Bump coverage from 7.9.1 to 7.9.2

[dependabot]

Bumps coverage from 7.9.1 to 7.9.2.

Changelog

Sourced from coverage's changelog.

Version 7.9.2 — 2025-07-03

• Fix: complex conditionals within a line might cause a KeyError when using sys.monitoring, as reported in issue 1991_. This is now fixed.

• Fix: we can now measure coverage for code in Python archive (.par) files. Thanks, Itamer Oren <pull 1984_>_.

.. _pull 1984: nedbat/coveragepy#1984 .. _issue 1991: nedbat/coveragepy#1991

.. _changes_7-9-1:

Commits

• 6e77492 docs: oops, beta 3
• b24cf7e docs: sample HTML for 7.9.2
• 35305c3 docs: prep for 7.9.2
• 9a8d9b6 docs: add pull request link
• 88dcaa2 fix: assume a missing line number is intra-line. #1991
• 678ec80 build: use pyenv for nightly builds. Thanks, Paul Timmins
• a3d00d5 build: workflow jobs should have names
• 279310a chore: bump the action-dependencies group with 2 updates (#1988)
• 614dfbf fix: enable measuring test coverage for Python archive (.par) files (#1984)
• 42bf82c chore: bump the action-dependencies group with 2 updates (#1985)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🛡️ Bandit Scan Results Summary

We found 2 High, 2 Medium, and 1 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID
🟡 LOW	Consider possible security implications associated with the subprocess module.	sz_tools/_tool_helpers.py	10	HIGH	More Info	B404
⚪ MEDIUM	Possible SQL injection vector through string-based query construction.	sz_tools/_sz_database.py	354	LOW	More Info	B608
⚪ MEDIUM	Probable insecure usage of temp file/directory.	sz_tools/_tool_helpers.py	732	MEDIUM	More Info	B108
🔴 HIGH	Starting a process with a shell, possible injection detected, security issue.	sz_tools/_tool_helpers.py	658	HIGH	More Info	B605
🔴 HIGH	subprocess call with shell=True identified, security issue.	sz_tools/_tool_helpers.py	642	HIGH	More Info	B602

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[senzingdevops]

Automated: approving this pull request because it includes a patch update