Skip to content

chore(deps): bump MishaKav/pytest-coverage-comment from a01708271d42c5703d489b13eb503ba47c01e82a to fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c#46

Merged
dnorth98 merged 1 commit into
mainfrom
dependabot/github_actions/MishaKav/pytest-coverage-comment-fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c
Jul 13, 2026
Merged

chore(deps): bump MishaKav/pytest-coverage-comment from a01708271d42c5703d489b13eb503ba47c01e82a to fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c#46
dnorth98 merged 1 commit into
mainfrom
dependabot/github_actions/MishaKav/pytest-coverage-comment-fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps MishaKav/pytest-coverage-comment from a01708271d42c5703d489b13eb503ba47c01e82a to fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c.

Changelog

Sourced from MishaKav/pytest-coverage-comment's changelog.

Changelog of the Pytest Coverage Comment

Pytest Coverage Comment 1.10.0

Release Date: 2026-07-05

Changes

  • add support for parsing the JSON coverage report from coverage json via the new pytest-json-coverage-path input, including branch coverage and partial-branch arrows (line->target, line->exit) that match coverage report -m (#286)

Pytest Coverage Comment 1.9.0

Release Date: 2026-07-04

Changes

  • fix the Coverage percentage when branch coverage is enabled — it now combines statement and branch coverage and rounds the same way coverage report does, instead of showing 100% when branches are only partially covered (#284), thanks to @​mschoettle for contribution

Pytest Coverage Comment 1.8.0

Release Date: 2026-06-27

Changes

  • show partially-covered branches as line->target arrows in the Missing column when parsing XML coverage (pytest-xml-coverage-path), matching the output of coverage report --show-missing (#274), thanks to @​mschoettle for contribution

Pytest Coverage Comment 1.7.3

Release Date: 2026-06-27

Changes

  • bump @vercel/ncc 0.38.4 → 0.44.0 (Node 24/26 + TypeScript 6 support)
  • bump dev dependencies: @types/node 26.0.1, vitest 4.1.9, eslint 10.6.0, typescript-eslint 8.62.0, prettier 3.8.5

Pytest Coverage Comment 1.7.2

Release Date: 2026-04-18

Changes

  • bump dev dependencies: typescript 6.0.3, vitest 4.1.4, eslint 10.2.1, typescript-eslint 8.58.2

Pytest Coverage Comment 1.7.1

Release Date: 2026-03-14

Changes

  • fix 5 security vulnerabilities in undici (6.23.0 → 6.24.1) (#260)

... (truncated)

Commits
  • fd9adbd feat: add coverage.py JSON report support (pytest-json-coverage-path) (#286)
  • 4a4889e fix: correct coverage percentage when branch coverage is enabled (#285)
  • a15368f Bump the npm-development group with 3 updates (#281)
  • fc9dc0f Bump actions/cache from 5 to 6 (#280)
  • 839593b Bump actions/checkout from 6 to 7 (#279)
  • e48ae95 Show partial branches as arrows in the Missing column for XML coverage (#274)...
  • 810a628 Bump @​vercel/ncc to 0.44.0 and dev dependencies (#275)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [MishaKav/pytest-coverage-comment](https://github.com/mishakav/pytest-coverage-comment) from a01708271d42c5703d489b13eb503ba47c01e82a to fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c.
- [Release notes](https://github.com/mishakav/pytest-coverage-comment/releases)
- [Changelog](https://github.com/MishaKav/pytest-coverage-comment/blob/main/CHANGELOG.md)
- [Commits](MishaKav/pytest-coverage-comment@a017082...fd9adbd)

---
updated-dependencies:
- dependency-name: MishaKav/pytest-coverage-comment
  dependency-version: fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the appsec PRs requiring appsec approval label Jul 9, 2026

@diff-vader-bot diff-vader-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 Risk: LOW — no substantive findings

✅ Diff Vader · Approved

Council reviewed 1 file · 11 reviewers · 0 findings · $0.36

  • ✅ blast‑radius
  • ✅ correctness
  • ✅ github‑actions
  • ❓ iacskipped: filter: not applicable to changed files
  • ❓ migration‑safetyskipped: filter: not applicable to changed files
  • ✅ performance
  • ✅ revertibility
  • ✅ security‑tenant‑isolation
  • ❓ supply‑chainskipped: filter: not applicable to changed files
  • ✅ supportability
  • ✅ test‑adequacy

Why: All approval gates passed.

💡 /diff-vader-review <name> adds a one-shot reviewer. Beyond this PR's council, you can request: backup-correctness, loop-design-system.

uses: MishaKav/pytest-coverage-comment@fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c # main
if: github.event_name == 'pull_request'
with:
pytest-coverage-path: pytest-coverage.txt

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pr-reviewer-github-actions — confidence 85% (advisory)

MishaKav/pytest-coverage-comment: publisher 'MishaKav' is not on the trusted allowlist. This is a pre-existing condition (the prior SHA was also from this publisher) — no new risk introduced by this bump.

React with 👍 / 👎 / 😕 to help us calibrate — why.

uses: MishaKav/pytest-coverage-comment@fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c # main
if: github.event_name == 'pull_request'
with:
pytest-coverage-path: pytest-coverage.txt

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pr-reviewer-github-actions — confidence 85% (advisory)

MishaKav/pytest-coverage-comment@fd9adbd is approximately 92 hours old (threshold: 168h), so it hasn't yet accumulated a full week of community vetting. However, this is a Dependabot-generated SHA bump — Dependabot verifies the SHA corresponds to a tagged release before proposing it. Per the Dependabot exemption, this finding is advisory only.

React with 👍 / 👎 / 😕 to help us calibrate — why.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

@dnorth98 dnorth98 merged commit f04a6be into main Jul 13, 2026
6 checks passed
@dnorth98 dnorth98 deleted the dependabot/github_actions/MishaKav/pytest-coverage-comment-fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c branch July 13, 2026 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

appsec PRs requiring appsec approval diff-vader:auto-approved

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants