Update to 6.36 (#​2050)

  • Jinja2: add .xxx.j2 and .xxx.jinja2 to relevant lexers
    (for xxx = html, xml, etc.) (#​2103)

  • JSON: Support C comments in JSON (#​2049). Note: This doesn't mean the JSON parser now supports JSONC or JSON5 proper, just that it doesn't error out when seeing a /* */ or // style comment. If you need proper comment handling, consider using the JavaScript lexer.

  • LilyPond:

    • Fix incorrect lexing of names containing a built-in (#​2071)
    • Fix properties containing dashes (#​2099)

  • PHP: Update builtin function and keyword list (#​2054, #​2056)

  • Python: highlight EncodingWarning (#​2106)

  • Savi: fix highlighting for underscore/private identifiers,
    add string interpolation (#​2102); fix nested type name highlighting
    (#​2110)

  • Scheme: Various improvements (#​2060)

  • Spice: Update the keyword list, add new types (#​2063, #​2067)

  • Terraform:

    • Support non-idiomatic comments (#​2065, #​2066)
    • Fix class name lexing (#​2097)

• Add plugins argument to get_all_lexers().

• Bump minimal Python version to 3.6 (#​2059)

• Fix multiple lexers marking whitespace as Text (#​2025)

• Remove various redundant uses of re.UNICODE (#​2058)

• Associate .resource with the Robot framework (#​2047)

• Associate .cljc with Clojure (#​2043)

• Associate .tpp with C++ (#​2031)

• Remove traces of Python 2 from the documentation (#​2039)

• The native style was updated to meet the WCAG AAA contrast guidelines (#​2038)

• Fix various typos (#​2030)

• Fix Groff formatter not inheriting token styles correctly (#​2024)

• Various improvements to the CI (#​2036)

• The Ada lexer has been moved to a separate file (#​2117)

• When linenos=table is used, the <table> itself is now wrapped with a <div class="highlight"> tag instead of placing it inside the <td class="code"> cell (#​632.) With this change, the output matches the documented behavior.

.. note::

If you have subclassed HtmlFormatter.wrap, you may have to adjust the logic.

v2.11.2

Compare Source

(released January 6th, 2022)

• Updated lexers:

  • C-family: Fix incorrect handling of labels (#​2022, #​1996, #​1182)
  • Java: Fixed an issue with record keywords result in Error tokens in some cases (#​2016, #​2018)

• Fix links to line numbers not working correctly (#​2014)

• Remove underline from Whitespace style in the Tango theme (#​2020)

• Fix IRC and Terminal256 formatters not backtracking correctly for custom token types, resulting in some unstyled tokens (#​1986)

v2.11.1

Compare Source

(released December 31st, 2021)

• Updated lexers:

  • C-family: Handle return types with multiple tokens (e.g. unsigned int) (#​2008)
  • JSON: Fix a regression which caused whitespace before : to result in Error tokens (#​2010)
  • SPICE: Various improvements (#​2009)

v2.11.0

Compare Source

(released December 30th, 2021)

• Added lexers:

  • BDD (#​1803)
  • Elpi (#​1894)
  • LilyPond (#​1845, #​1968, #​1971, #​2001). This comes with a custom style as well.
  • Maxima (#​1885)
  • Rita (#​1541, #​2003)
  • Savi (#​1863)
  • Sed (#​1935)
  • Sophia contracts (#​1974)
  • Spice (#​1980)
  • .SRCINFO (#​1951)

• Updated lexers:

  • ABNF: Allow one-character rules (#​1804)

  • Assembly: Fix incorrect token endings (#​1895, #​1961)

  • Bibtex: Distinguish between comment and commentary (#​1899, #​1806)

  • C family: Support unicode identifiers (#​1848)

  • CDDL: Fix slow lexing speed (#​1959)

  • Debian control: Add missing fields (#​1946)

  • Devicetree: Recognize hexadecimal addresses for nodes (#​1949)

  • GDScript: Add void data type (#​1948)

  • GSQL

    • Fix comment handling (#​2002)
    • Fix catastrophic backtracking (#​2006)

  • HTML, XML: Improve comment handling (#​1896)

  • Java: Add yield (#​1941) and sealed classes/record (#​1902)

  • Makefiles (#​1860, #​1898)

  • objdump-nasm: Improve handling of --no-show-raw-insn dumps (#​1981)

  • Prolog: Support escaped \ inside quoted strings (#​1479)

  • Python:

    • Support ~ in tracebacks (#​2004)
    • Support the pattern matching keywords (#​1797, #​1994)

  • RobotFramework: Improve empty brace handling (#​1921, #​1922)

  • Terraform

    • Add the 'set' type (#​1909)
    • Support heredocs (#​1909)

• Added styles:

  • Dracula (#​1796)
  • Friendly Grayscale (#​1040, #​1273)
  • LilyPond (#​1845) -- to be used for the LilyPond language.
  • One-Dark (#​1924, #​1979)

.. note::

All of the new styles unfortunately do not conform to WCAG recommendations.

• There is new infrastructure in place to improve style accessibility. The default style has been updated to conform to WCAG recommendations. All styles are now checked for sufficient contrast by default to prevent regressions. (#​1919, #​1937, #​1938, #​1940)
• Clean up unused imports (#​1887)
• Fix multiple lexers producing repeated single-character tokens
• Fix multiple lexers marking whitespace as Text (#​1237, #​1905, #​1908, #​1914, #​1911, #​1923, #​1939, #​1957, #​1978)
• Remove duplicated assignments in the Paraiso style (#​1934)
• pygmentize supports JSON output for the various list functions now, making it easier to consume them from scripts. (#​1437, #​1890)
• Use the shell lexer for kshrc files (#​1947)
• Use the ruby lexer for Vagrantfile files (#​1936)
• Use the C lexer for .xbm and .xpm files (#​1802)
• Add a groff formatter (#​1873)
• Update documentation (#​1928)
• Line anchors now link to themselves (#​1973)
• Add official support for Python 3.10 (#​1917)
• Fix several missing colors in dark styles: Gruvbox dark, Monokai, Rrt, Sas, Strata dark (#​1955)
• Associate more file types with man pages
• The HtmlFormatter can now emit tooltips for each token to ease debugging of lexers (#​1822)
• Add f90 as an alias for fortran (#​2000)

v2.10.0

Compare Source

(released August 15th, 2021)

• Added lexers:

  • ASC armored files (#​1807)
  • GSQL (#​1809, #​1866)
  • Javascript REPL (#​1825)
  • procfile (#​1808)
  • Smithy (#​1878, #​1879)

• Updated lexers:

  • C-family: Fix preprocessor token issues (#​1830)

  • C# (#​1573, #​1869)

  • CSound (#​1837)

  • Fennel (#​1862)

  • JavaScript (#​1741, #​1814)

  • LLVM (#​1824)

  • Python (#​1852)

  • Rust

    • Fix lexing of "break" and "continue" (#​1843)
    • Improve attribute handling (#​1813)

  • Scala: Add support for the \ operator (#​1857)

  • Swift (#​1767, #​1842)

  • Tcl: Allow , and @ in strings (#​1834, #​1742)

  • TOML (#​1870, #​1872)

• Fix assert statements in TNT lexer.

• Token types across all lexers have been unified (using the most common token
  type name) (#​1816, #​1819)

• Improve Jasmin min score analysis (#​1619)

• Add new alias for Go files (#​1827)

• Fix multi-line console highlighting (#​1833)

• Add a new trivial lexer which outputs everything as Text.Generic.Output (#​1835, #​1836)

• Use the .ini lexer for systemd files (#​1849)

• Fix a FutureWarning related to words() (#​1854)

• pwsh is now recognized as an alias for PowerShell (#​1876)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.