Skip to content

Commit 798a48f

Browse files
committed
fix(security): bump pytest to 9.0.3 to clear CVE-2025-71176
The Dependency Audit job flagged pytest 8.4.2 in compliance/requirements.lock.txt as vulnerable to CVE-2025-71176, fixed in 9.0.3. Bump the pinned version and the requirements.txt lower bound. SDK tests and the schema compliance suite both pass on pytest 9.0.3, and `pip-audit` against all three lock files (reference, compliance, docs) now reports no known vulnerabilities. Made-with: Cursor
1 parent 0b2f03e commit 798a48f

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

compliance/requirements.lock.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@ PyYAML==6.0.3
44
httpx==0.28.1
55
jsonschema==4.26.0
66
pymysql==1.1.2
7-
pytest==8.4.2
7+
pytest==9.0.3

compliance/requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
pytest>=8.0
1+
pytest>=9.0
22
httpx>=0.28
33
jsonschema>=4.23
44
PyYAML>=6.0

0 commit comments

Comments
 (0)