Update pytest requirement from ~=8.4 to ~=9.0

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Updates the requirements on pytest to permit the latest version.

Release notes

Sourced from pytest's releases.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

• #1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
  for path in Path.cwd().glob("*.py"):
  with subtests.test(path=str(path)):
  assert contains_docstring(path)

  Each assert failure or error is caught by the context manager and reported individually, giving a clear picture of all files that are missing a docstring.

  In addition, unittest.TestCase.subTest is now also supported.

  This feature was originally implemented as a separate plugin in pytest-subtests, but since then has been merged into the core.

  [!NOTE] This feature is experimental and will likely evolve in future releases. By that we mean that we might change how subtests are reported on failure, but the functionality and how to use it are stable.

• #13743: Added support for native TOML configuration files.

  While pytest, since version 6, supports configuration in pyproject.toml files under [tool.pytest.ini_options], it does so in an "INI compatibility mode", where all configuration values are treated as strings or list of strings. Now, pytest supports the native TOML data model.

  In pyproject.toml, the native TOML configuration is under the [tool.pytest] table.

  # pyproject.toml
  [tool.pytest]
  minversion = "9.0"
  addopts = ["-ra", "-q"]
  testpaths = [
      "tests",
      "integration",
  ]

... (truncated)

Commits

• f4b0fd2 Prepare release version 9.0.0
• 52d8e68 Merge pull request #13889 from bluetech/regendoc-restore
• d6d3e4a doc: fixes for regendoc
• 7cb3974 doc: restore missing "# content of pytest.toml" regendoc commands
• 5ae9e47 build(deps): Bump django in /testing/plugins_integration (#13881)
• adb3658 Merge pull request #13864 from bluetech/config-cleanups-2
• a28c08e Merge pull request #13875 from bluetech/ci-tweaks
• a250954 ci: split publish-to-pypi and push-tag jobs
• ebc152f ci: update setup python's from 3.11 or 3.* to 3.13
• dfd796f ci: move running update-plugin-list script to tox
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[AttackingOrDefending]

I am not sure why this fails. The tests work locally and external lichess moves work when lichess-bot is playing locally on my computer. It might be a problem that it is coming from a github actions IP.

[MarkZH]

The test that fails is contacting chessdb.cn. Since this depends on access to Chinese servers, maybe we should stop this test on GitHub since Chinese access to GitHub can be spotty. Is there a way to do this while still allowing testing on local repositories (like checking os.environ)?

[MarkZH]

I might be wrong about chessdb.cn. The GitHub Actions logs are ambiguous. We should try making a mock pull request and selectively enabling external move lookups to find the problem.

[AttackingOrDefending]

Further up in the logs, it shows that this is an error with the lichess cloud api.

[AttackingOrDefending]

Also downloading stockfish failed because TarFile.extractall() doesn't have the argument filter in python 3.10.11 (the one used in github actions for python 3.10) as it was added in python 3.10.12.

[MarkZH]

Further up in the logs, it shows that this is an error with the lichess cloud api.

Right. Looks like a 429 error. Should we skip the test if it returns a 429?

[AttackingOrDefending]

Yes, that's a good idea. We could perhaps even remove them as external move apis could change (i.e. add more moves) and I am not sure how good this test actually is.