Pygments@1.2.2 vulnerabilities

Pygments is a syntax highlighting package written in Python.

Known vulnerabilities in the Pygments package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expressions in `SqlJinjaLexer` class. Exploiting this vulnerability is possible when processing `Smithy`, `SQL`/`SQL+Jinja`, or `Java` properties files from an untrusted source. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `Pygments` to version 2.15.0 or higher.	[,2.15.0)
H Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The lexers used to parse programming languages rely heavily on regular expressions. Some of these have exponential or cubic worst-case complexity and can be abuse by crafting malicious input. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `Pygments` to version 2.7.4 or higher.	[1.1,2.7.4)
C Arbitrary Command Injection `pygments` is a syntax highlighting package written in Python. The `FontManager._get_nix_font_path` function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.	[1.2.2,2.0.2]