Skip to content

fix(ci): ignore pytest 9 until Python 3.10#1346

Open
TimeToBuildBob wants to merge 1 commit into
ActivityWatch:masterfrom
TimeToBuildBob:bob/fix-dependabot-pytest-py39
Open

fix(ci): ignore pytest 9 until Python 3.10#1346
TimeToBuildBob wants to merge 1 commit into
ActivityWatch:masterfrom
TimeToBuildBob:bob/fix-dependabot-pytest-py39

Conversation

@TimeToBuildBob

Copy link
Copy Markdown
Contributor

Root cause

Dependabot's security update job for root pytest is failing on master because the alert wants pytest >=9.0.3, but pytest 9.0.3 requires Python >=3.10. The root Poetry project still declares Python ^3.9, and release CI still builds Python 3.9 artifacts, so Dependabot can only resolve up to pytest 8.4.2.

Failed run: https://github.com/ActivityWatch/activitywatch/actions/runs/28720321500

Fix

Adds an active root pip Dependabot entry with open-pull-requests-limit: 0, preserving the existing "pip updates are too noisy" policy, and ignores pytest >=9 until ActivityWatch intentionally drops Python 3.9.

Verification

  • Parsed .github/dependabot.yml with PyYAML.
  • Asserted the root pip entry has open-pull-requests-limit: 0 and the pytest >=9 ignore rule.
  • Verified from PyPI metadata: pytest 8.4.2 supports >=3.9; pytest 9.0.3 requires >=3.10.

@greptile-apps

greptile-apps Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

Fixes a failing Dependabot security-update CI job by activating the root pip entry in dependabot.yml with open-pull-requests-limit: 0 (preserving the existing "no noisy pip PRs" policy) and an ignore rule for pytest >=9, which requires Python ≥3.10 while ActivityWatch still builds on Python 3.9.

  • Uncomments and enables the pip Dependabot entry for / with open-pull-requests-limit: 0, so version-update PRs are still suppressed but Dependabot can now evaluate security alerts with proper configuration.
  • Adds an ignore block for pytest >=9 with a clear comment tying the rule to the Python 3.9 support window, preventing Dependabot from attempting an incompatible upgrade that breaks resolution.

Confidence Score: 5/5

Safe to merge — a one-file config change that silences an incompatible security-update attempt with no impact on application code.

The change is confined to dependabot.yml, activates the pip entry with the same no-PR policy that was previously commented in, and pins the ignore range to pytest >=9 with a clear rationale. The inline comment documents when the rule should be revisited. open-pull-requests-limit: 0 only suppresses version-update PRs; Dependabot security alerts for other pip packages remain functional.

No files require special attention. The pytest >=9 ignore rule is intentionally broad and should be removed once Python 3.9 support is dropped from the project.

Important Files Changed

Filename Overview
.github/dependabot.yml Activates the previously-commented-out root pip Dependabot entry with open-pull-requests-limit: 0 (no version-update PRs) and an ignore rule for pytest >=9 to unblock failing Dependabot security CI while the project still supports Python 3.9.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot monthly scan\npackage-ecosystem: pip] --> B{Security alert\nfor pytest?}
    B -- "yes" --> C{pytest fix version\n>=9?}
    C -- "yes (ignore rule)" --> D[Ignored — skip\nno PR opened]
    C -- "no (<9)" --> E[Security update PR opened]
    B -- "no" --> F{Version update?}
    F -- "yes" --> G[Suppressed by\nopen-pull-requests-limit: 0]
    F -- "no" --> H[No action]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Dependabot monthly scan\npackage-ecosystem: pip] --> B{Security alert\nfor pytest?}
    B -- "yes" --> C{pytest fix version\n>=9?}
    C -- "yes (ignore rule)" --> D[Ignored — skip\nno PR opened]
    C -- "no (<9)" --> E[Security update PR opened]
    B -- "no" --> F{Version update?}
    F -- "yes" --> G[Suppressed by\nopen-pull-requests-limit: 0]
    F -- "no" --> H[No action]
Loading

Reviews (1): Last reviewed commit: "fix(ci): ignore pytest 9 until Python 3...." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant