chore(deps): update dependency pytest to v9.0.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pytest (changelog)	9.0.2 → 9.0.3

GitHub Vulnerability Alerts

CVE-2025-71176

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

---

Release Notes

pytest-dev/pytest (pytest)

v9.0.3

Compare Source

pytest 9.0.3 (2026-04-07)

Bug fixes

• #​12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #​13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #​13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #​14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #​14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #​13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #​13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #​14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #​14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #​12689: The test reports are now published to Codecov from GitHub Actions.
  The test statistics is visible on the web interface.

  -- by aleguy02

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[antoineauger]

LGTM 👍🏻

[antoineauger]

Hmm, renovate just force pushed and drop my changes. I will create another PR

[antoineauger]

Superseded by #25

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (>=9.0.2,<10). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.