chore(deps): update dependency pytest to v9.0.3 [security] - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pytest (changelog)	9.0.2 → 9.0.3

GitHub Vulnerability Alerts

CVE-2025-71176

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

Severity

• CVSS Score: 6.8 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

---

Release Notes

pytest-dev/pytest (pytest)

v9.0.3

Compare Source

pytest 9.0.3 (2026-04-07)

Bug fixes

• #​12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #​13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #​13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #​14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #​14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #​13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #​13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #​14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #​14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #​12689: The test reports are now published to Codecov from GitHub Actions.
  The test statistics is visible on the web interface.

  -- by aleguy02

---

Configuration

📅 Schedule: (in timezone Asia/Ho_Chi_Minh)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA ec1b629.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

Package	Version	License	Issue Type
pytest	9.0.3	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/pytest	9.0.3	Unknown	Unknown

Scanned Files

• uv.lock

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.