diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index ef030c5a71..135cced4a7 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -24,6 +24,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ### 🔐 Security +- `pytest` from 8.3.5 to 9.0.3, patching a known vulnerability in the SDK test dependency [(#11291)](https://github.com/prowler-cloud/prowler/pull/11291) - `black` from 25.1.0 to 26.3.1, patching a known vulnerability in the SDK formatter dependency [(#11290)](https://github.com/prowler-cloud/prowler/pull/11290) - `microsoft-kiota-*` to 1.9.9 and `aiohttp` to 3.14.0, patching known CVEs [(#11596)](https://github.com/prowler-cloud/prowler/pull/11596) - Container base image bumped to `python:3.12.13-slim-bookworm` (patches `libgnutls30` CVE-2026-33845 and CVE-2026-42010) and `trivy` bumped to 0.71.0 (patches embedded `golang.org/x/crypto` and Go stdlib CVEs); `.trivyignore` documents remaining bookworm criticals with no-fix or not-affected rationale [(#11592)](https://github.com/prowler-cloud/prowler/pull/11592) diff --git a/pyproject.toml b/pyproject.toml index 5b8f87c218..f3cec52678 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -17,7 +17,7 @@ dev = [ "openapi-spec-validator==0.7.1", "prek==0.3.9", "pylint==3.3.4", - "pytest==8.3.5", + "pytest==9.0.3", "pytest-cov==6.0.0", "pytest-env==1.1.5", "pytest-randomly==3.16.0", @@ -320,7 +320,7 @@ constraint-dependencies = [ "pynacl==1.6.2", "pyopenssl==26.2.0", "pyparsing==3.3.2", - "pytest==8.3.5", + "pytest==9.0.3", "pytest-cov==6.0.0", "pytest-env==1.1.5", "pytest-randomly==3.16.0", diff --git a/uv.lock b/uv.lock index e2d82196f7..b221255e33 100644 --- a/uv.lock +++ b/uv.lock @@ -172,7 +172,7 @@ constraints = [ { name = "pynacl", specifier = "==1.6.2" }, { name = "pyopenssl", specifier = "==26.2.0" }, { name = "pyparsing", specifier = "==3.3.2" }, - { name = "pytest", specifier = "==8.3.5" }, + { name = "pytest", specifier = "==9.0.3" }, { name = "pytest-cov", specifier = "==6.0.0" }, { name = "pytest-env", specifier = "==1.1.5" }, { name = "pytest-randomly", specifier = "==3.16.0" }, @@ -3728,7 +3728,7 @@ dev = [ { name = "openapi-spec-validator", specifier = "==0.7.1" }, { name = "prek", specifier = "==0.3.9" }, { name = "pylint", specifier = "==3.3.4" }, - { name = "pytest", specifier = "==8.3.5" }, + { name = "pytest", specifier = "==9.0.3" }, { name = "pytest-cov", specifier = "==6.0.0" }, { name = "pytest-env", specifier = "==1.1.5" }, { name = "pytest-randomly", specifier = "==3.16.0" }, @@ -4101,7 +4101,7 @@ wheels = [ [[package]] name = "pytest" -version = "8.3.5" +version = "9.0.3" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "colorama", marker = "sys_platform == 'win32'" }, @@ -4109,11 +4109,12 @@ dependencies = [ { name = "iniconfig" }, { name = "packaging" }, { name = "pluggy" }, + { name = "pygments" }, { name = "tomli", marker = "python_full_version < '3.11'" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/ae/3c/c9d525a414d506893f0cd8a8d0de7706446213181570cdbd766691164e40/pytest-8.3.5.tar.gz", hash = "sha256:f4efe70cc14e511565ac476b57c279e12a855b11f48f212af1080ef2263d3845", size = 1450891, upload-time = "2025-03-02T12:54:54.503Z" } +sdist = { url = "https://files.pythonhosted.org/packages/7d/0d/549bd94f1a0a402dc8cf64563a117c0f3765662e2e668477624baeec44d5/pytest-9.0.3.tar.gz", hash = "sha256:b86ada508af81d19edeb213c681b1d48246c1a91d304c6c81a427674c17eb91c", size = 1572165, upload-time = "2026-04-07T17:16:18.027Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/30/3d/64ad57c803f1fa1e963a7946b6e0fea4a70df53c1a7fed304586539c2bac/pytest-8.3.5-py3-none-any.whl", hash = "sha256:c69214aa47deac29fad6c2a4f590b9c4a9fdb16a403176fe154b79c0b4d4d820", size = 343634, upload-time = "2025-03-02T12:54:52.069Z" }, + { url = "https://files.pythonhosted.org/packages/d4/24/a372aaf5c9b7208e7112038812994107bc65a84cd00e0354a88c2c77a617/pytest-9.0.3-py3-none-any.whl", hash = "sha256:2c5efc453d45394fdd706ade797c0a81091eccd1d6e4bccfcd476e2b8e0ab5d9", size = 375249, upload-time = "2026-04-07T17:16:16.13Z" }, ] [[package]]