fix(deps): update all non-major dependencies (!68) · Merge requests · Information Services / DevOps / Identity and Access Management / University Card management / Card Client

This MR contains the following updates:

Package	Type	Update	Change
Lucas-C/pre-commit-hooks-safety	repository	minor	`v1.3.3` -> `v1.4.2`
coverage	dev	minor	`7.6.12` -> `7.11.0`
progress	dependencies	patch	`1.6` -> `1.6.1`
pycqa/flake8	repository	minor	`7.1.0` -> `7.3.0`
pytest (changelog)	dev	minor	`8.3.5` -> `8.4.2`
pytest-cov (changelog)	dev	minor	`6.0.0` -> `6.3.0`
pyyaml (source)	dependencies	patch	`6.0.2` -> `6.0.3`
registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/python	final	minor	`3.11-slim` -> `3.14-slim`
requests (source, changelog)	dependencies	minor	`~2.26.0` -> `~2.32.0`
tobix/pywine	image	minor	`3.11` -> `3.13`
uis/devops/continuous-delivery/ci-templates	repository	minor	`v7.6.2` -> `v7.18.0`

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

Lucas-C/pre-commit-hooks-safety (Lucas-C/pre-commit-hooks-safety)

`v1.4.2`: Allowing --disable-optional-telemetry-data

Compare Source

Fixed

Allowed --disable-optional-telemetry-data to be specified instead of --disable-optional-telemetry

`v1.4.1`: More robust requirements path check & using safety<=2.3.5

Compare Source

Added

Add more robust requirements path check - cf. MR #55

Fixed

Added constraint safety<=2.3.5 in setup.py in order to be able to still use the check command. A future-proof solution could be to create a new python-safety-dependencies-scan hook, cf. issue #52

`v1.4.0`

Compare Source

Added

support for Poetry 2.0.0 - cf. MR #55

nedbat/coveragepy (coverage)

`v7.11.0`

Compare Source

Dropped support for Python 3.9, declared support for Python 3.15 alpha.

.. _changes_7-10-7:

`v7.10.7`

Compare Source

Performance: with branch coverage in large files, generating HTML, JSON, or LCOV reports could take far too long due to some quadratic behavior when creating the function and class index pages. This is now fixed, closing issue 2048_. Thanks to Daniel Diniz for help diagnosing the problem.
Most warnings and a few errors now have links to a page in the docs explaining the specific message. Closes issue 1921_.

.. _issue 1921: #1921 .. _issue 2048: #2048

.. _changes_7-10-6:

`v7.10.6`

Compare Source

Fix: source directories were not properly communicated to subprocesses that ran in different directories, as reported in issue 1499_. This is now fixed.
Performance: Alex Gaynor continues fine-tuning <pull 2038_>_ the speed of combination, especially with many contexts.

.. _issue 1499: #1499 .. _pull 2038: #2038

.. _changes_7-10-5:

`v7.10.5`

Compare Source

Big speed improvements for coverage combine: it's now about twice as fast! Huge thanks to Alex Gaynor for pull requests 2032 <pull 2032_>, 2033 <pull 2033_>, and 2034 <pull 2034_>_.

.. _pull 2032: #2032 .. _pull 2033: #2033 .. _pull 2034: #2034

.. _changes_7-10-4:

`v7.10.4`

Compare Source

Added patch = fork for times when the built-in forking support is insufficient.
Fix: patch = execv also inherits the entire coverage configuration now.

.. _changes_7-10-3:

`v7.10.3`

Compare Source

Fixes for patch = subprocess:
- If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.
- If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.
- On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022_.
- Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn't be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021_. Now the entire configuration is used in subprocesses, regardless of its origin.
- Added debug=patch to help diagnose problems.
Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017: #2017 .. _issue 2021: #2021 .. _issue 2022: #2022 .. _issue 2024: #2024 .. _issue 2025: #2025

.. _changes_7-10-2:

`v7.10.2`

Compare Source

Fix: some code with NOP bytecodes could report missing branches that are actually executed. This is now fixed, closing issue 1999_. Python 3.9 still shows the problem.

.. _issue 1999: #1999

.. _changes_7-10-1:

`v7.10.1`

Compare Source

Fix: the exclusion for if TYPE_CHECKING: was wrong: it marked the branch as partial, but it should have been a line exclusion so the entire clause would be excluded. Improves issue 831_.
Fix: changed where .pth files are written for patch = subprocess, closing issue 2006_.

.. _issue 2006: #2006

.. _changes_7-10-0:

`v7.10.0`

Compare Source

A new configuration option: ":ref:config_run_patch" specifies named patches to work around some limitations in coverage measurement. These patches are available:
- patch = _exit lets coverage save its data even when :func:os._exit() <python:os._exit> is used to abruptly end the process. This closes long-standing issue 310_ as well as its duplicates: issue 312, issue 1673, issue 1845, and issue 1941.
- patch = subprocess measures coverage in Python subprocesses created with :mod:subprocess, :func:os.system, or one of the :func:execv <python:os.execl> or :func:spawnv <python:os.spawnl> family of functions. Closes old issue 367, its duplicate issue 378 and old issue 689_.
- patch = execv adjusts the :func:execv <python:os.execl> family of functions to save coverage data before ending the current program and starting the next. Not available on Windows. Closes issue 43_ after 15 years!
The HTML report now dimly colors subsequent lines in multi-line statements. They used to have no color. This gives a better indication of the amount of code missing in the report. Closes issue 1308_.
Two new exclusion patterns are part of the defaults: ... is automatically excluded as a line and if TYPE_CHECKING: is excluded as a branch. Closes issue 831_.
A new command-line option: --save-signal=USR1 specifies a signal that coverage.py will listen for. When the signal is sent, the coverage data will be saved. This makes it possible to save data from within long-running processes. Thanks, Arkady Gilinsky <pull 1998_>_.
A new configuration option: ":ref:config_report_partial_also" is a list of regexes to add as pragmas for partial branches. This parallels the ":ref:config_report_exclude_also" setting for adding line exclusion patterns.
A few file path configuration settings didn't allow for tilde expansion: :ref:config_json_output, :ref:config_lcov_output and :ref:config_run_debug_file. This is now fixed.
Wheels are included for 3.14 now that 3.14 rc1 is available.
We no longer ship a PyPy-specific wheel. PyPy will install the pure-Python wheel. Closes issue 2001_.
In the very unusual situation of not having a current frame, coverage no longer crashes when using the sysmon core, fixing issue 2005_.

.. _issue 43: #43 .. _issue 310: #310 .. _issue 312: #312 .. _issue 367: #367 .. _issue 378: #378 .. _issue 689: #689 .. _issue 831: #831 .. _issue 1308: #1308 .. _issue 1673: #1673 .. _issue 1845: #1845 .. _issue 1941: #1941 .. _pull 1998: #1998 .. _issue 2001: #2001 .. _issue 2005: #2005

.. _changes_7-9-2:

`v7.9.2`

Compare Source

Fix: complex conditionals within a line might cause a KeyError when using sys.monitoring, as reported in issue 1991_. This is now fixed.
Fix: we can now measure coverage for code in Python archive (.par) files. Thanks, Itamer Oren <pull 1984_>_.

.. _pull 1984: #1984 .. _issue 1991: #1991

.. _changes_7-9-1:

`v7.9.1`

Compare Source

The "no-ctracer" warning is not issued for Python pre-release versions. Coverage doesn't ship compiled wheels for those versions, so this was far too noisy.
On Python 3.14+, the "sysmon" core is now the default if it's supported for your configuration. Plugins and dynamic contexts are still not supported with it.

.. _changes_7-9-0:

`v7.9.0`

Compare Source

Added a [run] core configuration setting to specify the measurement core, which was previously only available through the COVERAGE_CORE environment variable. Finishes issue 1746_.
Fixed incorrect rendering of f-strings with doubled braces, closing issue 1980_.
If the C tracer core can't be imported, a warning ("no-ctracer") is issued with the reason.
The C tracer core extension module now conforms to PEP 489, closing issue 1977. Thanks, Adam Turner <pull 1978_>_.
Fixed a "ValueError: min() arg is an empty sequence" error caused by strange empty modules, found by oss-fuzz_.

.. _issue 1746: #1746 .. _issue 1977: #1977 .. _pull 1978: #1978 .. _issue 1980: #1980 .. _PEP 489: https://peps.python.org/pep-0489 .. _oss-fuzz: https://google.github.io/oss-fuzz/

.. _changes_7-8-2:

`v7.8.2`

Compare Source

Wheels are provided for Windows ARM64 on Python 3.11, 3.12, and 3.13. Thanks, Finn Womack <pull 1972_>_.

.. _issue 1971: #1971 .. _pull 1972: #1972

.. _changes_7-8-1:

`v7.8.1`

Compare Source

A number of EncodingWarnings were fixed that could appear if you've enabled PYTHONWARNDEFAULTENCODING, fixing issue 1966. Thanks, Henry Schreiner <pull 1967_>.
Fixed a race condition when using sys.monitoring with free-threading Python, closing issue 1970_.

.. _issue 1966: #1966 .. _pull 1967: #1967 .. _issue 1970: #1970

.. _changes_7-8-0:

`v7.8.0`

Compare Source

Added a new source_dirs setting for symmetry with the existing source_pkgs setting. It's preferable to the existing source setting, because you'll get a clear error when directories don't exist. Fixes issue 1942. Thanks, Jeremy Fleischman <pull 1943_>.
Fix: the PYTHONSAFEPATH environment variable new in Python 3.11 is properly supported, closing issue 1696. Thanks, Philipp A. <pull 1700_>. This works properly except for a detail when using the coverage command on Windows. There you can use python -m coverage instead if you need exact emulation.

.. _issue 1696: #1696 .. _pull 1700: #1700 .. _issue 1942: #1942 .. _pull 1943: #1943

.. _changes_7-7-1:

`v7.7.1`

Compare Source

A few small tweaks to the sys.monitoring support for Python 3.14. Please test!

.. _changes_7-7-0:

`v7.7.0`

Compare Source

The Coverage object has a new method, :meth:.Coverage.branch_stats for getting simple branch information for a module. Closes issue 1888_.
The :class:Coverage constructor<.Coverage> now has a plugins parameter for passing in plugin objects directly, thanks to Alex Gaynor <pull 1919_>_.
Many constant tests in if statements are now recognized as being optimized away. For example, previously if 13: would have been considered a branch with one path not taken. Now it is understood as always true and no coverage is missing.
The experimental sys.monitoring support now works for branch coverage if you are using Python 3.14.0 alpha 6 or newer. This should reduce the overhead coverage.py imposes on your test suite. Set the environment variable COVERAGE_CORE=sysmon to try it out.
Confirmed support for PyPy 3.11. Thanks Michał Górny.

.. _issue 1888: #1888 .. _pull 1919: #1919

.. _changes_7-6-12:

pycqa/flake8 (pycqa/flake8)

pytest-dev/pytest (pytest)

`v8.4.2`

Compare Source

pytest 8.4.2 (2025-09-03)

Bug fixes

#13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.
#13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.
#13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.
#13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.
#13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

#13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

#13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
#13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
#13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.

`v8.4.1`

Compare Source

pytest 8.4.1 (2025-06-17)

Bug fixes

#13461: Corrected _pytest.terminal.TerminalReporter.isatty to support being called as a method. Before it was just a boolean which could break correct code when using -o log_cli=true).
#13477: Reintroduced pytest.PytestReturnNotNoneWarning{.interpreted-text role="class"} which was removed by accident in pytest [8.4]{.title-ref}.

This warning is raised when a test functions returns a value other than None, which is often a mistake made by beginners.

See return-not-none{.interpreted-text role="ref"} for more information.
#13497: Fixed compatibility with Twisted 25+.

Improved documentation

#13492: Fixed outdated warning about faulthandler not working on Windows.

`v8.4.0`

Compare Source

pytest 8.4.0 (2025-06-02)

Removals and backward incompatible breaking changes

#11372: Async tests will now fail, instead of warning+skipping, if you don't have any suitable plugin installed.
#12346: Tests will now fail, instead of raising a warning, if they return any value other than None.
#12874: We dropped support for Python 3.8 following its end of life (2024-10-07).
#12960: Test functions containing a yield now cause an explicit error. They have not been run since pytest 4.0, and were previously marked as an expected failure and deprecation warning.

See the docs <yield tests deprecated>{.interpreted-text role="ref"} for more information.

Deprecations (removal in next major release)

#10839: Requesting an asynchronous fixture without a [pytest_fixture_setup]{.title-ref} hook that resolves it will now give a DeprecationWarning. This most commonly happens if a sync test requests an async fixture. This should have no effect on a majority of users with async tests or fixtures using async pytest plugins, but may affect non-standard hook setups or autouse=True. For guidance on how to work around this warning see sync-test-async-fixture{.interpreted-text role="ref"}.

New features

#11538: Added pytest.RaisesGroup{.interpreted-text role="class"} as an equivalent to pytest.raises{.interpreted-text role="func"} for expecting ExceptionGroup{.interpreted-text role="exc"}. Also adds pytest.RaisesExc{.interpreted-text role="class"} which is now the logic behind pytest.raises{.interpreted-text role="func"} and used as parameter to pytest.RaisesGroup{.interpreted-text role="class"}. RaisesGroup includes the ability to specify multiple different expected exceptions, the structure of nested exception groups, and flags for emulating except* <except_star>{.interpreted-text role="ref"}. See assert-matching-exception-groups{.interpreted-text role="ref"} and docstrings for more information.
#12081: Added capteesys{.interpreted-text role="fixture"} to capture AND pass output to next handler set by --capture=.
#12504: pytest.mark.xfail{.interpreted-text role="func"} now accepts pytest.RaisesGroup{.interpreted-text role="class"} for the raises parameter when you expect an exception group. You can also pass a pytest.RaisesExc{.interpreted-text role="class"} if you e.g. want to make use of the check parameter.
#12713: New [--force-short-summary]{.title-ref} option to force condensed summary output regardless of verbosity level.

This lets users still see condensed summary output of failures for quick reference in log files from job outputs, being especially useful if non-condensed output is very verbose.
#12749: pytest traditionally collects classes/functions in the test module namespace even if they are imported from another file.

For example:

contents of src/domain.py

class Testament: ...

contents of tests/test_testament.py

from domain import Testament

def test_testament(): ...
```

In this scenario with the default options, pytest will collect the class [Testament]{.title-ref} from [tests/test_testament.py]{.title-ref} because it starts with [Test]{.title-ref}, even though in this case it is a production class being imported in the test module namespace.

This behavior can now be prevented by setting the new `collect_imported_tests`{.interpreted-text role="confval"} configuration option to `false`, which will make pytest collect classes/functions from test files **only** if they are defined in that file.

\-- by `FreerGit`{.interpreted-text role="user"}

#12765: Thresholds to trigger snippet truncation can now be set with truncation_limit_lines{.interpreted-text role="confval"} and truncation_limit_chars{.interpreted-text role="confval"}.

See truncation-params{.interpreted-text role="ref"} for more information.
#13125: console_output_style{.interpreted-text role="confval"} now supports times to show execution time of each test.
#13192: pytest.raises{.interpreted-text role="func"} will now raise a warning when passing an empty string to match, as this will match against any value. Use match="^$" if you want to check that an exception has no message.
#13192: pytest.raises{.interpreted-text role="func"} will now print a helpful string diff if matching fails and the match parameter has ^ and $ and is otherwise escaped.
#13192: You can now pass with pytest.raises(check=fn): <pytest.raises>{.interpreted-text role="func"}, where fn is a function which takes a raised exception and returns a boolean. The raises fails if no exception was raised (as usual), passes if an exception is raised and fn returns True (as well as match and the type matching, if specified, which are checked before), and propagates the exception if fn returns False (which likely also fails the test).
#13228: hidden-param{.interpreted-text role="ref"} can now be used in id of pytest.param{.interpreted-text role="func"} or in ids of Metafunc.parametrize <pytest.Metafunc.parametrize>{.interpreted-text role="py:func"}. It hides the parameter set from the test name.
#13253: New flag: --disable-plugin-autoload <disable_plugin_autoload>{.interpreted-text role="ref"} which works as an alternative to PYTEST_DISABLE_PLUGIN_AUTOLOAD{.interpreted-text role="envvar"} when setting environment variables is inconvenient; and allows setting it in config files with addopts{.interpreted-text role="confval"}.

Improvements in existing functionality

#10224: pytest's short and long traceback styles (how-to-modifying-python-tb-printing{.interpreted-text role="ref"}) now have partial 657{.interpreted-text role="pep"} support and will show specific code segments in the traceback.

================================= FAILURES =================================
_______________________ test_gets_correct_tracebacks _______________________

test_tracebacks.py:12: in test_gets_correct_tracebacks
    assert manhattan_distance(p1, p2) == 1
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
test_tracebacks.py:6: in manhattan_distance
    return abs(point_1.x - point_2.x) + abs(point_1.y - point_2.y)
                           ^^^^^^^^^
E   AttributeError: 'NoneType' object has no attribute 'x'

-- by ammaraskar{.interpreted-text role="user"}

#11118: Now pythonpath{.interpreted-text role="confval"} configures [$PYTHONPATH]{.title-ref} earlier than before during the initialization process, which now also affects plugins loaded via the [-p]{.title-ref} command-line option.

-- by millerdev{.interpreted-text role="user"}

#11381: The type parameter of the parser.addini method now accepts ["int"]{.title-ref} and "float" parameters, facilitating the parsing of configuration values in the configuration file.

Example:

def pytest_addoption(parser):
    parser.addini("int_value", type="int", default=2, help="my int value")
    parser.addini("float_value", type="float", default=4.2, help="my float value")

The [pytest.ini]{.title-ref} file:

[pytest]
int_value = 3
float_value = 5.4

#11525: Fixtures are now clearly represented in the output as a "fixture object", not as a normal function as before, making it easy for beginners to catch mistakes such as referencing a fixture declared in the same module but not requested in the test function.

-- by the-compiler{.interpreted-text role="user"} and glyphack{.interpreted-text role="user"}
#12426: A warning is now issued when pytest.mark.usefixtures ref{.interpreted-text role="ref"} is used without specifying any fixtures. Previously, empty usefixtures markers were silently ignored.
#12707: Exception chains can be navigated when dropped into Pdb in Python 3.13+.
#12736: Added a new attribute [name]{.title-ref} with the fixed value ["pytest tests"]{.title-ref} to the root tag [testsuites]{.title-ref} of the junit-xml generated by pytest.

This attribute is part of many junit-xml specifications and is even part of the [junit-10.xsd]{.title-ref} specification that pytest's implementation is based on.
#12943: If a test fails with an exceptiongroup with a single exception, the contained exception will now be displayed in the short test summary info.
#12958: A number of unraisable <unraisable>{.interpreted-text role="ref"} enhancements:
- Set the unraisable hook as early as possible and unset it as late as possible, to collect the most possible number of unraisable exceptions.
- Call the garbage collector just before unsetting the unraisable hook, to collect any straggling exceptions.
- Collect multiple unraisable exceptions per test phase.
- Report the tracemalloc{.interpreted-text role="mod"} allocation traceback (if available).
- Avoid using a generator based hook to allow handling StopIteration{.interpreted-text role="class"} in test failures.
- Report the unraisable exception as the cause of the pytest.PytestUnraisableExceptionWarning{.interpreted-text role="class"} exception if raised.
- Compute the repr of the unraisable object in the unraisable hook so you get the latest information if available, and should help with resurrection of the object.
#13010: pytest.approx{.interpreted-text role="func"} now can compare collections that contain numbers and non-numbers mixed.
#13016: A number of threadexception <unraisable>{.interpreted-text role="ref"} enhancements:
- Set the excepthook as early as possible and unset it as late as possible, to collect the most possible number of unhandled exceptions from threads.
- Collect multiple thread exceptions per test phase.
- Report the tracemalloc{.interpreted-text role="mod"} allocation traceback (if available).
- Avoid using a generator based hook to allow handling StopIteration{.interpreted-text role="class"} in test failures.
- Report the thread exception as the cause of the pytest.PytestUnhandledThreadExceptionWarning{.interpreted-text role="class"} exception if raised.
- Extract the name of the thread object in the excepthook which should help with resurrection of the thread.
#13031: An empty parameter set as in pytest.mark.parametrize([], ids=idfunc) will no longer trigger a call to idfunc with internal objects.
#13115: Allows supplying ExceptionGroup[Exception] and BaseExceptionGroup[BaseException] to pytest.raises to keep full typing on ExceptionInfo <pytest.ExceptionInfo>{.interpreted-text role="class"}:
```
with pytest.raises(ExceptionGroup[Exception]) as exc_info:
    some_function()
```
Parametrizing with other exception types remains an error - we do not check the types of child exceptions and thus do not permit code that might look like we do.
#13122: The --stepwise mode received a number of improvements:
- It no longer forgets the last failed test in case pytest is executed later without the flag.
  
  This enables the following workflow:
  1. Execute pytest with --stepwise, pytest then stops at the first failing test;
  2. Iteratively update the code and run the test in isolation, without the --stepwise flag (for example in an IDE), until it is fixed.
  3. Execute pytest with --stepwise again and pytest will continue from the previously failed test, and if it passes, continue on to the next tests.
  Previously, at step 3, pytest would start from the beginning, forgetting the previously failed test.
  
  This change however might cause issues if the --stepwise mode is used far apart in time, as the state might get stale, so the internal state will be reset automatically in case the test suite changes (for now only the number of tests are considered for this, we might change/improve this on the future).
- New --stepwise-reset/--sw-reset flag, allowing the user to explicitly reset the stepwise state and restart the workflow from the beginning.
#13308: Added official support for Python 3.14.
#13380: Fix ExceptionGroup{.interpreted-text role="class"} traceback filtering to exclude pytest internals.
#13415: The author metadata of the BibTex example is now correctly formatted with last names following first names. An example of BibLaTex has been added. BibTex and BibLaTex examples now clearly indicate that what is cited is software.

-- by willynilly{.interpreted-text role="user"}
#13420: Improved test collection performance by optimizing path resolution used in FSCollector.
#13457: The error message about duplicate parametrization no longer displays an internal stack trace.
#4112: Using pytest.mark.usefixtures <pytest.mark.usefixtures ref>{.interpreted-text role="ref"} on pytest.param{.interpreted-text role="func"} now produces an error instead of silently doing nothing.
#5473: Replace [:]{.title-ref} with [;]{.title-ref} in the assertion rewrite warning message so it can be filtered using standard Python warning filters before calling pytest.main{.interpreted-text role="func"}.

[#&#8203;6985](https://github.com/pytest-dev/pytest/issues/6985): Improved `pytest.approx`{.interpreted-text role="func"} to enhance the readability of value ranges and tolerances between 0.001 and 1000.

:   -   The [repr]{.title-ref} method now provides clearer output for values within those ranges, making it easier to interpret the results.

    -   Previously, the output for those ranges of values and tolerances was displayed in scientific notation (e.g., [42 ± 1.0e+00]{.title-ref}). The updated method now presents the tolerance as a decimal for better readability (e.g., [42 ± 1]{.title-ref}).

        Example:

        **Previous Output:**

        ``` console
        >>> pytest.approx(42, abs=1)
        42 ± 1.0e+00
        ```

        **Current Output:**

        ``` console
        >>> pytest.approx(42, abs=1)
        42 ± 1
        ```

    \-- by `fazeelghafoor`{.interpreted-text role="user"}

#7683: The formerly optional pygments dependency is now required, causing output always to be source-highlighted (unless disabled via the --code-highlight=no CLI option).

Bug fixes

#10404: Apply filterwarnings from config/cli as soon as possible, and revert them as late as possible so that warnings as errors are collected throughout the pytest run and before the unraisable and threadexcept hooks are removed.

This allows very late warnings and unraisable/threadexcept exceptions to fail the test suite.

This also changes the warning that the lsof plugin issues from PytestWarning to the new warning PytestFDWarning so it can be more easily filtered.
#11067: The test report is now consistent regardless if the test xfailed via pytest.mark.xfail <pytest.mark.xfail ref>{.interpreted-text role="ref"} or pytest.fail{.interpreted-text role="func"}.

Previously, xfailed tests via the marker would have the string "reason: " prefixed to the message, while those xfailed via the function did not. The prefix has been removed.
#12008: In 11220{.interpreted-text role="pr"}, an unintended change in reordering was introduced by changing the way indices were assigned to direct params. More specifically, before that change, the indices of direct params to metafunc's callspecs were assigned after all parametrizations took place. Now, that change is reverted.
#12863: Fix applying markers, including pytest.mark.parametrize <pytest.mark.parametrize ref>{.interpreted-text role="ref"} when placed above [@staticmethod]{.title-ref} or [@classmethod]{.title-ref}.
#12929: Handle StopIteration from test cases, setup and teardown correctly.
#12938: Fixed --durations-min argument not respected if -vv is used.
#12946: Fixed missing help for pdb{.interpreted-text role="mod"} commands wrapped by pytest -- by adamchainz{.interpreted-text role="user"}.
#12981: Prevent exceptions in pytest.Config.add_cleanup{.interpreted-text role="func"} callbacks preventing further cleanups.
#13047: Restore pytest.approx{.interpreted-text role="func"} handling of equality checks between [bool]{.title-ref} and [numpy.bool_]{.title-ref} types.

Comparing [bool]{.title-ref} and [numpy.bool_]{.title-ref} using pytest.approx{.interpreted-text role="func"} accidentally changed in version [8.3.4]{.title-ref} and [8.3.5]{.title-ref} to no longer match:
```
>>> import numpy as np
>>> from pytest import approx
>>> [np.True_, np.True_] == pytest.approx([True, True])
False
```
This has now been fixed:
```
>>> [np.True_, np.True_] == pytest.approx([True, True])
True
```
#13119: Improved handling of invalid regex patterns for filter warnings by providing a clear error message.
#13175: The diff is now also highlighted correctly when comparing two strings.
#13248: Fixed an issue where passing a scope in Metafunc.parametrize <pytest.Metafunc.parametrize>{.interpreted-text role="py:func"} with indirect=True could result in other fixtures being unable to depend on the parametrized fixture.
#13291: Fixed repr of attrs objects in assertion failure messages when using attrs>=25.2.
#13312: Fixed a possible KeyError crash on PyPy during collection of tests involving higher-scoped parameters.
#13345: Fix type hints for pytest.TestReport.when{.interpreted-text role="attr"} and pytest.TestReport.location{.interpreted-text role="attr"}.
#13377: Fixed handling of test methods with positional-only parameter syntax.

Now, methods are supported that formally define self as positional-only and/or fixture parameters as keyword-only, e.g.:
```
class TestClass:

    def test_method(self, /, *, fixture): ...
```
Before, this caused an internal error in pytest.
#13384: Fixed an issue where pytest could report negative durations.
#13420: Added lru_cache to nodes._check_initialpaths_for_relpath.
#9037: Honor disable_test_id_escaping_and_forfeit_all_rights_to_community_support{.interpreted-text role="confval"} when escaping ids in parametrized tests.

Improved documentation

#12535: [This example]{.title-ref}<https://docs.pytest.org/en/latest/example/simple.html#making-test-result-information-available-in-fixtures> showed print statements that do not exactly reflect what the different branches actually do. The fix makes the example more precise.
#13218: Pointed out in the pytest.approx{.interpreted-text role="func"} documentation that it considers booleans unequal to numeric zero or one.
#13221: Improved grouping of CLI options in the --help output.
#6649: Added ~pytest.TerminalReporter{.interpreted-text role="class"} to the api-reference{.interpreted-text role="ref"} documentation page.
#8612: Add a recipe for handling abstract test classes in the documentation.

A new example has been added to the documentation to demonstrate how to use a mixin class to handle abstract test classes without manually setting the __test__ attribute for subclasses. This ensures that subclasses of abstract test classes are automatically collected by pytest.

Packaging updates and notes for downstreams

#13317: Specified minimum allowed versions of colorama, iniconfig, and packaging; and bumped the minimum allowed version of exceptiongroup for python_version<'3.11' from a release candidate to a full release.

Contributor-facing changes

#12017: Mixed internal improvements:
- Migrate formatting to f-strings in some tests.
- Use type-safe constructs in JUnitXML tests.
- MovedMockTiming into _pytest.timing.
-- by RonnyPfannschmidt{.interpreted-text role="user"}
#12647: Fixed running the test suite with the hypothesis pytest plugin.

Miscellaneous internal changes

#6649: Added ~pytest.TerminalReporter{.interpreted-text role="class"} to the public pytest API, as it is part of the signature of the pytest_terminal_summary{.interpreted-text role="hook"} hook.

pytest-dev/pytest-cov (pytest-cov)

`v6.3.0`

Compare Source

Added support for markdown reports. Contributed by Marcos Boger in #712 <https://github.com/pytest-dev/pytest-cov/pull/712>_ and #714 <https://github.com/pytest-dev/pytest-cov/pull/714>_.
Fixed some formatting issues in docs. Anonymous contribution in #706 <https://github.com/pytest-dev/pytest-cov/pull/706>_.

`v6.2.1`

Compare Source

Added a version requirement for pytest's pluggy dependency (1.2.0, released 2023-06-21) that has the required new-style hookwrapper API.
Removed deprecated license classifier (packaging).
Disabled coverage warnings in two more situations where they have no value:
- "module-not-measured" in workers
- "already-imported" in subprocesses

`v6.2.0`

Compare Source

The plugin now adds 3 rules in the filter warnings configuration to prevent common coverage warnings being raised as obscure errors::

default:unclosed database in <sqlite3.Connection object at:ResourceWarning once::PytestCovWarning once::CoverageWarning

This fixes most of the bad interactions that are occurring on pytest 8.4 with filterwarnings=error.

The plugin will check if there already matching rules for the 3 categories (ResourceWarning, PytestCovWarning, CoverageWarning) and message (unclosed database in <sqlite3.Connection object at) before adding the filters.

This means you can have this in your pytest configuration for complete oblivion (not recommended, if that is not clear)::

filterwarnings = [ "error", "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning", "ignore::PytestCovWarning", "ignore::CoverageWarning", ]

`v6.1.1`

Compare Source

Fixed breakage that occurs when --cov-context and the no_cover marker are used together.

`v6.1.0`

Compare Source

Change terminal output to use full width lines for the coverage header. Contributed by Tsvika Shapira in #678 <https://github.com/pytest-dev/pytest-cov/pull/678>_.
Removed unnecessary CovFailUnderWarning. Fixes #675 <https://github.com/pytest-dev/pytest-cov/issues/675>_.
Fixed the term report not using the precision specified via --cov-precision.

yaml/pyyaml (pyyaml)

`v6.0.3`

Compare Source

What's Changed

Support for Python 3.14 and free-threading (experimental).

Full Changelog: https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3

psf/requests (requests)

`v2.32.5`

Compare Source

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.
Dropped support for Python 3.8 following its end of support.

`v2.32.4`

Compare Source

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.
Dropped support for pypy 3.9 following its end of support.

`v2.32.3`

Compare Source

Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

`v2.32.2`

Compare Source

Deprecations

