chore(deps): bump pygments from 2.19.2 to 2.20.0#1944
chore(deps): bump pygments from 2.19.2 to 2.20.0#1944dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.19.2...2.20.0) --- updated-dependencies: - dependency-name: pygments dependency-version: 2.20.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.1 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
Lock file per-group markers removed, broadening installation scope
Medium Severity
The lock file was regenerated by Poetry 2.2.1 (downgraded from 2.3.1), which removed per-group markers like markers = {main = "extra == \"docs\""} from dozens of transitive dependencies (e.g., anyio, babel, beautifulsoup4, jinja2, tornado, pyzmq, and many more). These packages were previously only installed in the main group when the docs extra was enabled. Without these markers, they're now unconditionally installed for all users of the flow360 package, significantly bloating the default installation. With Poetry 2.3.x (where installer.re-resolve defaults to false), these lock file markers drive installation decisions directly.
Additional Locations (2)
| optional = false | ||
| python-versions = ">=3.10" | ||
| groups = ["main", "dev"] | ||
| markers = "python_version == \"3.10\"" |
There was a problem hiding this comment.
Python 3.11+ packages downgraded by lock consolidation
Medium Severity
The Poetry 2.2.1 regeneration removed Python-version-specific package entries. ipython 9.x (for Python 3.11+), sphinx 8.2.3, myst-parser 5.0.0, pydata-sphinx-theme 0.16.1, markdown-it-py 4.0.0, sphinx-book-theme 1.2.0, sphinx-design 0.7.0, and sphinx-prompt 1.10.2 were all dropped. On Python 3.11+, users now get older versions (e.g., ipython 8.38.0, sphinx 8.1.3) that were previously only used for Python 3.10. This downgrades doc tooling for Python 3.11–3.13 users.
Additional Locations (2)
Bumps pygments from 2.19.2 to 2.20.0.
Release notes
Sourced from pygments's releases.
Changelog
Sourced from pygments's changelog.
Commits
708197dFix underline length.1d4538aPrepare 2.20 release.2ceaee4Update CHANGES.e3a3c54Fix Haskell lexer: handle escape sequences in character literals (#3069)d7c3453Merge pull request #3071 from pygments/harden-html-formatter0f97e7cHarden the HTML formatter against CSS.9f981b2Update CHANGES.1d88915Update CHANGES.c3d93adFix ASN.1 lexer: recognize minus sign and fix range operator (#3060)4f06bcffix bad behaving backtracking regex in CommonLispLexerDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Lockfile-only dependency update; main risk is minor formatting/lexer behavior changes in syntax highlighting (and related docs tooling resolution) but no application logic changes.
Overview
Updates syntax-highlighting dependencies by bumping
pygmentsfrom2.19.2to2.20.0.Regenerates
poetry.lock(now marked as generated by Poetry2.2.1) and normalizes marker/extra metadata, including collapsing several Python-version-specific doc/tooling pins into a single resolved set for the project’s supported Python range.Written by Cursor Bugbot for commit 18c0077. This will update automatically on new commits. Configure here.