fix(ci): ignore pytest 9 until Python 3.10#1346
Conversation
Greptile SummaryFixes a failing Dependabot security-update CI job by activating the root pip entry in
Confidence Score: 5/5Safe to merge — a one-file config change that silences an incompatible security-update attempt with no impact on application code. The change is confined to No files require special attention. The Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Dependabot monthly scan\npackage-ecosystem: pip] --> B{Security alert\nfor pytest?}
B -- "yes" --> C{pytest fix version\n>=9?}
C -- "yes (ignore rule)" --> D[Ignored — skip\nno PR opened]
C -- "no (<9)" --> E[Security update PR opened]
B -- "no" --> F{Version update?}
F -- "yes" --> G[Suppressed by\nopen-pull-requests-limit: 0]
F -- "no" --> H[No action]
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A[Dependabot monthly scan\npackage-ecosystem: pip] --> B{Security alert\nfor pytest?}
B -- "yes" --> C{pytest fix version\n>=9?}
C -- "yes (ignore rule)" --> D[Ignored — skip\nno PR opened]
C -- "no (<9)" --> E[Security update PR opened]
B -- "no" --> F{Version update?}
F -- "yes" --> G[Suppressed by\nopen-pull-requests-limit: 0]
F -- "no" --> H[No action]
Reviews (1): Last reviewed commit: "fix(ci): ignore pytest 9 until Python 3...." | Re-trigger Greptile |
Root cause
Dependabot's security update job for root
pytestis failing onmasterbecause the alert wantspytest >=9.0.3, butpytest 9.0.3requires Python>=3.10. The root Poetry project still declares Python^3.9, and release CI still builds Python 3.9 artifacts, so Dependabot can only resolve up topytest 8.4.2.Failed run: https://github.com/ActivityWatch/activitywatch/actions/runs/28720321500
Fix
Adds an active root
pipDependabot entry withopen-pull-requests-limit: 0, preserving the existing "pip updates are too noisy" policy, and ignorespytest >=9until ActivityWatch intentionally drops Python 3.9.Verification
.github/dependabot.ymlwith PyYAML.open-pull-requests-limit: 0and thepytest >=9ignore rule.pytest 8.4.2supports>=3.9;pytest 9.0.3requires>=3.10.