Skip to content

AIP-211: fix vulnerable tmpdir handling — upgrade pytest to 9.0.3#51

Draft
diskun00 wants to merge 1 commit intomainfrom
AIP-211_fix_pytest
Draft

AIP-211: fix vulnerable tmpdir handling — upgrade pytest to 9.0.3#51
diskun00 wants to merge 1 commit intomainfrom
AIP-211_fix_pytest

Conversation

@diskun00
Copy link
Copy Markdown

@diskun00 diskun00 commented Apr 14, 2026

Summary

Details

pytest versions prior to 8.x had insecure tmpdir handling where temporary directories could be read/written by other users on the system. This upgrades the constraint to require at least 9.0.3.

Jira: https://getyourguide.atlassian.net/browse/AIP-211
Dependabot alert: https://github.com/getyourguide/DDataFlow/security/dependabot/19

Test plan

  • Verify CI passes with the new pytest version
  • Confirm no test compatibility issues with pytest 9.x

🤖 Generated with Claude Code

@diskun00 @claude
AIP-211: upgrade pytest to >=9.0.3 to fix vulnerable tmpdir handling
40a8cff 
Addresses Dependabot alert #19 (MODERATE severity). The previous
constraint ^6.2 allowed versions with insecure temporary directory
handling.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@diskun00 diskun00 requested a review from a team as a code owner April 14, 2026 10:01
@gygrobot gygrobot marked this pull request as draft April 23, 2026 08:45
@gygrobot
Copy link
Copy Markdown

gygrobot commented Apr 23, 2026

Converting to draft due to: failing CI checks. Please fix the issues and mark it as ready for review again, or close it if this is not needed anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

risk:low x-small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@diskun00 @gygrobot