#8414: pytest used to create directories under /tmp with world-readable
permissions. This means that any user in the system was able to read
information written by tests in temporary directories (such as those created by
the tmp_path/tmpdir fixture). Now the directories are created with
private permissions.
pytest used silenty use a pre-existing /tmp/pytest-of-<username> directory,
even if owned by another user. This means another user could pre-create such a
directory and gain control of another user's temporary directory. Now such a
condition results in an error.
6.2.2
pytest 6.2.2 (2021-01-25)
Bug Fixes
#8152: Fixed "(<Skipped instance>)" being shown as a skip reason in the verbose test summary line when the reason is empty.
#8249: Fix the faulthandler plugin for occasions when running with twisted.logger and using pytest --capture=no.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps pytest from 6.1.2 to 6.2.5.
Release notes
Sourced from pytest's releases.
... (truncated)
Commits
1569facFix CHANGELOG headera3599caPrepare release version 6.2.527613b8Merge pull request #9056 from nicoddemus/backport-9053cef74beMerge pull request #9053 from nicoddemus/change-8494-to-trivial83dc953Merge pull request #9051 from nicoddemus/backport-9047fb38e8dMerge pull request #9047 from nicoddemus/changelog-9040d74baf4Merge pull request #9042 from nicoddemus/backport-9040d9b8f7cBackport #889669212d1Merge pull request #8425 from RonnyPfannschmidt/main-fixes44d3282Merge pull request #9040 from nicoddemus/bump-pluggyDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)