Merge pull request #406 from networktocode/fix-396-pytest-security

jvanderaa · web-flow · commit b2a8b84f1ad4 · 2026-04-24T08:55:54.000-05:00
Bump pytest minimum to 9.0.3 (CVE-2025-71176)
diff --git a/changes/396.security b/changes/396.security
@@ -0,0 +1 @@
+Raised the minimum pytest version to 9.0.3 to address CVE-2025-71176 (insecure /tmp/pytest-of-{user} tmpdir handling on UNIX).
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -49,7 +49,7 @@ openai = [
 ]
 
 [tool.poetry.group.dev.dependencies]
-pytest = "^9.0.0"
+pytest = "^9.0.3"
 requests_mock = "^1.7.0"
 pyyaml = "^6.0"
 pylint = "^4.0.0"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Raised the minimum pytest version to 9.0.3 to address CVE-2025-71176 (insecure /tmp/pytest-of-{user} tmpdir handling on UNIX).`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ openai = [`
`49`	`49`	`]`
`50`	`50`
`51`	`51`	`[tool.poetry.group.dev.dependencies]`
`52`		`-pytest = "^9.0.0"`
	`52`	`+pytest = "^9.0.3"`
`53`	`53`	`requests_mock = "^1.7.0"`
`54`	`54`	`pyyaml = "^6.0"`
`55`	`55`	`pylint = "^4.0.0"`