search

ladybug-tools / ladybug-geometry

🐞 📦 A library with geometry objects used throughout the Ladybug Tools core libraries
https://www.ladybug.tools/ladybug-geometry/docs/
GNU Affero General Public License v3.0
23 stars 22 forks source link

chore(deps-dev): bump pytest from 6.2.2 to 6.2.3 #276

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps pytest from 6.2.2 to 6.2.3.

Release notes

Sourced from pytest's releases.

6.2.3

pytest 6.2.3 (2021-04-03)

Bug Fixes

  • #8414: pytest used to create directories under /tmp with world-readable permissions. This means that any user in the system was able to read information written by tests in temporary directories (such as those created by the tmp_path/tmpdir fixture). Now the directories are created with private permissions.

    pytest used silenty use a pre-existing /tmp/pytest-of-<username> directory, even if owned by another user. This means another user could pre-create such a directory and gain control of another user's temporary directory. Now such a condition results in an error.

Changelog

Sourced from pytest's changelog.

Commits
  • 3a2fd96 Prepare release version 6.2.3
  • 138b19a Merge pull request #8517 from bluetech/backport-mktmp
  • 822686e tmpdir: prevent using a non-private root temp directory
  • 9dc54f7 tmpdir: fix temporary directories created with world-readable permissions
  • 93dbae2 pathlib: inline ensure_reset_dir()
  • 02fdbe2 pathlib: remove useless temporary variable
  • 12e7db8 Merge pull request #8285 from nicoddemus/backport-8280
  • 56e4392 Merge pull request #8280 from xuhdev/module
  • 8220eca Merge pull request #8275 from pytest-dev/release-6.2.2
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in the `.dependabot/config.yml` file in this repo: - Update frequency - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
github-actions[bot] commented 3 years ago

:tada: This PR is included in version 1.23.6 :tada:

The release is available on:

Your semantic-release bot :package::rocket: