Skip to content

Security/774 update pytest on 6.2.0 #775

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ArBridgeman merged 2 commits into from
Apr 14, 2026
+22 −9
Merged

Security/774 update pytest on 6.2.0 #775

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5c1ac4b
Relock pytest
ArBridgeman Apr 14, 2026
b505f6f
Fix formatting issues in doc
ArBridgeman Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions doc/changes/unreleased.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ The `report.yml` is also called after the `checks.yml` completes. This allows us
to get linting, security, and unit test coverage before running the `slow-checks.yml`,
as described in the [Pull Request description](https://exasol.github.io/python-toolbox/main/user_guide/features/github_workflows/index.html#pull-request).

This release fixes a vulnerability by updating the `poetry.lock` file.

| Name | Version | ID | Fix Versions | Updated to |
|--------|---------|----------------|--------------|------------|
| pytest | 9.0.2 | CVE-2025-71176 | 9.0.3 | 9.0.3 |

To ensure usage of secure packages, it is up to the user to similarly relock their dependencies.

## Refactoring

* #764: Updated `action/upload-pages-artifact` from v4 to [v5](https://github.com/actions/upload-pages-artifact/releases/tag/v5.0.0)
Expand All @@ -19,3 +27,7 @@ as described in the [Pull Request description](https://exasol.github.io/python-t
## Bugfix

* #766: Fixed `action/upload-pages-artifact` from v5 to v5.0.0

## Security

* #774: Fixed vulnerability by re-locking `pytest` in the `poetry.lock`
13 changes: 7 additions & 6 deletions doc/user_guide/features/github_workflows/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,12 +112,13 @@ When configured as described on :ref:`github_project_configuration`, the
workflows, like ``slow-checks.yml``. This allows developers to update their pull
request more often and to only periodically run the more time-expensive tests.

The `report.yml` is called twice:
#. after the steps in `checks.yml` successfully finish - this allows developers
to get faster feedback for linting, security, and unit test coverage.
#. after the steps in `slow-checks.yml` successfully finish - this gives developers an
overview of the total coverage, as well as the information provided from running
the `checks.yml`
The ``report.yml`` is called twice:

#. after the steps in ``checks.yml`` successfully finish - this allows developers
to get faster feedback for linting, security, and unit test coverage.
#. after the steps in ``slow-checks.yml`` successfully finish - this gives developers an
overview of the total coverage, as well as the information provided from running
the ``checks.yml``

In both scenarios, the results are posted in the PR and made available on Sonar's UI.
Note that Sonar does not keep historical information, so it will only show the latest
Expand Down
6 changes: 3 additions & 3 deletions poetry.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading