Merge branch 'main' into feature/402-Nox_session_report_resolved_security_issues

ckunki · ckunki · commit c68943b15c20 · 2026-04-14T15:05:58.000+02:00
diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -13,6 +13,14 @@ as described in the [Pull Request description](https://exasol.github.io/python-t
 
 This release also adds a `vulnerabilities:resolved` Nox session, which reports GitHub security issues resolved since the last release.
 
+This release fixes a vulnerability by updating the `poetry.lock` file.
+
+| Name   | Version | ID             | Fix Versions | Updated to |
+|--------|---------|----------------|--------------|------------|
+| pytest | 9.0.2   | CVE-2025-71176 | 9.0.3        | 9.0.3      |
+
+To ensure usage of secure packages, it is up to the user to similarly relock their dependencies.
+
 ## Features
 
 * #402: Created nox session `vulnerabilities:resolved` to report resolved GitHub security issues
@@ -25,3 +33,7 @@ This release also adds a `vulnerabilities:resolved` Nox session, which reports G
 ## Bugfix
 
 * #766: Fixed `action/upload-pages-artifact` from v5 to v5.0.0
+
+## Security
+
+* #774: Fixed vulnerability by re-locking `pytest` in the `poetry.lock`
diff --git a/doc/user_guide/features/github_workflows/index.rst b/doc/user_guide/features/github_workflows/index.rst
@@ -112,12 +112,13 @@ When configured as described on :ref:`github_project_configuration`, the
 workflows, like ``slow-checks.yml``. This allows developers to update their pull
 request more often and to only periodically run the more time-expensive tests.
 
-The `report.yml` is called twice:
-#. after the steps in `checks.yml` successfully finish - this allows developers
-to get faster feedback for linting, security, and unit test coverage.
-#. after the steps in `slow-checks.yml` successfully finish - this gives developers an
-overview of the total coverage, as well as the information provided from running
-the `checks.yml`
+The ``report.yml`` is called twice:
+
+#. after the steps in ``checks.yml`` successfully finish - this allows developers
+   to get faster feedback for linting, security, and unit test coverage.
+#. after the steps in ``slow-checks.yml`` successfully finish - this gives developers an
+   overview of the total coverage, as well as the information provided from running
+   the ``checks.yml``
 
 In both scenarios, the results are posted in the PR and made available on Sonar's UI.
 Note that Sonar does not keep historical information, so it will only show the latest
diff --git a/poetry.lock b/poetry.lock
