Bump pytest-cov

[ejfine]

Why is this change necessary?

Major version change

How does this change address the issue?

Updates it and other pytest dependencies

What side effects does this change have?

None

How is this change tested?

Downstream repos

Other

Fixes misnamed context variables for dot-env-cli

Updates manual-install-deps to allow only creating a lock file #88

Summary by CodeRabbit

• New Features
  • Added a CLI flag to create lock files without performing installations; lock-check behavior now adapts per environment.
• Documentation
  • Updated setup docs and templates to use the new lock-file generation option.
• Dependencies
  • Bumped multiple tool and library minimums, added a testing utility, removed an obsolete config entry, and updated default dependency versions.
• Chores
  • Updated pre-commit hook revisions and refreshed development container metadata (metadata-only change).

[coderabbitai]

Warning

Rate limit exceeded

@ejfine has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 13 minutes and 4 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 1277dd6 and 95133ac.

📒 Files selected for processing (1)

• extensions/context.py (2 hunks)

Walkthrough

Adds a new CLI flag (--only-create-lock) and adjusts lock/check control flow in .devcontainer/manual-setup-deps.py; bumps multiple tooling and template default versions and pyproject constraints; updates pre-commit hook revisions and README/template instructions; updates a devcontainer context-hash comment.

Changes

Cohort / File(s)	Summary
Devcontainer metadata \.devcontainer/devcontainer.json	Updated context hash comment only (metadata comment change).
CI tooling versions \.devcontainer/install-ci-tooling.py	Bumped constants: UV_VERSION 0.8.15 → 0.8.17; COPIER_VERSION 9.10.1 → 9.10.2.
Manual setup lock-flow \.devcontainer/manual-setup-deps.py	Added CLI flag --only-create-lock; introduced generate_lock_file_only and revised check_lock_file derivation; conditional construction/invocation of uv lock, uv sync, and pnpm install to support create-only vs install/check modes.
Docs (usage instructions) README.md, template/README.md.jinja-base	Replaced --optionally-check-lock with --only-create-lock in devcontainer setup instructions.
Template / context defaults extensions/context.py, template/extensions/context.py.jinja-base	Updated default version entries (uv, copier, pnpm, pyinstaller, pytest_randomly, pytest_cov, pulumi); removed dot_env_cli_version; added pytest_mock_version and tailwindcss_version; renamed template key to dotenv_cli_version.
Project dependencies pyproject.toml	Raised minimums: pytest-cov >=6.3.0 → >=7.0.0, pytest-randomly >=3.16.0 → >=4.0.1, copier >=9.10.1 → >=9.10.2.
Pre-commit hooks .pre-commit-config.yaml	Updated rev for https://github.com/crate-ci/typos and https://github.com/astral-sh/ruff-pre-commit to newer frozen revisions.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant CLI as manual-setup-deps.py
  participant UV as uv
  participant PNPM as pnpm

  Dev->>CLI: Run with flags (e.g. --only-create-lock / --skip-check-lock)
  CLI->>CLI: Parse flags -> derive generate_lock_file_only & check_lock_file
  alt Lock generation/check requested
    CLI->>UV: run `uv lock` (append `--check` only if not create-only)
  end
  alt Install allowed (not create-only)
    CLI->>UV: run `uv sync` (append `--frozen` if check_lock_file)
    CLI->>PNPM: run `pnpm install` (append `--frozen-lockfile` if check_lock_file)
  else Create-only mode
    note over CLI: Skip uv sync and pnpm install
  end
  CLI-->>Dev: Exit status

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Update Lint config #70 — Modifies ContextUpdater.hook and devcontainer context-hash similarly (version bumps and metadata comment).
• Update readme to use manual-install-deps instead of just a single uv lock #74 — Also changes manual-setup-deps.py lock/check behavior and the README/template lock-generation command.
• Fix ruff devcontainer config #81 — Updates devcontainer metadata and tooling-version constants overlapping with this PR.

Poem

I hopped through locks with careful paws,
Tapped uv, copier, and pre-commit laws.
"Only create" I softly plea—
Lock files first, installs wait for me.
Versions bumped, templates hum—happy rabbit drum! 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Bump pytest-cov" is concise and correctly identifies a primary change in this PR (the pytest-cov version bump visible in pyproject.toml and related files). The changeset also updates several other dependencies and small tooling/devcontainer metadata, but the title remains on-topic and communicates the main intent. If the author wants to highlight the broader scope they can expand it to mention related test/tooling dependency bumps.
Description Check	✅ Passed	The PR description follows the repository template's intent by providing "Why", "How", "What side effects", "How is this change tested", and "Other" sections and even includes the issue URL within the text. However the explicit "Link to Issue or Message thread" header from the template is not populated directly and the testing section is terse ("Downstream repos") without details about which repos, CI jobs, commands, or observed results. Overall the description is usable but would benefit from minor clarifications to fully match the template and aid reviewers.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR updates pytest-cov from version 6.3.0 to 7.0.0 along with other dependency updates and fixes misnamed context variables for dot-env-cli.

• Updates pytest-cov to 7.0.0 and other pytest/development dependencies
• Fixes inconsistent naming of dotenv_cli_version context variables
• Updates manual-setup-deps.py to support creating lock files only

Reviewed Changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pyproject.toml	Updates pytest-cov, pytest-randomly, and copier versions
extensions/context.py	Updates dependency versions and fixes dotenv_cli_version variable naming
template/extensions/context.py.jinja-base	Adds pytest_mock_version and fixes dotenv_cli_version variable
.devcontainer/manual-setup-deps.py	Adds --only-create-lock option functionality
README.md	Updates documentation to use --only-create-lock flag
template/README.md.jinja-base	Updates documentation to use --only-create-lock flag
.pre-commit-config.yaml	Updates typos and ruff pre-commit hook versions
.devcontainer/install-ci-tooling.py	Updates UV_VERSION and COPIER_VERSION constants
.devcontainer/devcontainer.json	Updates devcontainer context hash

Comments suppressed due to low confidence (1)

extensions/context.py:1

• The line that sets dot_env_cli_version is being removed but there's no corresponding addition of dotenv_cli_version in this file. This creates an inconsistency where the template file expects dotenv_cli_version but this context file doesn't provide it.

# adapted from https://github.com/copier-org/copier-template-extensions#context-hook-extension

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.devcontainer/manual-setup-deps.py (1)

109-127: Fix: honor --only-create-lock for PNPM using --lockfile-only

pnpm supports --lockfile-only — when generate_lock_file_only is true, run pnpm install --lockfile-only --dir '<env.path>' (append --frozen-lockfile if env_check_lock) instead of the full install; on Windows keep the PowerShell wrapper and properly quote the path.
Location: .devcontainer/manual-setup-deps.py (lines 109–127)

🧹 Nitpick comments (5)

.devcontainer/install-ci-tooling.py (1)

8-9: Version bumps align with context; OK.

Matches extensions/context.py defaults. Consider deduplicating these constants to a single module to avoid drift.

Create versions.py and import in both this script and extensions/context.py.

.devcontainer/manual-setup-deps.py (2)

25-27: Flag semantics: document PNPM limitation for --only-create-lock.

The help says “do not install”, but PNPM currently can’t create a lock without install in your implementation. Call this out in README or handle PNPM differently when this flag is set.

---

112-123: Windows PowerShell quoting for --dir path.

Joining args into a single string risks breakage with spaces/special chars. The diff above quotes the path for PowerShell. Alternatively, invoke pnpm directly without pwsh on Windows if available.

README.md (1)

13-13: Note PNPM behavior when using --only-create-lock.

Add a brief note that for PNPM environments the script currently skips install and won’t create a lock (until a lockfile-only mode is supported), to avoid surprises for JS users.

template/README.md.jinja-base (1)

13-16: Clarify behavior and keep CLI invocation consistent.

• Add a short note that this flag only writes lock files and does not install packages.
• Consider using either python or python3 consistently in this section to reduce confusion.

Apply:

-1. Run `python .devcontainer/manual-setup-deps.py --only-create-lock` to generate the lock file(s)
+1. Run `python .devcontainer/manual-setup-deps.py --only-create-lock` to generate the lock file(s) (no packages will be installed)

-1. Run `python3 .github/workflows/hash_git_files.py . --for-devcontainer-config-update` to update the hash for your devcontainer file
+1. Run `python .github/workflows/hash_git_files.py . --for-devcontainer-config-update` to update the hash for your devcontainer file

If your devcontainer expects python3, flip both to python3 instead.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4003c22 and 1f94a45.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .devcontainer/devcontainer.json (1 hunks)
• .devcontainer/install-ci-tooling.py (1 hunks)
• .devcontainer/manual-setup-deps.py (3 hunks)
• .pre-commit-config.yaml (2 hunks)
• README.md (1 hunks)
• extensions/context.py (2 hunks)
• pyproject.toml (1 hunks)
• template/README.md.jinja-base (1 hunks)
• template/extensions/context.py.jinja-base (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

.devcontainer/manual-setup-deps.py (2)

template/.devcontainer/manual-setup-deps.py (1)

• PackageManager (39-41)

template/template/.devcontainer/manual-setup-deps.py (1)

• PackageManager (39-41)

🪛 Ruff (0.12.2)

.devcontainer/manual-setup-deps.py

93-93: subprocess call: check for execution of untrusted input

(S603)

---

103-103: subprocess call: check for execution of untrusted input

(S603)

🔇 Additional comments (8)

.devcontainer/devcontainer.json (1)

62-62: LGTM: hash update only.

Comment-only change; no behavior impact.

extensions/context.py (1)

14-18: LGTM: versions synced with pyproject and tooling.

Bumps for uv, copier, pytest plugins, pulumi, and addition of pytest_mock_version look consistent.

Also applies to: 24-25, 28-28, 45-45

.pre-commit-config.yaml (1)

45-45: LGTM: hook SHAs refreshed.

Pinned SHAs updated for typos and ruff-pre-commit; config otherwise unchanged.

Also applies to: 226-226

.devcontainer/manual-setup-deps.py (1)

64-66: Default now performs a lock check; confirm this behavior change is intended.

check_lock_file = not (skip || optionally || generate-only) means the default path runs uv lock --check and installs with --frozen. If that’s a change, note it in the PR and README.

template/extensions/context.py.jinja-base (2)

52-52: Rename is safe — no stale references found.
Search returned only "dotenv_cli_version" in template/extensions/context.py.jinja-base and extensions/context.py; no occurrences of "dot_env_cli_version". No back-compat alias required.

---

40-40: Confirm usage of pytest_mock_version or remove to avoid drift.

I found the key added in template/extensions/context.py.jinja-base and in the rendered extensions/context.py (value "3.15.0"), but no other templates/files reference '{{ pytest_mock_version }}'. Either use it in a template or remove the entry. Locations: template/extensions/context.py.jinja-base:40, extensions/context.py:45.

pyproject.toml (1)

9-13: Confirm pytest-cov 7.x subprocess coverage

pytest.ini has addopts = --cov=src --cov-report html --cov-report term-missing:skip-covered --cov-config=./.coveragerc and .coveragerc exists at repo root. pytest-cov 7.x removed the old .pth subprocess hook — if your tests or CI spawn child processes, enable coverage subprocess support (e.g. set COVERAGE_PROCESS_START=./.coveragerc in CI and ensure coverage is installed/available in subprocesses, or add coverage auto-start via sitecustomize). If tests do not spawn subprocesses, no change needed.

template/README.md.jinja-base (1)

13-13: LGTM — flag rename reflected correctly.

No references to --optionally-check-lock were found; --only-create-lock appears in README.md and template/README.md.jinja-base, and is defined in .devcontainer/manual-setup-deps.py (line 26).

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

extensions/context.py (1)

14-14: Centralize duplicated version pins for uv and copier into a single source of truth.

Locations: extensions/context.py (lines 14: uv_version="0.8.17"; 17: copier_version="9.10.2"), .devcontainer/install-ci-tooling.py (UV_VERSION/COPIER_VERSION), pyproject.toml and template pyproject.toml.jinja-base.

Recommendation: consolidate these pins into one authoritative place (e.g., pyproject or a top-level versions module) and have installer/templates read that single source to avoid drift.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1f94a45 and 3fd4332.

📒 Files selected for processing (2)

• extensions/context.py (3 hunks)
• template/extensions/context.py.jinja-base (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• template/extensions/context.py.jinja-base

🔇 Additional comments (4)

extensions/context.py (4)

45-45: New pytest-mock pin — confirm it's wired into dependency files.

Found context pin at extensions/context.py:45 and a template placeholder at template/extensions/context.py.jinja-base:40; I did not find any actual "pytest-mock" entries in pyproject.toml/requirements. Add/confirm pytest-mock==3.15.0 in your test deps (pyproject.toml / requirements / constraints) and check for duplicate/conflicting pins.

---

24-25: pytest-randomly 4.x & pytest-cov 7.x — verify template/CLI compatibility

• Pins present: extensions/context.py (lines 24–25); template/pyproject.toml.jinja-base (lines 10–11); pyproject.toml / uv.lock show matching specifiers/locked versions; pytest.ini addopts (line 4) uses --cov flags.
• Action: generate a project from the template and run its tests/CI (invoke pytest with the exact addopts from pytest.ini: --cov=src --cov-report html --cov-report term-missing:skip-covered --cov-config=./.coveragerc) to confirm no changes to CLI flags/reporting or plugin behavior; if issues appear, adjust addopts or revert/update pins.

---

69-69: Confirm Tailwind v4 upgrade & Node engine compatibility

        context["tailwindcss_version"] = "^4.1.11"

• Verification run found no tailwind/postcss/Nuxt config or Node engine pin in the repo scan — confirm tailwind.config.{js,cjs,ts}, postcss.config.js, nuxt.config.{js,ts} (or Nuxt Tailwind module) are present and updated for Tailwind v4.
• Ensure package.json "engines.node" or other node pins (.nvmrc/.node-version/Dockerfile) target Node >=18 required by Tailwind v4.

---

28-28: Pulumi core bump — verify provider/plugin compatibility.

extensions/context.py pins pulumi_version=3.196.0 and providers: pulumi_aws=7.7.0, pulumi_aws_native=1.33.0, pulumi_command=1.1.0, pulumi_github=6.7.3, pulumi_okta=5.2.0 (no pyproject.toml constraints found). Confirm those provider packages and any pinned CLI/plugin versions in CI are compatible with Pulumi CLI 3.196.0; if not, pin compatible provider/plugin versions or revert the core bump.