Update dependency pytest-cov to v6 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pytest-cov (changelog)	^4.0.0 -> ^6.0.0

---

Release Notes

pytest-dev/pytest-cov (pytest-cov)

v6.3.0

Compare Source

• Added support for markdown reports.
  Contributed by Marcos Boger in #&#8203;712 <https://github.com/pytest-dev/pytest-cov/pull/712>_
  and #&#8203;714 <https://github.com/pytest-dev/pytest-cov/pull/714>_.
• Fixed some formatting issues in docs.
  Anonymous contribution in #&#8203;706 <https://github.com/pytest-dev/pytest-cov/pull/706>_.

v6.2.1

Compare Source

• Added a version requirement for pytest's pluggy dependency (1.2.0, released 2023-06-21) that has the required new-style hookwrapper API.

• Removed deprecated license classifier (packaging).

• Disabled coverage warnings in two more situations where they have no value:

  • "module-not-measured" in workers
  • "already-imported" in subprocesses

v6.2.0

Compare Source

• The plugin now adds 3 rules in the filter warnings configuration to prevent common coverage warnings being raised as obscure errors::

  default:unclosed database in <sqlite3.Connection object at:ResourceWarning
  once::PytestCovWarning
  once::CoverageWarning

  This fixes most of the bad interactions that are occurring on pytest 8.4 with filterwarnings=error.

  The plugin will check if there already matching rules for the 3 categories
  (ResourceWarning, PytestCovWarning, CoverageWarning) and message (unclosed database in <sqlite3.Connection object at) before adding the filters.

  This means you can have this in your pytest configuration for complete oblivion (not recommended, if that is not clear)::

  filterwarnings = [
  "error",
  "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning",
  "ignore::PytestCovWarning",
  "ignore::CoverageWarning",
  ]

v6.1.1

Compare Source

• Fixed breakage that occurs when --cov-context and the no_cover marker are used together.

v6.1.0

Compare Source

• Change terminal output to use full width lines for the coverage header.
  Contributed by Tsvika Shapira in #&#8203;678 <https://github.com/pytest-dev/pytest-cov/pull/678>_.
• Removed unnecessary CovFailUnderWarning. Fixes #&#8203;675 <https://github.com/pytest-dev/pytest-cov/issues/675>_.
• Fixed the term report not using the precision specified via --cov-precision.

v6.0.0

Compare Source

• Updated various documentation inaccuracies, especially on subprocess handling.
• Changed fail under checks to use the precision set in the coverage configuration.
  Now it will perform the check just like coverage report would.
• Added a --cov-precision cli option that can override the value set in your coverage configuration.
• Dropped support for now EOL Python 3.8.

v5.0.0

Compare Source

• Removed support for xdist rsync (now deprecated).
  Contributed by Matthias Reichenbach in #&#8203;623 <https://github.com/pytest-dev/pytest-cov/pull/623>_.
• Switched docs theme to Furo.
• Various legacy Python cleanup and CI improvements.
  Contributed by Christian Clauss and Hugo van Kemenade in
  #&#8203;630 <https://github.com/pytest-dev/pytest-cov/pull/630>,
  #&#8203;631 <https://github.com/pytest-dev/pytest-cov/pull/631>,
  #&#8203;632 <https://github.com/pytest-dev/pytest-cov/pull/632>_ and
  #&#8203;633 <https://github.com/pytest-dev/pytest-cov/pull/633>_.
• Added a pyproject.toml example in the docs.
  Contributed by Dawn James in #&#8203;626 <https://github.com/pytest-dev/pytest-cov/pull/626>_.
• Modernized project's pre-commit hooks to use ruff. Initial POC contributed by
  Christian Clauss in #&#8203;584 <https://github.com/pytest-dev/pytest-cov/pull/584>_.
• Dropped support for Python 3.7.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.32s
✅ COPYPASTE	jscpd	yes		no	no	2.16s
⚠️ DOCKERFILE	hadolint	2		1	0	0.35s
✅ JSON	jsonlint	3		0	0	0.16s
✅ JSON	prettier	3	0	0	0	0.35s
✅ JSON	v8r	3		0	0	4.47s
⚠️ MARKDOWN	markdownlint	12	0	18	0	1.13s
✅ MARKDOWN	markdown-table-formatter	12	1	0	0	0.23s
✅ PYTHON	bandit	6		0	0	0.9s
✅ PYTHON	black	6	0	0	0	0.84s
✅ PYTHON	flake8	6		0	0	0.45s
✅ PYTHON	isort	6	0	0	0	0.17s
⚠️ PYTHON	mypy	6		4	0	5.93s
✅ PYTHON	pylint	6		0	0	4.64s
⚠️ PYTHON	pyright	6		6	0	1.97s
✅ PYTHON	ruff	6	0	0	0	0.02s
✅ REPOSITORY	checkov	yes		no	no	14.25s
✅ REPOSITORY	gitleaks	yes		no	no	5.73s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
⚠️ REPOSITORY	grype	yes		18	no	26.42s
✅ REPOSITORY	secretlint	yes		no	no	0.51s
✅ REPOSITORY	syft	yes		no	no	1.28s
❌ REPOSITORY	trivy	yes		1	no	7.06s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.49s
✅ REPOSITORY	trufflehog	yes		no	no	2.84s
✅ SPELL	cspell	47		0	0	3.77s
✅ SPELL	lychee	29		0	0	1.82s
✅ YAML	prettier	14	0	0	0	0.73s
✅ YAML	v8r	14		0	0	6.19s
✅ YAML	yamllint	14		0	0	0.62s

Detailed Issues

❌ REPOSITORY / trivy - 1 error

2025-09-06T20:11:46Z	INFO	[vulndb] Need to update DB
2025-09-06T20:11:46Z	INFO	[vulndb] Downloading vulnerability DB...
2025-09-06T20:11:46Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
8.55 MiB / 70.04 MiB [------->______________________________________________________] 12.20% ? p/s ?40.82 MiB / 70.04 MiB [----------------------------------->_________________________] 58.28% ? p/s ?70.04 MiB / 70.04 MiB [----------------------------------------------------------->] 100.00% ? p/s ?70.04 MiB / 70.04 MiB [--------------------------------------------->] 100.00% 102.35 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [--------------------------------------------->] 100.00% 102.35 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [--------------------------------------------->] 100.00% 102.35 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [---------------------------------------------->] 100.00% 95.75 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [---------------------------------------------->] 100.00% 95.75 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [---------------------------------------------->] 100.00% 95.75 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [---------------------------------------------->] 100.00% 89.57 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [---------------------------------------------->] 100.00% 89.57 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [---------------------------------------------->] 100.00% 89.57 MiB p/s ETA 0s70.04 MiB / 70.04 MiB [-------------------------------------------------] 100.00% 29.21 MiB p/s 2.6s2025-09-06T20:11:51Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-09-06T20:11:51Z	INFO	[vuln] Vulnerability scanning is enabled
2025-09-06T20:11:51Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-09-06T20:11:51Z	INFO	[misconfig] Need to update the checks bundle
2025-09-06T20:11:51Z	INFO	[misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-09-06T20:11:53Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2025-09-06T20:11:53Z	INFO	Number of language-specific files	num=2
2025-09-06T20:11:53Z	INFO	[pip] Detecting vulnerabilities...
2025-09-06T20:11:53Z	INFO	[poetry] Detecting vulnerabilities...
2025-09-06T20:11:53Z	INFO	Detected config files	num=2

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ poetry.lock       │   poetry   │        7        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ requirements.txt  │    pip     │        0        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         1         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ docker/Dockerfile │ dockerfile │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.66/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


poetry.lock (poetry)
====================
Total: 7 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 0, CRITICAL: 0)

┌──────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library  │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                             │
├──────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ certifi  │ CVE-2024-39689 │ LOW      │ fixed  │ 2024.2.2          │ 2024.7.4       │ python-certifi: Remove root certificates from `GLOBALTRUST`  │
│          │                │          │        │                   │                │ from the root store                                          │
│          │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-39689                   │
├──────────┼────────────────┼──────────┤        ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ idna     │ CVE-2024-3651  │ MEDIUM   │        │ 3.6               │ 3.7            │ python-idna: potential DoS via resource consumption via      │
│          │                │          │        │                   │                │ specially crafted inputs to idna.encode()...                 │
│          │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-3651                    │
├──────────┼────────────────┤          │        ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ requests │ CVE-2024-35195 │          │        │ 2.31.0

(Truncated to 5714 characters out of 9220)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:52:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
52 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:52:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
52 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/release.yml:63:9: shellcheck reported issue in this script: SC2086:info:1:55: Double quote to prevent globbing and word splitting [shellcheck]
   |
63 |         run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
   |         ^~~~

⚠️ REPOSITORY / grype - 18 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME          INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
setuptools    69.1.1     70.0.0    python  GHSA-cx63-2mw6-8hw5  High      10.1% (92nd)   8.2    
certifi       2024.2.2   2024.7.4  python  GHSA-248v-346w-9cwc  Low       21.2% (95th)   6.4    
virtualenv    20.25.1    20.26.6   python  GHSA-rqc4-2hc7-8c8v  High      1.0% (76th)    0.8    
idna          3.6        3.7       python  GHSA-jjg7-2v4v-x38h  Medium    0.3% (55th)    0.2    
setuptools    69.1.1     78.1.1    python  GHSA-5rjg-fvgr-3xxf  High      0.1% (34th)    0.1    
jinja2        3.1.3      3.1.4     python  GHSA-h75v-3vvj-5mfj  Medium    0.2% (41st)    0.1    
authlib       1.3.0      1.3.1     python  GHSA-5357-c2jx-v7qh  High      0.1% (34th)    0.1    
urllib3       2.2.1      2.2.2     python  GHSA-34jh-p97f-mpxf  Medium    0.2% (41st)    < 0.1  
cryptography  42.0.5     44.0.1    python  GHSA-79v4-65xg-pq4g  Low       0.2% (44th)    < 0.1  
black         24.2.0     24.3.0    python  GHSA-fj7x-q9j7-g6q6  Medium    < 0.1% (18th)  < 0.1  
jinja2        3.1.3      3.1.6     python  GHSA-cpwx-vrp4-4pq7  Medium    < 0.1% (18th)  < 0.1  
jinja2        3.1.3      3.1.5     python  GHSA-q2x7-8rv6-6q7h  Medium    < 0.1% (12th)  < 0.1  
requests      2.31.0     2.32.0    python  GHSA-9wx4-h78v-vm56  Medium    < 0.1% (12th)  < 0.1  
jinja2        3.1.3      3.1.5     python  GHSA-gmj6-6f8f-6699  Medium    < 0.1% (3rd)   < 0.1  
requests      2.31.0     2.32.4    python  GHSA-9hjg-9r4m-mvj7  Medium    < 0.1% (6th)   < 0.1  
urllib3       2.2.1      2.5.0     python  GHSA-pq67-6m6q-mj2v  Medium    < 0.1% (1st)   < 0.1  
urllib3       2.2.1      2.5.0     python  GHSA-48p4-8xcf-vxj5  Medium    < 0.1% (1st)   < 0.1  
cryptography  42.0.5     43.0.1    python  GHSA-h4gh-qq45-vh27  Medium    N/A            N/A
[0026] ERROR discovered vulnerabilities at or above the severity threshold

⚠️ DOCKERFILE / hadolint - 1 error

Dockerfile:6 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
docker/Dockerfile:7 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
docker/Dockerfile:12 DL3045 warning: `COPY` to a relative destination without `WORKDIR` set.
docker/Dockerfile:15 DL3003 warning: Use WORKDIR to switch to a directory
docker/Dockerfile:15 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
docker/Dockerfile:15 SC2226 warning: This ln has no destination. Check the arguments, or specify '.' explicitly.
docker/Dockerfile:24 DL3025 warning: Use arguments JSON notation for CMD and ENTRYPOINT arguments

⚠️ MARKDOWN / markdownlint - 18 errors

.github/PULL_REQUEST_TEMPLATE.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## Description"]
README.md:45:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:46:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:47:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:48:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:212:3 MD051/link-fragments Link fragments should be valid [Context: "[Installation](#⚙️-installation)"]
README.md:213:3 MD051/link-fragments Link fragments should be valid [Context: "[Usage](#🛠️-usage)"]
README.md:214:3 MD051/link-fragments Link fragments should be valid [Context: "[Examples](#🧪-examples)"]
README.md:240:185 MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:241:1 MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: trailing_only; Missing leading pipe]
README.md:241:271 MD056/table-column-count Table column count [Expected: 3; Actual: 1; Too few cells, row will be missing data]
README.md:256 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:260 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:265 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:269 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:273 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:277 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:281 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]

⚠️ PYTHON / mypy - 4 errors

Collecting types-requests
  Downloading types_requests-2.32.4.20250809-py3-none-any.whl.metadata (2.0 kB)
Collecting urllib3>=2 (from types-requests)
  Downloading urllib3-2.5.0-py3-none-any.whl.metadata (6.5 kB)
Downloading types_requests-2.32.4.20250809-py3-none-any.whl (20 kB)
Downloading urllib3-2.5.0-py3-none-any.whl (129 kB)
Installing collected packages: urllib3, types-requests

   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2/2 [types-requests]

Successfully installed types-requests-2.32.4.20250809 urllib3-2.5.0
github_dependents_info/gh_dependents_info.py:43: error: Need type annotation for "packages" (hint: "packages: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:44: error: Need type annotation for "all_public_dependent_repos" (hint: "all_public_dependent_repos: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:45: error: Need type annotation for "badges" (hint: "badges: dict[<type>, <type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:46: error: Need type annotation for "result" (hint: "result: dict[<type>, <type>] = ...")  [var-annotated]
Installing missing stub packages:
/venvs/mypy/bin/python3 -m pip install types-requests


Found 4 errors in 1 file (checked 6 source files)

⚠️ PYTHON / pyright - 6 errors

github_dependents_info/__main__.py
  github_dependents_info/__main__.py:3:8 - error: Import "typer" could not be resolved (reportMissingImports)
  github_dependents_info/__main__.py:6:6 - error: Import "rich.console" could not be resolved (reportMissingImports)
github_dependents_info/gh_dependents_info.py
  github_dependents_info/gh_dependents_info.py:8:8 - error: Import "pandas" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:10:6 - error: Import "bs4" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:12:6 - error: Import "requests.packages.urllib3.util.retry" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:144:49 - error: "total_public_stars" is possibly unbound (reportPossiblyUnboundVariable)
6 errors, 0 warnings, 0 informations

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@beta --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R