Skip to content

chore(deps-dev): bump coverage from 7.10.7 to 7.13.5#139

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/coverage-7.13.5
Open

chore(deps-dev): bump coverage from 7.10.7 to 7.13.5#139
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/coverage-7.13.5

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited by cursor bot
Loading

Bumps coverage from 7.10.7 to 7.13.5.

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

  • Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

  • Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

  • Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

  • Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

  • Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

  • We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

  • Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

... (truncated)

Commits
  • c88da14 docs: sample HTML for 7.13.5
  • e2ac3e1 build: sample HTML shouldn't include the status.json file
  • 910f8f3 docs: prep for 7.13.5
  • 3a4819c style: make workflows more uniform
  • 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
  • e7c878d chore: make upgrade
  • ab4db40 build: use --generate-hashes when pinning
  • a438753 chore: make upgrade
  • 7b33457 refactor: some leftover pyupgrade 3.10 bits
  • 2ff968d refactor: this type wasn't used anywhere
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Medium Risk
Low production risk since this is a dev-only dependency lockfile change, but it may break local/CI test runs on Python 3.9 because coverage now declares python-versions = ">=3.10".

Overview
RCA: The dev dependency lockfile had an outdated coverage pin, leaving test tooling behind upstream fixes.

The Fix: Bumps coverage in poetry.lock from 7.10.7 to 7.13.5, updating the associated wheel metadata/hashes and reflecting coverage's minimum Python requirement change to >=3.10.

The Proof: No tests or coverage runs are included in this PR diff, so there’s no in-PR evidence that CI passes or that coverage remains strictly >80%.

Telemetry Added: None (no OTel spans or Loki logs were added in this change).

Written by Cursor Bugbot for commit b9f4144. This will update automatically on new commits. Configure here.

@dependabot
chore(deps-dev): bump coverage from 7.10.7 to 7.13.5
b9f4144 
Bumps [coverage](https://github.com/coveragepy/coveragepy) from 7.10.7 to 7.13.5.
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.10.7...7.13.5)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 23, 2026
Copilot AI review requested due to automatic review settings March 23, 2026 05:49
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 23, 2026
@dependabot dependabot bot review requested due to automatic review settings March 23, 2026 05:49
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants