Skip to content

chore(deps-dev): update pytest-asyncio requirement from <1,>=0.24 to >=0.24,<2#119

Merged
TexasCoding merged 1 commit into
mainfrom
dependabot/pip/pytest-asyncio-gte-0.24-and-lt-2
May 17, 2026
Merged

chore(deps-dev): update pytest-asyncio requirement from <1,>=0.24 to >=0.24,<2#119
TexasCoding merged 1 commit into
mainfrom
dependabot/pip/pytest-asyncio-gte-0.24-and-lt-2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on pytest-asyncio to permit the latest version.

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.3.0

1.3.0 - 2025-11-10

Removed

  • Support for Python 3.9 (#1278)

Added

  • Support for pytest 9 (#1279)

Notes for Downstream Packagers

  • Tested Python versions include free threaded Python 3.14t (#1274)
  • Tests are run in the same pytest process, instead of spawning a subprocess with pytest.Pytester.runpytest_subprocess. This prevents the test suite from accidentally using a system installation of pytest-asyncio, which could result in test errors. (#1275)
Commits
  • 2e9695f docs: Compile changelog for v1.3.0
  • dd0e9ba docs: Reference correct issue in news fragment.
  • 4c31abe Build(deps): Bump nh3 from 0.3.1 to 0.3.2
  • 13e9477 Link to migration guides from changelog
  • 4d2cf3c tests: handle Python 3.14 DefaultEventLoopPolicy deprecation warnings
  • ee3549b test: Remove obsolete test for the event_loop fixture.
  • 7a67c82 tests: Fix failing test by preventing warning conversion to error.
  • a17b689 test: add pytest config to isolated test directories
  • 18afc9d fix(tests): replace runpytest_subprocess with runpytest
  • cdc6bd1 Add support for pytest 9 and drop Python 3.9 support
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github May 17, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the infra Infrastructure/tooling label May 17, 2026
@TexasCoding TexasCoding mentioned this pull request May 17, 2026
Merged
2 tasks
TexasCoding added a commit that referenced this pull request May 17, 2026
@TexasCoding @claude
fix(ci): skip claude-review job for Dependabot PRs (#122)
927b837 
Root cause: GitHub does not expose repo secrets (including
CLAUDE_CODE_OAUTH_TOKEN) to workflow runs triggered by dependabot-
authored PRs — a security default that blocks malicious deps from
exfiltrating credentials. The action exits with an empty-credential
failure on every dep bump, so all 5 currently-open dependabot PRs
(#115-#119) show a red claude-review check despite tests + drift
being green.

Skip the job entirely for dependabot[bot] rather than try to wire
Dependabot secrets — dep-version-bump diffs are low-signal for AI
review anyway.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@TexasCoding

TexasCoding commented May 17, 2026

Copy link
Copy Markdown
Owner

@dependabot recreate

@dependabot
chore(deps-dev): update pytest-asyncio requirement
59ad465 
Updates the requirements on [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) to permit the latest version.
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v0.24.0...v1.3.0)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-version: 1.3.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pytest-asyncio-gte-0.24-and-lt-2 branch from 9eb13e3 to 59ad465 Compare May 17, 2026 12:45
@TexasCoding TexasCoding merged commit bc8f702 into main May 17, 2026
4 checks passed
@TexasCoding TexasCoding deleted the dependabot/pip/pytest-asyncio-gte-0.24-and-lt-2 branch May 17, 2026 12:49
@TexasCoding TexasCoding mentioned this pull request May 17, 2026
Merged
4 tasks
TexasCoding added a commit that referenced this pull request May 17, 2026
@TexasCoding @claude
fix(deps): bump pytest pin to >=9,<10 to clear CVE-2025-71176 (#123)
dafa1fb 
pip-audit on main flagged pytest 8.4.2 for CVE-2025-71176 — predictable
/tmp/pytest-of-{user} directory allows local DoS / privilege escalation
on UNIX. Fix is in pytest 9.0.3.

Dev-only dep; zero risk to SDK users. Affects developers running the
test suite on shared UNIX systems.

Notes:
- uv.lock on main was already at pytest 9.0.3 + pytest-asyncio 1.3.0
  (cascaded from #119's pytest-asyncio bump), so this commit only
  realigns pyproject.toml with the lockfile.
- Local full suite: 1607 passed, 51 warnings. mypy strict + ruff clean.
- Integration suite has 11 pre-existing failures unrelated to this
  bump (verified by running tests/integration/ against plain main with
  pytest 8.4.2 — same 11 failures). Tracked in a separate follow-up
  issue covering integration-test health overall.
- pip-audit also surfaced cryptography CVE-2026-26007 + CVE-2026-34073
  (both fixed in 46.0+); pin already allows up to <49 so the floating
  lockfile picks up 48.0.0 with no pyproject change needed.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

infra Infrastructure/tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TexasCoding