Skip to content

build(deps): bump pytest from 8.3.4 to 9.0.2#475

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pytest-9.0.2
Open

build(deps): bump pytest from 8.3.4 to 9.0.2#475
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pytest-9.0.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026

Bumps pytest from 8.3.4 to 9.0.2.

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

  • #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

  • #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

  • #13895: Restore support for skipping tests via raise unittest.SkipTest.
  • #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
  • #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
  • #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

  • #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

  • #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
  • #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

... (truncated)

Commits
  • 3d10b51 Prepare release version 9.0.2
  • 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
  • b7d7bef Merge pull request #14014 from bluetech/compat-note
  • bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
  • bc78386 Add CLI options reference documentation (#13930)
  • 5a4e398 Fix docs typo (#14005) (#14008)
  • d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
  • 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
  • c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
  • 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump pytest from 8.3.4 to 9.0.2
925fb12 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.4 to 9.0.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.3.4...9.0.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added Changed Required label for PR that categorizes merge commit message as "Changed" for changelog dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 5, 2026
@dependabot dependabot bot mentioned this pull request Mar 5, 2026
Closed
@socket-security
Copy link

socket-security bot commented Mar 5, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpytest@​8.3.4 ⏵ 9.0.287 -3100100100100

View full report

@socket-security
Copy link

socket-security bot commented Mar 5, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Low
Potential code anomaly (AI signal): pypi pytest is 100.0% likely to have a medium risk anomaly

Notes: This code is not obfuscated and does not contain clear backdoors or typical malware, but it does intentionally exfiltrate test output to a hardcoded external paste service. That behavior can leak sensitive data and therefore represents a moderate security/privacy risk. Recommend reviewing usage policy: avoid enabling --pastebin in sensitive environments, add content redaction/size limits or an allowlist for domains, or remove/replace with a trusted internal paste service.

Confidence: 1.00

Severity: 0.60

From: requirements.txtpypi/pytest@9.0.2

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/pytest@9.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Changed Required label for PR that categorizes merge commit message as "Changed" for changelog dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants