fix: bump pytest to 9.0.3 for GHSA-6w46-j5rx-g56g

pytest <9.0.3 has an insecure tmpdir vulnerability (CVE / GHSA-6w46-j5rx-g56g). Bump pytest-split to 0.11.0 to satisfy the new pytest>=9 requirement.
2026-04-13 22:42:37 +00:00 · 2026-04-14 02:38:05 +08:00
parent 58208fdbae
commit 0dba95e166
2 changed files with 12 additions and 12 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,7 +12,7 @@ dev = [
    "mypy==1.19.1",
    "pre-commit==4.5.1",
    "bandit==1.9.2",
-    "pytest==8.4.2",
+    "pytest==9.0.3",
    "pytest-asyncio==1.3.0",
    "pytest-subprocess==1.5.3",
    "vcrpy==7.0.0", # pinned, less versions break pytest-recording
@@ -20,7 +20,7 @@ dev = [
    "pytest-randomly==4.0.1",
    "pytest-timeout==2.4.0",
    "pytest-xdist==3.8.0",
-    "pytest-split==0.10.0",
+    "pytest-split==0.11.0",
    "types-requests~=2.31.0.6",
    "types-pyyaml==6.0.*",
    "types-regex==2026.1.15.*",
--- a/uv.lock
+++ b/uv.lock
@@ -13,7 +13,7 @@ resolution-markers = [
 ]

 [options]
-exclude-newer = "2026-04-10T12:25:00.712108Z"
+exclude-newer = "2026-04-10T18:30:59.748668Z"
 exclude-newer-span = "P3D"

 [manifest]
@@ -43,11 +43,11 @@ dev = [
    { name = "mypy", specifier = "==1.19.1" },
    { name = "pip-audit", specifier = "==2.9.0" },
    { name = "pre-commit", specifier = "==4.5.1" },
-    { name = "pytest", specifier = "==8.4.2" },
+    { name = "pytest", specifier = "==9.0.3" },
    { name = "pytest-asyncio", specifier = "==1.3.0" },
    { name = "pytest-randomly", specifier = "==4.0.1" },
    { name = "pytest-recording", specifier = "==0.13.4" },
-    { name = "pytest-split", specifier = "==0.10.0" },
+    { name = "pytest-split", specifier = "==0.11.0" },
    { name = "pytest-subprocess", specifier = "==1.5.3" },
    { name = "pytest-timeout", specifier = "==2.4.0" },
    { name = "pytest-xdist", specifier = "==3.8.0" },
@@ -1355,7 +1355,7 @@ requires-dist = [
    { name = "litellm", marker = "extra == 'litellm'", specifier = "~=1.83.0" },
    { name = "mcp", specifier = "~=1.26.0" },
    { name = "mem0ai", marker = "extra == 'mem0'", specifier = "~=0.1.94" },
-    { name = "openai", specifier = ">=1.83.0,<3" },
+    { name = "openai", specifier = ">=2.0.0,<3" },
    { name = "openpyxl", specifier = "~=3.1.5" },
    { name = "openpyxl", marker = "extra == 'openpyxl'", specifier = "~=3.1.5" },
    { name = "opentelemetry-api", specifier = "~=1.34.0" },
@@ -6817,7 +6817,7 @@ sdist = { url = "https://files.pythonhosted.org/packages/12/a0/d0638470df605ce26

 [[package]]
 name = "pytest"
-version = "8.4.2"
+version = "9.0.3"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "colorama", marker = "sys_platform == 'win32'" },
@@ -6828,9 +6828,9 @@ dependencies = [
    { name = "pygments" },
    { name = "tomli", marker = "python_full_version < '3.11'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/a3/5c/00a0e072241553e1a7496d638deababa67c5058571567b92a7eaa258397c/pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01", size = 1519618, upload-time = "2025-09-04T14:34:22.711Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/7d/0d/549bd94f1a0a402dc8cf64563a117c0f3765662e2e668477624baeec44d5/pytest-9.0.3.tar.gz", hash = "sha256:b86ada508af81d19edeb213c681b1d48246c1a91d304c6c81a427674c17eb91c", size = 1572165, upload-time = "2026-04-07T17:16:18.027Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/a8/a4/20da314d277121d6534b3a980b29035dcd51e6744bd79075a6ce8fa4eb8d/pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79", size = 365750, upload-time = "2025-09-04T14:34:20.226Z" },
+    { url = "https://files.pythonhosted.org/packages/d4/24/a372aaf5c9b7208e7112038812994107bc65a84cd00e0354a88c2c77a617/pytest-9.0.3-py3-none-any.whl", hash = "sha256:2c5efc453d45394fdd706ade797c0a81091eccd1d6e4bccfcd476e2b8e0ab5d9", size = 375249, upload-time = "2026-04-07T17:16:16.13Z" },
 ]

 [[package]]
@@ -6874,14 +6874,14 @@ wheels = [

 [[package]]
 name = "pytest-split"
-version = "0.10.0"
+version = "0.11.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "pytest" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/46/d7/e30ba44adf83f15aee3f636daea54efadf735769edc0f0a7d98163f61038/pytest_split-0.10.0.tar.gz", hash = "sha256:adf80ba9fef7be89500d571e705b4f963dfa05038edf35e4925817e6b34ea66f", size = 13903, upload-time = "2024-10-16T15:45:19.783Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/2f/16/8af4c5f2ceb3640bb1f78dfdf5c184556b10dfe9369feaaad7ff1c13f329/pytest_split-0.11.0.tar.gz", hash = "sha256:8ebdb29cc72cc962e8eb1ec07db1eeb98ab25e215ed8e3216f6b9fc7ce0ec2b5", size = 13421, upload-time = "2026-02-03T09:14:31.469Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/d6/a7/cad88e9c1109a5c2a320d608daa32e5ee008ccbc766310f54b1cd6b3d69c/pytest_split-0.10.0-py3-none-any.whl", hash = "sha256:466096b086a7147bcd423c6e6c2e57fc62af1c5ea2e256b4ed50fc030fc3dddc", size = 11961, upload-time = "2024-10-16T15:45:18.289Z" },
+    { url = "https://files.pythonhosted.org/packages/ae/a1/d4423657caaa8be9b31e491592b49cebdcfd434d3e74512ce71f6ec39905/pytest_split-0.11.0-py3-none-any.whl", hash = "sha256:899d7c0f5730da91e2daf283860eb73b503259cb416851a65599368849c7f382", size = 11911, upload-time = "2026-02-03T09:14:33.708Z" },
 ]

 [[package]]