Skip to content

chore(deps): bump pytest and pygments#20

Merged
anneschuth merged 1 commit into
mainfrom
chore/bump-pytest-pygments
Apr 21, 2026
Merged

chore(deps): bump pytest and pygments#20
anneschuth merged 1 commit into
mainfrom
chore/bump-pytest-pygments

Conversation

@anneschuth

Copy link
Copy Markdown
Member

Summary

Clears the two open dependabot alerts on main:

  • pytest 9.0.2 → 9.0.3 — tmpdir handling (moderate)
  • pygments 2.19.2 → 2.20.0 — ReDoS in GUID regex (low)

Both are dev-only (pytest as a test runner, pygments transitively via rich/pytest output). Neither ships with the CLI, so there's no user-facing impact. Bumping to clear the repo's vulnerability badge.

Test plan

  • `uv run pytest` passes locally (56/56)

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch-bump of two dev-only dependencies to clear Dependabot alerts. No CLI commands, options, positional arguments, or ZadClient methods are touched — backwards compatibility is fully maintained.

One minor observation inline; nothing blocking.

Clears two dependabot alerts:
- pytest 9.0.2 -> 9.0.3 (tmpdir handling, moderate)
- pygments 2.19.2 -> 2.20.0 (ReDoS in GUID regex, low)

Both are dev-only dependencies (not shipped with the CLI), but bumping
to clear the repo's vulnerability badge.
@anneschuth anneschuth force-pushed the chore/bump-pytest-pygments branch from 3f15c8c to 3dc8802 Compare April 21, 2026 09:13

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lock-file-only bump of two dev dependencies to clear Dependabot alerts. No CLI, client, or test changes.

The zad-cli version change (0.1.0 → 0.3.0) in the lock file is incidental — pyproject.toml was already at 0.3.0 on main; the branch's lock file was stale and caught up when uv sync was re-run.

No issues found. ✅

@anneschuth anneschuth merged commit 2889a68 into main Apr 21, 2026
9 checks passed
@anneschuth anneschuth deleted the chore/bump-pytest-pygments branch April 21, 2026 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant