#8414: pytest used to create directories under /tmp with world-readable
permissions. This means that any user in the system was able to read
information written by tests in temporary directories (such as those created by
the tmp_path/tmpdir fixture). Now the directories are created with
private permissions.
pytest used silenty use a pre-existing /tmp/pytest-of-<username> directory,
even if owned by another user. This means another user could pre-create such a
directory and gain control of another user's temporary directory. Now such a
condition results in an error.
6.2.2
pytest 6.2.2 (2021-01-25)
Bug Fixes
#8152: Fixed "(<Skipped instance>)" being shown as a skip reason in the verbose test summary line when the reason is empty.
#8249: Fix the faulthandler plugin for occasions when running with twisted.logger and using pytest --capture=no.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps pytest from 6.1.2 to 6.2.5.
Release notes
Sourced from pytest's releases.
... (truncated)
Commits
1569facFix CHANGELOG headera3599caPrepare release version 6.2.527613b8Merge pull request #9056 from nicoddemus/backport-9053cef74beMerge pull request #9053 from nicoddemus/change-8494-to-trivial83dc953Merge pull request #9051 from nicoddemus/backport-9047fb38e8dMerge pull request #9047 from nicoddemus/changelog-9040d74baf4Merge pull request #9042 from nicoddemus/backport-9040d9b8f7cBackport #889669212d1Merge pull request #8425 from RonnyPfannschmidt/main-fixes44d3282Merge pull request #9040 from nicoddemus/bump-pluggyDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)