Skip to content

Track pytest Dependabot security update blocked by Python 3.9 floor #1338

Description

@TimeToBuildBob

Dependabot's security update job is failing on master for pytest:

I checked the root cause against current master (b32338d3):

  • Root pyproject.toml declares python = "^3.9".
  • pytest 9.0.3 declares requires_python = ">=3.10" on PyPI.
  • The release workflow still builds ActivityWatch artifacts with python_version: [3.9].
  • ActivityWatch/activitywatch#1321 already raised the floor from 3.8 to 3.9 and explicitly noted that the pytest security update remained unresolved after that.

So this is not a flaky Actions failure and not something Dependabot can solve while the repo still advertises Python 3.9 support.

Likely choices:

  1. Move the project/release build floor to Python 3.10+ and refresh the Poetry lock so pytest can resolve to 9.x.
  2. Keep Python 3.9 for now and explicitly ignore or accept this dev-dependency Dependabot alert until the Python floor moves.

I did not open a PR because option 1 is a release/support-policy change, and option 2 is a security-policy choice. The monitoring fix here is to track the decision instead of silently letting the same Dependabot job keep failing.

Refs:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions