From 9f015d083cefa8bbf17edf6e20710883ed38483b Mon Sep 17 00:00:00 2001
From: James Williams <29534093+williajm@users.noreply.github.com>
Date: Tue, 31 Mar 2026 16:12:11 +0100
Subject: [PATCH] fix: upgrade Pygments to 2.20.0 for CVE-2026-4539

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/requirements/bandit.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/requirements/bandit.txt b/.github/requirements/bandit.txt
index 221d4b91..22b7b2cd 100644
--- a/.github/requirements/bandit.txt
+++ b/.github/requirements/bandit.txt
@@ -9,8 +9,8 @@ markdown-it-py==4.0.0 \
     --hash=sha256:87327c59b172c5011896038353a81343b6754500a08cd7a4973bb48c6d578147
 mdurl==0.1.2 \
     --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
-Pygments==2.19.2 \
-    --hash=sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b
+Pygments==2.20.0 \
+    --hash=sha256:81a9e26dd42fd28a23a2d169d86d7ac03b46e2f8b59ed4698fb4785f946d0176
 rich==14.2.0 \
     --hash=sha256:76bc51fe2e57d2b1be1f96c524b890b816e334ab4c1e45888799bfaab0021edd
 # PyYAML with hashes for all supported platforms (Python 3.10-3.13)