Skip to content

chore(deps-dev): bump pytest from 8.4.2 to 9.0.3#3110

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pytest-9.0.3
Open

chore(deps-dev): bump pytest from 8.4.2 to 9.0.3#3110
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pytest-9.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps pytest from 8.4.2 to 9.0.3.

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.2 to 9.0.3.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.2...9.0.3)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 16, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — standard Dependabot dev-dependency bump of pytest 8.4.2 → 9.0.3 in uv.lock only.

What was reviewed:

  • Verified the diff touches only the pytest entry in uv.lock; sdist/wheel URLs and hashes follow the normal PyPI pattern and the dependency list is unchanged.
  • Checked pyproject.toml — the existing pytest>=8.4.0 constraint already permits 9.x, so no manifest edit was required and no floor was raised.
  • Noted this is a major-version bump of the test framework, but it is dev-only: any behavioral breakage (e.g. pytest 9 changes interacting with filterwarnings = ["error"]) would surface directly in CI's full 3.10–3.14 matrix rather than in shipped code.
Extended reasoning...

Overview

This PR is a Dependabot-generated bump of the pytest dev dependency from 8.4.2 to 9.0.3, touching only uv.lock. The lockfile change is the standard shape for a single-package update: version, sdist, and wheel entries replaced with new PyPI URLs, sha256 hashes, and upload timestamps; pytest's own dependency list (colorama, exceptiongroup, iniconfig, etc.) is unchanged.

Security risks

None specific to this repo's code. The update actually pulls in an upstream security fix (CVE-2025-71176, insecure temporary directory use in pytest). The artifact URLs point at files.pythonhosted.org with pinned hashes, so there is no supply-chain concern beyond trusting PyPI itself, which is the status quo.

Level of scrutiny

Low. pytest is a development-only dependency (dependency-type: direct:development per Dependabot metadata) — it never ships in the mcp wheel and cannot affect runtime users. The one notable aspect is that 8 → 9 is a major version bump of the test framework, which could break test collection or warning behavior (the repo runs with filterwarnings = ["error"]). However, that failure mode is fully gated: CI runs the complete suite with 100% coverage enforcement across Python 3.10–3.14 on Ubuntu and Windows, so any incompatibility fails visibly in CI rather than silently. The pyproject.toml constraint pytest>=8.4.0 already allows 9.x, so no manifest or floor change was needed, consistent with the repo's dependency policy.

Other factors

The bug hunting system found no issues, and there are no reviewer comments or prior reviews on the PR. There is nothing here for a human to weigh in on beyond what CI already validates mechanically.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants