chore(deps): upgrade pytest to >=9.0.3 with Python 3.9 compatibility

[dtoxvanilla1991]

Summary

This PR upgrades pytest to >=9.0.3 (for Python >=3.10) to address CVE-2025-71176 while preserving Python 3.9 support - a conservative, non-breaking alternative to #169.

Security Fix

CVE-2025-71176 (CVSS 6.8 / Medium): pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, allowing local users to cause denial of service or gain privileges. Fixed in pytest 9.0.3.

Why not just merge #169?

pytest 9 dropped Python 3.9 support. The SDK's requires-python = ">=3.9" and the CI matrix includes Python 3.9. Merging #169 directly would cause the Python 3.9 CI job to fail on install.

Approach (environment-marker based constraints)

Python version	pytest range	Rationale
>=3.10	>=9.0.3	Gets CVE fix, full pytest 9 feature set
<3.10 (3.9)	>=7.4.0,<9	pytest 9 does not support Python 3.9; no CVE backport exists for 8.x

Note: Python 3.9 environments will remain on the latest pytest 8.x. The CVE has a local attack vector and affects a dev-only dependency, so the risk exposure on 3.9 is minimal.

Files changed

• requirements.txt — split pytest into two conditional lines using pip environment markers
• pyproject.toml — updated both [project.optional-dependencies].dev (pip markers) and [tool.poetry.dev-dependencies] (Poetry inline-table multi-constraint syntax)

Relates to / supersedes

Closes / supersedes renovate PR #169 (chore(deps): update dependency pytest to v9 [security])"

[coderabbitai]

Warning

Rate limit exceeded

@Koosha-Owji has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 18 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 58 minutes and 18 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: df1a0987-a971-49f1-9dbd-696f877994ed

📥 Commits

Reviewing files that changed from the base of the PR and between 7bf9bc6 and 1ce0a12.

⛔ Files ignored due to path filters (1)

• pyproject.toml is excluded by !**/*.toml

📒 Files selected for processing (1)

• requirements.txt

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch deps/pytest-9-conservative-upgrade

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[Koosha-Owji]

@coderabbitai resume

[coderabbitai]

✅ Actions performed

Reviews resumed.