Skip to content

chore: bump pytest to 9.0.3#147

Merged
kendrickb-nvidia merged 1 commit into
mainfrom
kendrickb-nvidia/update-pytest
May 6, 2026
Merged

chore: bump pytest to 9.0.3#147
kendrickb-nvidia merged 1 commit into
mainfrom
kendrickb-nvidia/update-pytest

Conversation

@kendrickb-nvidia
Copy link
Copy Markdown
Contributor

@kendrickb-nvidia kendrickb-nvidia commented May 6, 2026
edited
Loading

Summary

Update to pytest>=9.0.3 to address CVE-2025-71176.

uv lock also picked up updates of transitive dependencies: hf_xet.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Refactoring

Testing

  • make test passes locally
  • make check passes locally (format + lint + typecheck + lock-check)
  • Added/updated tests for changes

Documentation

  • If docs changed: make docs-build passes locally

Related Issues

@kendrickb-nvidia
chore: bump pytest to 9.0.3
47bdd87 
Signed-off-by: Kendrick Boyd <kendrickb@nvidia.com>
@kendrickb-nvidia kendrickb-nvidia requested a review from a team as a code owner May 6, 2026 23:13
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026
edited
Loading

All contributors have signed the DCO ✍️ ✅
Posted by the DCO Assistant Lite bot.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 6, 2026

Greptile Summary

This PR performs a major-version bump of the pytest dev dependency from >=8.0,<9 to >=9.0.3,<10 and regenerates uv.lock to match. The lock regeneration also silently upgrades hf-xet from 1.3.0b0 to 1.5.0.

  • pyproject.toml: constraint changed to >=9.0.3,<10, resolving to pytest 9.0.3 in the lock file.
  • uv.lock: pytest pinned to 9.0.3; hf-xet incidentally upgraded from beta 1.3.0b0 to stable 1.5.0 — not mentioned in the PR description.

Confidence Score: 4/5

Safe to merge; the pytest major-version bump is straightforward and hf-xet is a dev-only transitive dependency.

The pytest 8→9 major bump could surface test-suite breakage if any tests rely on deprecated 8.x behaviour, but this is easily caught by CI. The unannounced hf-xet jump from a beta to stable release is a minor transparency gap rather than a correctness risk.

uv.lock — verify the hf-xet upgrade from 1.3.0b0 to 1.5.0 is intentional and that CI passes with the new pytest 9 test runner.

Important Files Changed

Filename Overview
pyproject.toml Bumps pytest constraint from >=8.0,<9 to >=9.0.3,<10, a major-version upgrade.
uv.lock Locks pytest to 9.0.3 and also silently upgrades hf-xet from 1.3.0b0 (beta) to 1.5.0 (stable) — a side-effect not mentioned in the PR title or description.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[pyproject.toml
pytest >=8.0,<9] -->|bump constraint| B[pyproject.toml
pytest >=9.0.3,<10]
    B -->|uv lock re-resolution| C[uv.lock
pytest 9.0.3]
    C -->|side-effect| D[uv.lock
hf-xet 1.3.0b0 → 1.5.0]
Loading

Reviews (1): Last reviewed commit: "chore: bump pytest to 9.0.3" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 6, 2026
View reviewed changes
Comment thread uv.lock
@kendrickb-nvidia
Copy link
Copy Markdown
Contributor Author

kendrickb-nvidia commented May 6, 2026

I have read the DCO document and I hereby sign the DCO.

@kendrickb-nvidia
Copy link
Copy Markdown
Contributor Author

kendrickb-nvidia commented May 6, 2026

recheck

lipikaramaswamy
lipikaramaswamy approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@lipikaramaswamy lipikaramaswamy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@kendrickb-nvidia kendrickb-nvidia merged commit c49ce7e into main May 6, 2026
12 of 13 checks passed
@kendrickb-nvidia kendrickb-nvidia deleted the kendrickb-nvidia/update-pytest branch May 6, 2026 23:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mckornfield mckornfield mckornfield approved these changes

@lipikaramaswamy lipikaramaswamy lipikaramaswamy approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kendrickb-nvidia @mckornfield @lipikaramaswamy