Skip to content

Security | Bump pytest to 9.0.3 and pygments to 2.20.0#8

Merged
Jped merged 1 commit into
masterfrom
fix/dependabot-sweep
Apr 21, 2026
Merged

Security | Bump pytest to 9.0.3 and pygments to 2.20.0#8
Jped merged 1 commit into
masterfrom
fix/dependabot-sweep

Conversation

@Jped
Copy link
Copy Markdown
Contributor

@Jped Jped commented Apr 21, 2026

Summary

Clears both open Dependabot alerts.

  • pygments 2.19.2 → 2.20.0 (GHSA-5239-wwwm-4pmq) — transitive, picked up by `uv lock --upgrade-package`
  • pytest 8.4.2 → 9.0.3 (GHSA-6w46-j5rx-g56g) — required widening the dev pin from `>=8.0,<9.0` to `>=9.0.3,<10.0`, and bumping `requires-python` from `>=3.9` to `>=3.10` because pytest 9 drops Python 3.9 support.

Test plan

  • `uv run pytest` — all 20 tests pass under pytest 9.0.3 locally
  • CI to re-verify

🤖 Generated with Claude Code

@Jped @claude
Security | Bump pytest to 9.0.3 and pygments to 2.20.0
7da8101 
Clears both open Dependabot alerts. pygments is transitive; pytest
required widening the pin from >=8.0,<9.0 and bumping
requires-python from >=3.9 to >=3.10 (pytest 9 drops 3.9).

- pygments 2.19.2 → 2.20.0 (GHSA-5239-wwwm-4pmq)
- pytest 8.4.2 → 9.0.3 (GHSA-6w46-j5rx-g56g)

All 20 tests pass locally under pytest 9.0.3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@Jped Jped merged commit 957539e into master Apr 21, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@T3XRD T3XRD T3XRD approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jped @T3XRD