[py] Bump pytest and dev dependencies

[cgoldberg]

User description

💥 What does this PR do?

This PR updates pytest to 9.0.0 and bumps versions of all dependencies used for development. It also generates a new lockfile for Bazel/CI.

This also updates our pytest config section in pyproject.toml to use the new native toml format.

🔄 Types of changes

• Dev/Build/CI

---

PR Type

Enhancement

---

Description

• Bump pytest from 8.4.2 to 9.0.0

• Update all development dependencies to latest versions

• Regenerate lockfile for Bazel/CI consistency

---

Diagram Walkthrough

flowchart LR
  A["Development Dependencies"] -->|Update versions| B["pytest 9.0.0"]
  A -->|Update versions| C["Other dev tools"]
  B -->|Regenerate| D["requirements_lock.txt"]
  C -->|Regenerate| D

Loading

File Walkthrough

	Relevant files
Dependencies	requirements.txt Update pytest and all dev dependencies                                      py/requirements.txt Upgrade pytest from 8.4.2 to 9.0.0 Update 20+ development dependencies to their latest versions Notable updates include tox (4.30.3 → 4.32.0), trio (0.31.0 → 0.32.0), virtualenv (20.34.0 → 20.35.4) Minor version bumps across cryptography, docutils, filelock, and other utilities +18/-18
Configuration changes	requirements_lock.txt Regenerate Bazel lockfile                                                                py/requirements_lock.txt Regenerate lockfile to reflect updated dependency versions Ensures Bazel and CI builds use consistent pinned versions +428/-348

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No runtime code: The PR only updates dependencies and pytest configuration without adding or modifying application logic where audit logging would apply, so compliance cannot be assessed from the diff. Referred Code "NOTICE", ] [tool.pytest] console_output_style = "progress" faulthandler_timeout = "60" log_cli = true trio_mode = true markers = [ Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: No identifiers added: The diff only changes dependency versions and pytest config keys without introducing new variables or functions to evaluate naming. Referred Code "NOTICE", ] [tool.pytest] console_output_style = "progress" faulthandler_timeout = "60" log_cli = true trio_mode = true markers = [ Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No error paths: No new runtime code or error handling was added in this PR; only dependency versions and pytest configuration were updated, so robustness cannot be evaluated. Referred Code "NOTICE", ] [tool.pytest] console_output_style = "progress" faulthandler_timeout = "60" log_cli = true trio_mode = true markers = [ Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: No user errors: The PR does not modify user-facing error messages or handlers; only tooling and config changes are present, so security of error messages cannot be assessed. Referred Code "NOTICE", ] [tool.pytest] console_output_style = "progress" faulthandler_timeout = "60" log_cli = true trio_mode = true markers = [ Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Logging unchanged: No new logging statements or formats were added; dependency and pytest config updates do not provide enough context to judge logging security. Referred Code "NOTICE", ] [tool.pytest] console_output_style = "progress" faulthandler_timeout = "60" log_cli = true trio_mode = true markers = [ Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Dependency bumps: Only dependency versions were changed and pytest config adjusted, with no new input handling code to validate; security posture impact cannot be determined from the diff. Referred Code attrs==25.4.0 cachetools==6.2.1 certifi==2025.10.5 cffi==2.0.0 chardet==5.2.0 charset-normalizer==3.4.4 colorama==0.4.6 cryptography==46.0.3 debugpy==1.8.17 distlib==0.4.0 docutils==0.21.2 filelock==3.20.0 filetype==1.2.0 h11==0.16.0 id==1.5.0 idna==3.11 importlib_metadata==8.7.0 inflection==0.5.1 iniconfig==2.3.0 jaraco.classes==3.4.0 jaraco.context==6.0.1 ... (clipped 40 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label