chore(deps-dev): update pytest requirement from >=8.0 to >=9.0.3

[dependabot]

Updates the requirements on pytest to permit the latest version.

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

This PR bumps the minimum pytest dev dependency from >=8.0 to >=9.0.3, a major version upgrade. The 9.0.3 release includes several bug fixes and notably patches CVE-2025-71176 (insecure temporary directory usage), making this a security-motivated update.

Confidence Score: 5/5

Safe to merge — single-line dev dependency bump with no production impact and an included security fix.

The change is confined to a single dev dependency version constraint in pyproject.toml. It does not touch any source code or runtime dependencies, and the update addresses a known CVE (CVE-2025-71176). No P0/P1 findings were identified.

No files require special attention.

Important Files Changed

Filename	Overview
pyproject.toml	Bumps the minimum pytest version in dev dependencies from >=8.0 to >=9.0.3; no other changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[dependabot detects new pytest release] --> B[pytest 9.0.3 released]
    B --> C{Contains security fix?}
    C -- Yes CVE-2025-71176 --> D[Update pyproject.toml]
    D --> E[pytest>=8.0 → pytest>=9.0.3]
    E --> F[Dev dependency updated]
    F --> G[Tests run against pytest 9.x]

Loading

_{Reviews (1): Last reviewed commit: "chore(deps-dev): update pytest requireme..." | Re-trigger Greptile}