pytest-language-server 0.3.0__tar.gz → 0.3.1__tar.gz

pytest_language_server-0.3.1/.github/dependabot.yml

@@ -0,0 +1,44 @@
+version: 2
+updates:
+  # Rust dependencies
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "bellini666"
+    labels:
+      - "dependencies"
+      - "rust"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    groups:
+      rust-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "bellini666"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/.github/workflows/release.yml

@@ -30,7 +30,7 @@ jobs:
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
           manylinux: auto
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-linux-${{ matrix.target }}
           path: dist
@@ -54,7 +54,7 @@ jobs:
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
           manylinux: musllinux_1_2
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-musllinux-${{ matrix.target }}
           path: dist
@@ -83,7 +83,7 @@ jobs:
           args: --release --out dist --interpreter 3.10 3.11 3.12 3.13 3.14
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-windows-${{ matrix.target }}
           path: dist
@@ -107,7 +107,7 @@ jobs:
           args: --release --out dist --interpreter 3.14t
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-windows-${{ matrix.target }}-freethreaded
           path: dist
@@ -134,7 +134,7 @@ jobs:
           args: --release --out dist --interpreter 3.10 3.11 3.12 3.13 3.14 3.14t pypy3.10 pypy3.11
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-macos-${{ matrix.target }}
           path: dist
@@ -149,7 +149,7 @@ jobs:
           command: sdist
           args: --out dist
       - name: Upload sdist
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-sdist
           path: dist
@@ -167,13 +167,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           pattern: wheels-*
           path: wheels
 
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: "wheels/*/*.whl"
 

pytest_language_server-0.3.1/.github/workflows/security.yml

@@ -0,0 +1,95 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+  schedule:
+    # Run security audit daily at 00:00 UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  security-audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # master
+        with:
+          toolchain: stable
+
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo/registry
+          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+
+      - name: Run cargo audit
+        run: cargo audit --json | tee audit-results.json
+
+      - name: Check for vulnerabilities
+        run: |
+          # Allow warnings (unmaintained crates), but fail on vulnerabilities
+          if cargo audit; then
+            echo "✅ No critical vulnerabilities found"
+          else
+            echo "❌ Vulnerabilities detected - see output above"
+            exit 1
+          fi
+
+      - name: Upload audit results
+        if: always()
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: security-audit-results
+          path: audit-results.json
+
+  cargo-deny:
+    name: Cargo Deny
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # master
+        with:
+          toolchain: stable
+
+      - name: Run cargo deny
+        uses: EmbarkStudios/cargo-deny-action@f2ba7abc2abebaf185c833c3961145a3c275caad # v2.0.13
+        with:
+          log-level: warn
+          command: check
+          arguments: --all-features
+
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+        with:
+          fail-on-severity: moderate
+          deny-licenses: GPL-3.0, LGPL-3.0, AGPL-3.0
+          comment-summary-in-pr: always

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/.pre-commit-config.yaml

@@ -26,6 +26,22 @@ repos:
         types: [rust]
         pass_filenames: false
 
+      - id: cargo-audit
+        name: cargo audit (security)
+        entry: cargo audit
+        language: system
+        types: [rust]
+        pass_filenames: false
+        stages: [pre-push]
+
+      - id: cargo-deny
+        name: cargo deny (licenses & security)
+        entry: cargo deny check
+        language: system
+        types: [rust]
+        pass_filenames: false
+        stages: [pre-push]
+
   # General file checks
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/Cargo.lock

@@ -753,7 +753,7 @@ dependencies = [
 
 [[package]]
 name = "pytest-language-server"
-version = "0.3.0"
+version = "0.3.1"
 dependencies = [
  "dashmap 6.1.0",
  "rustpython-parser",

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pytest-language-server"
-version = "0.3.0"
+version = "0.3.1"
 edition = "2021"
 rust-version = "1.83"
 authors = ["Thiago Bellini Ribeiro <hackedbellini@gmail.com>"]

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pytest-language-server
-Version: 0.3.0
+Version: 0.3.1
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: MIT License
@@ -9,6 +9,7 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Programming Language :: Rust
 Classifier: Topic :: Software Development :: Testing
 Classifier: Topic :: Software Development :: Libraries
@@ -25,6 +26,14 @@ Project-URL: Issues, https://github.com/bellini666/pytest-language-server/issues
 
 # pytest-language-server 🔥
 
+[![CI](https://github.com/bellini666/pytest-language-server/workflows/CI/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/ci.yml)
+[![Security Audit](https://github.com/bellini666/pytest-language-server/workflows/Security%20Audit/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/security.yml)
+[![PyPI version](https://badge.fury.io/py/pytest-language-server.svg)](https://badge.fury.io/py/pytest-language-server)
+[![Downloads](https://static.pepy.tech/badge/pytest-language-server)](https://pepy.tech/project/pytest-language-server)
+[![Crates.io](https://img.shields.io/crates/v/pytest-language-server.svg)](https://crates.io/crates/pytest-language-server)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python Version](https://img.shields.io/pypi/pyversions/pytest-language-server.svg)](https://pypi.org/project/pytest-language-server/)
+
 > **Shamelessly vibed into existence** 🤖✨
 >
 > This entire LSP implementation was built from scratch in a single AI-assisted coding session.
@@ -139,6 +148,18 @@ require'lspconfig'.pytest_lsp.setup{
 }
 ```
 
+### Zed
+
+Install the extension from the extensions marketplace:
+
+1. Open Zed
+2. Open the command palette (Cmd+Shift+P / Ctrl+Shift+P)
+3. Search for "zed: extensions"
+4. Search for "pytest Language Server"
+5. Click "Install"
+
+The extension will automatically detect `pytest-language-server` if it's in your PATH.
+
 ### VS Code
 
 Install the extension from the marketplace (coming soon) or configure manually:
@@ -265,10 +286,35 @@ cargo test
 RUST_LOG=debug cargo run
 ```
 
+## Security
+
+Security is a priority. This project includes:
+- Automated dependency vulnerability scanning (cargo-audit)
+- License compliance checking (cargo-deny)
+- Daily security audits in CI/CD
+- Dependency review on pull requests
+- Pre-commit security hooks
+
+See [SECURITY.md](SECURITY.md) for our security policy and how to report vulnerabilities.
+
 ## Contributing
 
 Contributions are welcome! Please feel free to submit a Pull Request.
 
+### Development Setup
+
+1. Install pre-commit hooks:
+   ```bash
+   pre-commit install
+   ```
+
+2. Run security checks locally:
+   ```bash
+   cargo audit
+   cargo clippy
+   cargo test
+   ```
+
 ## License
 
 MIT License - see LICENSE file for details.

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/README.md

@@ -1,5 +1,13 @@
 # pytest-language-server 🔥
 
+[![CI](https://github.com/bellini666/pytest-language-server/workflows/CI/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/ci.yml)
+[![Security Audit](https://github.com/bellini666/pytest-language-server/workflows/Security%20Audit/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/security.yml)
+[![PyPI version](https://badge.fury.io/py/pytest-language-server.svg)](https://badge.fury.io/py/pytest-language-server)
+[![Downloads](https://static.pepy.tech/badge/pytest-language-server)](https://pepy.tech/project/pytest-language-server)
+[![Crates.io](https://img.shields.io/crates/v/pytest-language-server.svg)](https://crates.io/crates/pytest-language-server)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python Version](https://img.shields.io/pypi/pyversions/pytest-language-server.svg)](https://pypi.org/project/pytest-language-server/)
+
 > **Shamelessly vibed into existence** 🤖✨
 >
 > This entire LSP implementation was built from scratch in a single AI-assisted coding session.
@@ -114,6 +122,18 @@ require'lspconfig'.pytest_lsp.setup{
 }
 ```
 
+### Zed
+
+Install the extension from the extensions marketplace:
+
+1. Open Zed
+2. Open the command palette (Cmd+Shift+P / Ctrl+Shift+P)
+3. Search for "zed: extensions"
+4. Search for "pytest Language Server"
+5. Click "Install"
+
+The extension will automatically detect `pytest-language-server` if it's in your PATH.
+
 ### VS Code
 
 Install the extension from the marketplace (coming soon) or configure manually:
@@ -240,10 +260,35 @@ cargo test
 RUST_LOG=debug cargo run
 ```
 
+## Security
+
+Security is a priority. This project includes:
+- Automated dependency vulnerability scanning (cargo-audit)
+- License compliance checking (cargo-deny)
+- Daily security audits in CI/CD
+- Dependency review on pull requests
+- Pre-commit security hooks
+
+See [SECURITY.md](SECURITY.md) for our security policy and how to report vulnerabilities.
+
 ## Contributing
 
 Contributions are welcome! Please feel free to submit a Pull Request.
 
+### Development Setup
+
+1. Install pre-commit hooks:
+   ```bash
+   pre-commit install
+   ```
+
+2. Run security checks locally:
+   ```bash
+   cargo audit
+   cargo clippy
+   cargo test
+   ```
+
 ## License
 
 MIT License - see LICENSE file for details.

pytest_language_server-0.3.1/SECURITY.md

@@ -0,0 +1,131 @@
+# Security Policy
+
+## Supported Versions
+
+We release security updates for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.3.x   | :white_check_mark: |
+| < 0.3   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of pytest-language-server seriously. If you believe you have found a security vulnerability, please report it to us as described below.
+
+### How to Report
+
+**Please do NOT report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via email to:
+
+- **Email**: hackedbellini@gmail.com
+- **Subject**: [SECURITY] pytest-language-server vulnerability report
+
+Please include the following information in your report:
+
+- Type of vulnerability
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit it
+
+### What to Expect
+
+- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours.
+- **Updates**: We will send you regular updates about our progress, at minimum every 7 days.
+- **Disclosure Timeline**: We aim to disclose vulnerabilities within 90 days of the initial report.
+- **Credit**: We will credit you in the security advisory unless you prefer to remain anonymous.
+
+### Security Update Process
+
+1. The security team will investigate and validate the vulnerability
+2. A fix will be developed in a private repository
+3. A new version will be released with the fix
+4. A security advisory will be published on GitHub
+5. The CVE (if applicable) will be requested and published
+
+## Security Best Practices for Users
+
+### Installation
+
+- Always install from official sources (PyPI, Homebrew, or crates.io)
+- Verify checksums when downloading pre-built binaries
+- Use the latest stable version
+
+### Running the Server
+
+- Run the LSP server with the minimum required privileges
+- Do not expose the LSP server to untrusted networks
+- Be cautious when opening untrusted workspace directories
+- Review the workspace before allowing the server to scan it
+
+### Known Limitations
+
+- The server scans all Python files in the workspace recursively
+- The server reads contents of test files and conftest.py files
+- The server may follow symlinks in the workspace
+- Virtual environment scanning may access third-party code
+
+## Security Measures
+
+### Development
+
+- All code changes are reviewed before merging
+- We use automated security scanning in CI/CD:
+  - `cargo audit` for known vulnerabilities
+  - `cargo deny` for license compliance and security policies
+  - `cargo clippy` for code quality and potential issues
+  - Dependency review on pull requests
+- GitHub Actions are pinned to specific commit SHAs
+- We use GitHub's security features (Dependabot, security advisories)
+
+### Build Process
+
+- Builds are reproducible via Cargo.lock
+- Release artifacts include build provenance attestations
+- PyPI releases use trusted publishing with OIDC
+
+### Dependencies
+
+- We minimize the dependency tree
+- Dependencies are regularly updated
+- Unmaintained dependencies are monitored and replaced when necessary
+
+## Security Auditing
+
+We perform regular security audits:
+
+- **Daily**: Automated dependency vulnerability scanning
+- **Weekly**: Manual review of security alerts
+- **Per Release**: Full security review before each release
+
+## Responsible Disclosure
+
+We believe in responsible disclosure and will work with security researchers to:
+
+- Understand and reproduce the vulnerability
+- Develop and test a fix
+- Coordinate disclosure timing
+- Provide credit in security advisories
+
+## Contact
+
+For security-related questions or concerns that do not relate to a vulnerability, you can:
+
+- Open a GitHub discussion (for general security questions)
+- Email: hackedbellini@gmail.com (for sensitive matters)
+
+## Hall of Fame
+
+We thank the following researchers for responsibly disclosing security issues:
+
+<!-- This section will be updated as researchers report vulnerabilities -->
+
+*No vulnerabilities reported yet. Be the first!*
+
+---
+
+**Last Updated**: 2025-01-15

pytest_language_server-0.3.1/bump-version.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# Version bump script for pytest-language-server
+# Usage: ./bump-version.sh <new-version>
+# Example: ./bump-version.sh 0.3.1
+
+set -e
+
+if [ -z "$1" ]; then
+    echo "Usage: $0 <new-version>"
+    echo "Example: $0 0.3.1"
+    exit 1
+fi
+
+NEW_VERSION="$1"
+
+# Validate version format (basic semver check)
+if ! echo "$NEW_VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
+    echo "Error: Version must be in format X.Y.Z (e.g., 0.3.1)"
+    exit 1
+fi
+
+echo "Bumping version to $NEW_VERSION..."
+
+# Update Cargo.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" Cargo.toml && rm Cargo.toml.bak
+
+# Update pyproject.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" pyproject.toml && rm pyproject.toml.bak
+
+# Update zed-extension/Cargo.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" zed-extension/Cargo.toml && rm zed-extension/Cargo.toml.bak
+
+# Update zed-extension/extension.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" zed-extension/extension.toml && rm zed-extension/extension.toml.bak
+
+# Update Cargo.lock
+cargo update -p pytest-language-server
+
+echo "✓ Version bumped to $NEW_VERSION in:"
+echo "  - Cargo.toml"
+echo "  - pyproject.toml"
+echo "  - zed-extension/Cargo.toml"
+echo "  - zed-extension/extension.toml"
+echo "  - Cargo.lock"
+echo ""
+echo "Run 'git add -A && git commit -m \"chore: bump version to $NEW_VERSION\"' to commit"

pytest_language_server-0.3.1/deny.toml

@@ -0,0 +1,53 @@
+# Configuration for cargo-deny
+# https://embarkstudios.github.io/cargo-deny/
+
+[advisories]
+# Ignore unmaintained advisories for dependencies we can't easily replace
+ignore = [
+    "RUSTSEC-2024-0436",  # paste - unmaintained (used by rustpython-parser)
+    "RUSTSEC-2025-0075",  # unic-char-range - unmaintained
+    "RUSTSEC-2025-0080",  # unic-common - unmaintained
+    "RUSTSEC-2025-0081",  # unic-char-property - unmaintained
+    "RUSTSEC-2025-0090",  # unic-emoji-char - unmaintained
+    "RUSTSEC-2025-0098",  # unic-ucd-version - unmaintained
+    "RUSTSEC-2025-0100",  # unic-ucd-ident - unmaintained
+]
+# Warn about yanked crates but don't fail
+yanked = "warn"
+
+[licenses]
+# Allow these licenses
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "ISC",
+    "Unicode-DFS-2016",
+    "Unicode-3.0",          # Used by ICU crates for Unicode data
+    "CC0-1.0",
+    "0BSD",
+    "Zlib",
+    "MPL-2.0",
+    "LGPL-3.0-only",        # Used by malachite (via rustpython-parser)
+]
+
+# Confidence threshold for license detection
+confidence-threshold = 0.8
+
+[bans]
+# Lint level for when multiple versions of the same crate are detected
+multiple-versions = "warn"
+# Allow wildcard dependencies
+wildcards = "allow"
+# Deny these specific crates (empty for now)
+deny = []
+
+[sources]
+# Ensure all dependencies come from trusted sources
+unknown-registry = "deny"
+unknown-git = "deny"
+
+[sources.allow-org]
+github = []

{pytest_language_server-0.3.0 → pytest_language_server-0.3.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "maturin"
 
 [project]
 name = "pytest-language-server"
-version = "0.3.0"
+version = "0.3.1"
 description = "A blazingly fast Language Server Protocol implementation for pytest"
 authors = [{name = "Thiago Bellini Ribeiro", email = "hackedbellini@gmail.com"}]
 readme = "README.md"
@@ -19,6 +19,7 @@ classifiers = [
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Programming Language :: Rust",
     "Topic :: Software Development :: Testing",
     "Topic :: Software Development :: Libraries",