From fb587b883b960630924ae38df5b50a099da54d7c Mon Sep 17 00:00:00 2001 From: aitbc Date: Tue, 28 Apr 2026 09:57:23 +0200 Subject: [PATCH] fix: update pytest to 9.0.3 to fix CVE-2025-71176 - Updated pytest from ^8.2.0 to ^9.0.3 in pyproject.toml - Regenerated poetry.lock to apply the update - Fixes vulnerable tmpdir handling in pytest < 9.0.3 --- poetry.lock | 22 +++++++++++----------- pyproject.toml | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/poetry.lock b/poetry.lock index 2b067a78..019ff66c 100644 --- a/poetry.lock +++ b/poetry.lock @@ -759,20 +759,20 @@ windows-terminal = ["colorama (>=0.4.6)"] [[package]] name = "pytest" -version = "8.4.2" +version = "9.0.3" description = "pytest: simple powerful testing with Python" optional = false -python-versions = ">=3.9" +python-versions = ">=3.10" groups = ["dev"] files = [ - {file = "pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79"}, - {file = "pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01"}, + {file = "pytest-9.0.3-py3-none-any.whl", hash = "sha256:2c5efc453d45394fdd706ade797c0a81091eccd1d6e4bccfcd476e2b8e0ab5d9"}, + {file = "pytest-9.0.3.tar.gz", hash = "sha256:b86ada508af81d19edeb213c681b1d48246c1a91d304c6c81a427674c17eb91c"}, ] [package.dependencies] colorama = {version = ">=0.4", markers = "sys_platform == \"win32\""} -iniconfig = ">=1" -packaging = ">=20" +iniconfig = ">=1.0.1" +packaging = ">=22" pluggy = ">=1.5,<2" pygments = ">=2.7.2" @@ -781,18 +781,18 @@ dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "requests [[package]] name = "pytest-asyncio" -version = "0.23.8" +version = "0.23.3" description = "Pytest support for asyncio" optional = false python-versions = ">=3.8" groups = ["dev"] files = [ - {file = "pytest_asyncio-0.23.8-py3-none-any.whl", hash = "sha256:50265d892689a5faefb84df80819d1ecef566eb3549cf915dfb33569359d1ce2"}, - {file = "pytest_asyncio-0.23.8.tar.gz", hash = "sha256:759b10b33a6dc61cce40a8bd5205e302978bbbcc00e279a8b61d9a6a3c82e4d3"}, + {file = "pytest-asyncio-0.23.3.tar.gz", hash = "sha256:af313ce900a62fbe2b1aed18e37ad757f1ef9940c6b6a88e2954de38d6b1fb9f"}, + {file = "pytest_asyncio-0.23.3-py3-none-any.whl", hash = "sha256:37a9d912e8338ee7b4a3e917381d1c95bfc8682048cb0fbc35baba316ec1faba"}, ] [package.dependencies] -pytest = ">=7.0.0,<9" +pytest = ">=7.0.0" [package.extras] docs = ["sphinx (>=5.3)", "sphinx-rtd-theme (>=1.0)"] @@ -1135,4 +1135,4 @@ python-discovery = ">=1.2.2" [metadata] lock-version = "2.1" python-versions = "^3.13" -content-hash = "1f76d0204092debc59d1c2b161ebc344847350decc2eaf968c38dd4046ba6475" +content-hash = "dfdd56e8f13a66f717d2c4966aadeefc8462ed075ac637bdb62ff458fe266a98" diff --git a/pyproject.toml b/pyproject.toml index 2c230cee..f3532afd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,7 +11,7 @@ urllib3 = "^2.6.3" idna = "^3.7" [tool.poetry.group.dev.dependencies] -pytest = "^8.2.0" +pytest = "^9.0.3" pytest-asyncio = "^0.23.0" black = "^24.0.0" flake8 = "^7.0.0"