fix(security): bump pygments 2.19.2 -> 2.20.0 (ENG-13557)#55
Conversation
- pygments 2.19.2 -> 2.20.0 (GHSA-5239-wwwm-4pmq, CVE-2026-4539, CVSS 3.3) - Remove now-resolved osv-scanner.toml suppress Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
💤 Files with no reviewable changes (1)
📝 WalkthroughWalkthroughThis pull request makes two configuration updates: it removes a suppression entry ( 🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Review rate limit: 2/5 reviews remaining, refill in 31 minutes and 42 seconds. Comment |
|
@paveldudka — security review needed. Bumps pygments 2.19.2 → 2.20.0 (GHSA-5239-wwwm-4pmq, CVE-2026-4539, LOW). Lock-file only change. All CI green. |
Vulnerability Fix
CVE: CVE-2026-4539 — ReDoS in
AdlLexer(pygments/lexers/archetype.py) via inefficient GUID regex. Fix at pygments 2.20.0.Linear: https://linear.app/tinyfish/issue/ENG-13557
Changes
pyproject.toml: addedpygments = ">=2.20.0"floor pin (transitive dep via agentql → rich)poetry.lock: regenerated — pygments 2.19.2 → 2.20.0osv-scanner.toml: removed now-resolved pygments suppressChangelog impact summary