fix(security): risk-accept pygments ReDoS GHSA-5239-wwwm-4pmq (ENG-13216)

andriy-sudo · claude · andriy-sudo · commit b57b749202f0 · 2026-03-25T15:10:01.000+01:00
- pygments 2.19.2 → risk-accepted (GHSA-5239-wwwm-4pmq, CVSS 3.3 LOW) No fix available — 2.19.2 is latest and marked last_affected. ignoreUntil: 2026-06-23 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/osv-scanner.toml b/osv-scanner.toml
@@ -0,0 +1,4 @@
+[[IgnoredVulns]]
+id = "GHSA-5239-wwwm-4pmq"
+ignoreUntil = 2026-06-23
+reason = "LOW severity (CVSS 3.3). pygments 2.19.2 is the latest release and is marked last_affected — no fix version published yet. ReDoS via GUID regex only exploitable with attacker-controlled syntax highlighting inputs."
