Skip to content

ROB-566 Upgrade pytest to ^9.0.3 to fix CVE-2025-71176#2115

Merged
Avi-Robusta merged 1 commit into
masterfrom
claude/pip-pytest-cve-2025-71176-06tnuw
Jul 9, 2026
Merged

ROB-566 Upgrade pytest to ^9.0.3 to fix CVE-2025-71176#2115
Avi-Robusta merged 1 commit into
masterfrom
claude/pip-pytest-cve-2025-71176-06tnuw

Conversation

@moshemorad

Copy link
Copy Markdown
Contributor

Summary

Updated the pytest dependency to version 9.0.3 or higher to address a security vulnerability (CVE-2025-71176) that affects pytest versions below 9.0.3.

Changes

  • Upgraded pytest from ^6.2.4 to ^9.0.3 in dev dependencies
  • Added explanatory comment referencing the CVE being fixed

Details

This is a security-focused dependency update to mitigate CVE-2025-71176. The previous constraint allowed pytest versions below the patched version, so the minimum version requirement has been raised to ensure the vulnerability is not present in development environments.

https://claude.ai/code/session_01TjjSMyvjymxtXMYFQ1NKbu

Bump pytest ^6.2.4 -> ^9.0.3 (CVE-2025-71176, medium severity, fixed
in 9.0.3; locked at 9.1.1). Lock regenerated with Poetry 1.8.5 to keep
the lock-version 2.0 format CI's poetry can read. Obsolete pytest 6
dependencies (atomicwrites, py) drop out of the lock. All tests that
don't require a live cluster pass (282 passed, 11 skipped); the
cluster-dependent tests fail identically under the old pytest.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TjjSMyvjymxtXMYFQ1NKbu
@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

This PR updates the pytest development dependency in pyproject.toml from ^6.2.4 to ^9.0.3, adding a comment noting the reason for the version pin.

Changes

Dependency version bump

Layer / File(s) Summary
Bump pytest version
pyproject.toml
pytest dev-dependency constraint updated from ^6.2.4 to ^9.0.3, with a comment explaining the pin.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested reviewers: aantn

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly states the main change: upgrading pytest to 9.0.3 to fix a specific CVE.
Description check ✅ Passed The description matches the changeset and explains the dependency bump and security fix.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/pip-pytest-cve-2025-71176-06tnuw

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Docker image ready for d11203f (built in 3m 53s)

⚠️ Warning: does not support ARM (ARM images are built on release only - not on every PR)

Use this tag to pull the image for testing.

📋 Copy commands

⚠️ Temporary images are deleted after 30 days. Copy to a permanent registry before using them:

gcloud auth configure-docker us-central1-docker.pkg.dev
docker pull us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:d11203f
docker tag us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:d11203f me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:d11203f
docker push me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:d11203f

Patch Helm values in one line:

helm upgrade --install robusta robusta/robusta \
  --reuse-values \
  --set runner.image=me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:d11203f

@moshemorad moshemorad changed the title Upgrade pytest to ^9.0.3 to fix CVE-2025-71176 ROB-566 Upgrade pytest to ^9.0.3 to fix CVE-2025-71176 Jul 9, 2026
@Avi-Robusta Avi-Robusta enabled auto-merge (squash) July 9, 2026 11:21
@Avi-Robusta Avi-Robusta merged commit 390f262 into master Jul 9, 2026
7 checks passed
@Avi-Robusta Avi-Robusta deleted the claude/pip-pytest-cve-2025-71176-06tnuw branch July 9, 2026 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants