Closes #2177
Closes #6197
Co-authored-by: Henrik Ravn <hravnx@gmail.com>

Closes #8912

Added the red dot (instead of the default `*`) if the branch is dirty.

The bira theme only supported git, now it supports mercurial as well. It
needed ito call `hg_prompt_info` and the `ZSH_THEME_HG_PROMPT_`
variables.

Closes #6631

BREAKING CHANGE: the `hg_prompt_info` function now uses `ZSH_THEME_HG_PROMPT_PREFIX`
and `ZSH_THEME_HG_PROMPT_SUFFIX` variables when displaying branch information, similar
to the `git_prompt_info` function.

Closes #6631

Replaced two different calls of hg with one `hg --id --branch` for retrieving
information whether we're in a repo (will be empty if not), whether the repo is
dirty (revision id will contain "+" if there are uncommitted changed), and the
branch name.

Closes #6197
Closes #7929

Closes #3500

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Marc Cornellà <hello@mcornella.com>

This reverts commit aef393bd.

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Adam Cwyk <git@adamcwyk.dev>

Fixes #10448

When calling `bundle install` with `--jobs=<n>`, bundle persists this
argument in `.bundle/config`. If we run `BUNDLE_JOBS=<n> bundle install`
instead, this is not persisted.

Fixes #10425

Co-authored-by: Marc Cornellà <hello@mcornella.com>

BREAKING CHANGE: the plugin now checks for the `docker-compose` command instead
of trying whether `docker compose` is a valid command. This means that if the
old command is still installed it will be used instead. To use `docker compose`,
uninstall any old copies of `docker-compose`.

Fixes #10409

Fixes #10428

Closes #9659
Co-authored-by: Jeff Warner <jeff@develops.software>

Fixes #10422

The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.

The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.

Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.

The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.

The plugin unsafely processes directory paths in pop_past and pop_future.
This commit fixes that.

The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.

Reference: https://github.com/ohmyzsh/ohmyzsh/commit/7f49494#commitcomment-60117011