build(deps): bump pytest from 9.0.2 to 9.0.3

[dependabot]

Bumps pytest from 9.0.2 to 9.0.3.

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Standard verification protocol finished. 📋

I've aggregated the results of the automated checks for this PR below.

🏷️ Release Preview

The release notes are being translated as we speak. 🌍

Current: 0.5.0 → Next: 0.5.1a1

Signal	Value
Label	dependencies, python:uv
PR title	build(deps): bump pytest from 9.0.2 to 9.0.3
Bump	alpha

⚠️ No conventional commit prefix — alpha-only bump.
Suggested: fix: update the thing or feat: update the thing

---

🚀 Release Channel Compatibility

Predicted next version: 0.5.1a1

Channel	Status	Note	Current Constraint
Stable	⚪	Not in channel	-
Testing	⚪	Not in channel	-
Alpha	⚪	Not in channel	-

⚖️ License Check

I've verified the attribution of all third-party code. 👤

✅ No license violations found (9 packages).

License distribution: 3× MIT, 2× Apache Software License, 1× Apache-2.0 OR BSD-2-Clause, 1× BSD-3-Clause, 1× MIT License, 1× Mozilla Public License 2.0 (MPL 2.0)

Full breakdown — 9 packages

Package	Version	License	URL
build	1.4.3	MIT	link
certifi	2026.2.25	Mozilla Public License 2.0 (MPL 2.0)	link
charset-normalizer	3.4.7	MIT	link
difficult_dialogs	0.5.0	Apache Software License	link
idna	3.11	BSD-3-Clause	link
packaging	26.0	Apache-2.0 OR BSD-2-Clause	link
pyproject_hooks	1.2.0	MIT License	link
requests	2.33.1	Apache Software License	link
urllib3	2.6.3	MIT	link

Policy: Apache 2.0 (universal donor). StrongCopyleft / NetworkCopyleft / WeakCopyleft / Other / Error categories fail. MPL allowed.

🔒 Security (pip-audit)

Scanning for any potential privilege escalations. 🪜

✅ No known vulnerabilities found (32 packages scanned).

🔍 Lint

I've distilled the results into this summary. 🧪

❌ ruff: issues found — see job log

📊 Coverage

Ensuring we've got all the bases covered! ⚾

✅ 92.6% total coverage

Files below 80% coverage (1 file)

File	Coverage	Missing lines
difficult_dialogs/server.py	0.0%	111

Full report: download the coverage-report artifact.

🔨 Build Tests

The build bots are giving this a thumbs up. 👍

✅ All versions pass

Python	Build	Install	Tests
3.10	✅	✅	✅
3.11	✅	✅	✅
3.12	✅	✅	✅
3.13	✅	✅	✅
3.14	✅	✅	✅

---

An automated message from your friendly PR bot. 🤖