From cf72e10cf2dc05dfc8efd9c92bd9a802c903d5c9 Mon Sep 17 00:00:00 2001
From: Michael Barton <mail@michaelbarton.me.uk>
Date: Fri, 12 Jun 2026 10:42:20 -0700
Subject: [PATCH] fix(python): bump template pytest to ^9.0.3 for tmpdir
 vulnerability

Dependabot alert #1: pytest < 9.0.3 has vulnerable tmpdir handling
(moderate). The ^8.0.0 caret pin could never resolve to the patched
version. Template requires python ^3.10, which pytest 9 supports.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 .../pyproject.toml                                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/cookiecutter/scratch-python-template/{{cookiecutter.timestamp}}__{{cookiecutter.project_name}}/pyproject.toml b/python/cookiecutter/scratch-python-template/{{cookiecutter.timestamp}}__{{cookiecutter.project_name}}/pyproject.toml
index 4d186b5..79f82d8 100644
--- a/python/cookiecutter/scratch-python-template/{{cookiecutter.timestamp}}__{{cookiecutter.project_name}}/pyproject.toml
+++ b/python/cookiecutter/scratch-python-template/{{cookiecutter.timestamp}}__{{cookiecutter.project_name}}/pyproject.toml
@@ -14,7 +14,7 @@ edx-lint = "^5.3.6"
 mypy = "^1.8.0"
 pandas-stubs = "^2.2.0.240218"
 pydocstyle = "^6.3.0"
-pytest = "^8.0.0"
+pytest = "^9.0.3"
 ruff = "^0.8.0"
 
 [build-system]