Skip to content

AIP-211: fix: bump pytest to >=9.0.3 and pyspark to >=3.4.4 (AIP-211, AIP-364)#51

Merged
alexef merged 3 commits into
mainfrom
AIP-211_fix_pytest
Jun 11, 2026
Merged

AIP-211: fix: bump pytest to >=9.0.3 and pyspark to >=3.4.4 (AIP-211, AIP-364)#51
alexef merged 3 commits into
mainfrom
AIP-211_fix_pytest

Conversation

@diskun00

@diskun00 diskun00 commented Apr 14, 2026
edited by alexef
Loading

Copy link
Copy Markdown
Member

Summary

  • Bumps pytest from ^6.2>=9.0.3 to fix vulnerable tmpdir handling (AIP-211, MEDIUM)
  • Bumps pyspark from 3.4.1>=3.4.4 to fix inadequate encryption strength (AIP-364, LOW)

Test plan

  • CI passes

🤖 Generated with Claude Code

@diskun00 @claude
AIP-211: upgrade pytest to >=9.0.3 to fix vulnerable tmpdir handling
40a8cff 
Addresses Dependabot alert #19 (MODERATE severity). The previous
constraint ^6.2 allowed versions with insecure temporary directory
handling.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@diskun00 diskun00 requested a review from a team as a code owner April 14, 2026 10:01
@gygrobot gygrobot marked this pull request as draft April 23, 2026 08:45
@gygrobot

gygrobot commented Apr 23, 2026

Copy link
Copy Markdown

Converting to draft due to: failing CI checks. Please fix the issues and mark it as ready for review again, or close it if this is not needed anymore.

@alexef @claude
fix: bump pyspark to >=3.4.4 to fix inadequate encryption strength (A…
30e21e3 
…IP-364)

CVE: Apache Spark inadequate encryption strength, patched in 3.4.4.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@alexef alexef changed the title AIP-211: fix vulnerable tmpdir handling — upgrade pytest to 9.0.3 fix: bump pytest to >=9.0.3 and pyspark to >=3.4.4 (AIP-211, AIP-364) Jun 11, 2026
@alexef alexef marked this pull request as ready for review June 11, 2026 11:29
@gyg-pr-tool gyg-pr-tool Bot changed the title fix: bump pytest to >=9.0.3 and pyspark to >=3.4.4 (AIP-211, AIP-364) AIP-211: fix: bump pytest to >=9.0.3 and pyspark to >=3.4.4 (AIP-211, AIP-364) Jun 11, 2026
@gyg-pr-tool gyg-pr-tool Bot requested a review from steven-mi June 11, 2026 11:29
@alexef @claude
fix: bump minimum Python to 3.10 for pytest >=9.0.3 compatibility
460c083 
pytest 9.x dropped Python 3.8/3.9 support. Databricks 13.3+ runs 3.10+
so this constraint reflects reality.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@alexef alexef merged commit b8e651f into main Jun 11, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steven-mi steven-mi Awaiting requested review from steven-mi

Assignees

No one assigned

Labels

risk:low x-small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@diskun00 @gygrobot @alexef