Skip to content

Fix security vulnerabilities in dev dependencies#12

Open
mc-dorzo wants to merge 1 commit into
developfrom
fix/security-dependency-upgrades
Open

Fix security vulnerabilities in dev dependencies#12
mc-dorzo wants to merge 1 commit into
developfrom
fix/security-dependency-upgrades

Conversation

@mc-dorzo
Copy link
Copy Markdown
Contributor

@mc-dorzo mc-dorzo commented Apr 21, 2026

Summary

  • Upgrade pytest from ^8.3.3 to ^9.0.3 to address CVE-2025-71176
  • Pin Pygments >= 2.20.0 as dev dependency to address CVE-2026-4539 (transitive via pytest)
  • Bump pytest-asyncio from ^0.24.0 to ^1.3.0 for pytest 9 compatibility

Test plan

  • Verify poetry install succeeds
  • Verify existing tests pass with pytest 9

🤖 Generated with Claude Code

@mc-dorzo
Upgrade pytest to ^9.0.3 (CVE-2025-71176) and pin Pygments >=2.20.0 (C…
291efbc 
…VE-2026-4539)

Also bumps pytest-asyncio to ^1.3.0 for pytest 9 compatibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mc-dorzo