[Snyk] Security upgrade pygments from 2.17.2 to 2.20.0

[ashmuck]

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements/docs.txt

⚠️ Warning

sphinx 5.3.0 requires Pygments, which is not installed.
sphinx-click 2.5.0 has requirement sphinx<4.0,>=1.5, but you have sphinx 5.3.0.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

Low Risk
Low risk dependency constraint change limited to documentation dependencies; main risk is potential compatibility issues in the docs build environment.

Overview
Updates requirements/docs.txt to explicitly require pygments>=2.20.0 (Snyk security pin) to avoid a known vulnerability during documentation builds.

^{Written by Cursor Bugbot for commit 934c9ee. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Pygments 2.20.0 incompatible with supported Python 3.7/3.8
  • I made the docs requirement conditional so Python 3.9+ uses pygments>=2.20.0 while Python 3.7/3.8 installs pygments>=2.17.2,<2.20.0, preventing install failures in supported environments.

Or push these changes by commenting:

@cursor push 16e1b5eec3

Preview (16e1b5eec3)

diff --git a/requirements/docs.txt b/requirements/docs.txt
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -7,4 +7,5 @@
 -r deps/mock.txt
 -r extras/auth.txt
 -r extras/sphinxautobuild.txt
-pygments>=2.20.0 # not directly required, pinned by Snyk to avoid a vulnerability
+pygments>=2.20.0; python_version >= "3.9" # not directly required, pinned by Snyk to avoid a vulnerability
+pygments>=2.17.2,<2.20.0; python_version < "3.9" # Python 3.7/3.8 compatibility

_{This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.}

[cursor]

Pygments 2.20.0 incompatible with supported Python 3.7/3.8

High Severity

The pygments>=2.20.0 pin is incompatible with this project's supported Python versions. Pygments 2.20.0 requires Python >=3.9, but this project declares python_requires=">=3.7" in setup.py and its tox.ini test matrix includes Python 3.7 and 3.8, both of which pull in requirements/docs.txt. This will cause installation failures in those environments.