To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked MR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

`v2.32.1`

Compare Source

Bugfixes

Add missing test certs to the sdist distributed on PyPI.

`v2.32.0`

Compare Source

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

Requests has officially added support for CPython 3.12 (#6503)
Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
Requests has officially dropped support for CPython 3.7 (#6642)
Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

Various typo fixes and doc improvements.

Packaging

Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)
Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

`v2.31.0`

Compare Source

Security

Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

Full details can be read in our Github Security Advisory and CVE-2023-32681.

`v2.30.0`

Compare Source

Dependencies

⚠️ Added support for urllib3 2.0. ⚠️

This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

Users who wish to stay on urllib3 1.x can pin to urllib3<2.

`v2.29.0`

Compare Source

Improvements

Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

`v2.28.2`

Compare Source

Dependencies

Requests now supports charset_normalizer 3.x. (#6261)

Bugfixes

Updated MissingSchema exception to suggest https scheme rather than http. (#6188)

`v2.28.1`

Compare Source

Improvements

Speed optimization in iter_content with transition to yield from. (#6170)

Dependencies

Added support for chardet 5.0.0 (#6179)
Added support for charset-normalizer 2.1.0 (#6169)

`v2.28.0`

Compare Source

Deprecations

⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091)
Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)

Improvements

Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#6097)
Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154)
Added provisional 3.11 support with current beta build. (#6155)
Requests got a makeover and we decided to paint it black. (#6095)

Bugfixes

Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#6057)
Fixed issue where invalid Windows registry entries caused proxy resolution to raise an exception rather than ignoring the entry. (#6149)
Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6036)

`v2.27.1`

Compare Source

Bugfixes

Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#6028)

`v2.27.0`

Compare Source

Improvements

Officially added support for Python 3.10. (#5928)
Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#5856)
Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#6017)
Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#5917)

Bugfixes

Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#5851)
Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#5239)
Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#5914)
Fixed bug where two Host headers were sent for chunked requests. (#5391)
Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#5924)
Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#5924)
Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#5414)

Deprecations

Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.

uis/devops/continuous-delivery/ci-templates (uis/devops/continuous-delivery/ci-templates)

`v7.18.0`: 7.18.0

Compare Source

7.18.0 (2025-10-02)

Features

python: remove Python 3.9 from default Python version list (6468459), closes #167

`v7.17.7`: 7.17.7

Compare Source

7.17.7 (2025-10-02)

Bug Fixes

python-tox: increase Kubernetes memory limit for python-tox jobs (461ab04)

`v7.17.6`: 7.17.6

Compare Source

7.17.6 (2025-10-01)

Bug Fixes

terraform: set kubernetes CPU requests for terraform jobs (5c75c2d)

`v7.17.5`: 7.17.5

Compare Source

7.17.5 (2025-09-30)

Bug Fixes

exclude modules example sub-dirs from trivy scan (3adf47a)

`v7.17.4`: 7.17.4

Compare Source

7.17.4 (2025-09-29)

Bug Fixes

yarn: bump k8s memory limit for yarn:pack jobs (739da6d), closes #158 #158

`v7.17.3`: 7.17.3

Compare Source

7.17.3 (2025-09-29)

`v7.17.2`: 7.17.2

Compare Source

7.17.2 (2025-09-25)

Bug Fixes

mandatory-jobs: reduce cpu and memory requests for SAST jobs (9d3526a)

`v7.17.1`: 7.17.1

Compare Source

7.17.1 (2025-09-25)

Bug Fixes

pre-commit: certdir variable must be an empty string (d608c55)

`v7.17.0`: 7.17.0

Compare Source

7.17.0 (2025-09-24)

Features

mandatory-jobs: increase runner resources for failing SAST jobs (cfb7fd5)

`v7.16.0`: 7.16.0

Compare Source

7.16.0 (2025-09-19)

Features

🎸 Move standard job to Generic GKE Runner (59d2a0e)

`v7.15.2`: 7.15.2

Compare Source

7.15.2 (2025-09-17)

`v7.15.1`: 7.15.1

Compare Source

7.15.1 (2025-09-11)

Bug Fixes

maven.gitlab-ci.yml: moved PUBLISH_NEW_VERSION within .maven:publish script (e02809e)
maven.gitlab-ci.yml: updated semantic commit message pattern matching and logic (b9ad541)
maven.gitlab-ci.yml: updated semantic commit message pattern matching and logic (e8071e1)
maven.gitlab-ci.yml: updated semantic commit message pattern matching and logic (2574c8c)