pytest-language-server 0.3.0__tar.gz → 0.4.0__tar.gz

pytest_language_server-0.4.0/.github/dependabot.yml

@@ -0,0 +1,44 @@
+version: 2
+updates:
+  # Rust dependencies
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "bellini666"
+    labels:
+      - "dependencies"
+      - "rust"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    groups:
+      rust-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "bellini666"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"

{pytest_language_server-0.3.0 → pytest_language_server-0.4.0}/.github/workflows/release.yml

@@ -30,7 +30,7 @@ jobs:
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
           manylinux: auto
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-linux-${{ matrix.target }}
           path: dist
@@ -54,7 +54,7 @@ jobs:
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
           manylinux: musllinux_1_2
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-musllinux-${{ matrix.target }}
           path: dist
@@ -83,7 +83,7 @@ jobs:
           args: --release --out dist --interpreter 3.10 3.11 3.12 3.13 3.14
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-windows-${{ matrix.target }}
           path: dist
@@ -107,7 +107,7 @@ jobs:
           args: --release --out dist --interpreter 3.14t
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-windows-${{ matrix.target }}-freethreaded
           path: dist
@@ -134,7 +134,7 @@ jobs:
           args: --release --out dist --interpreter 3.10 3.11 3.12 3.13 3.14 3.14t pypy3.10 pypy3.11
           sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
       - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-macos-${{ matrix.target }}
           path: dist
@@ -149,7 +149,7 @@ jobs:
           command: sdist
           args: --out dist
       - name: Upload sdist
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: wheels-sdist
           path: dist
@@ -167,13 +167,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           pattern: wheels-*
           path: wheels
 
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: "wheels/*/*.whl"
 

pytest_language_server-0.4.0/.github/workflows/security.yml

@@ -0,0 +1,95 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+  schedule:
+    # Run security audit daily at 00:00 UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  security-audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # master
+        with:
+          toolchain: stable
+
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo/registry
+          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+
+      - name: Run cargo audit
+        run: cargo audit --json | tee audit-results.json
+
+      - name: Check for vulnerabilities
+        run: |
+          # Allow warnings (unmaintained crates), but fail on vulnerabilities
+          if cargo audit; then
+            echo "✅ No critical vulnerabilities found"
+          else
+            echo "❌ Vulnerabilities detected - see output above"
+            exit 1
+          fi
+
+      - name: Upload audit results
+        if: always()
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: security-audit-results
+          path: audit-results.json
+
+  cargo-deny:
+    name: Cargo Deny
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # master
+        with:
+          toolchain: stable
+
+      - name: Run cargo deny
+        uses: EmbarkStudios/cargo-deny-action@f2ba7abc2abebaf185c833c3961145a3c275caad # v2.0.13
+        with:
+          log-level: warn
+          command: check
+          arguments: --all-features
+
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+        with:
+          fail-on-severity: moderate
+          deny-licenses: GPL-3.0, LGPL-3.0, AGPL-3.0
+          comment-summary-in-pr: always

{pytest_language_server-0.3.0 → pytest_language_server-0.4.0}/.pre-commit-config.yaml

@@ -26,6 +26,22 @@ repos:
         types: [rust]
         pass_filenames: false
 
+      - id: cargo-audit
+        name: cargo audit (security)
+        entry: cargo audit
+        language: system
+        types: [rust]
+        pass_filenames: false
+        stages: [pre-push]
+
+      - id: cargo-deny
+        name: cargo deny (licenses & security)
+        entry: cargo deny check
+        language: system
+        types: [rust]
+        pass_filenames: false
+        stages: [pre-push]
+
   # General file checks
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0

{pytest_language_server-0.3.0 → pytest_language_server-0.4.0}/Cargo.lock

@@ -753,7 +753,7 @@ dependencies = [
 
 [[package]]
 name = "pytest-language-server"
-version = "0.3.0"
+version = "0.4.0"
 dependencies = [
  "dashmap 6.1.0",
  "rustpython-parser",

{pytest_language_server-0.3.0 → pytest_language_server-0.4.0}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pytest-language-server"
-version = "0.3.0"
+version = "0.4.0"
 edition = "2021"
 rust-version = "1.83"
 authors = ["Thiago Bellini Ribeiro <hackedbellini@gmail.com>"]
@@ -11,6 +11,14 @@ keywords = ["pytest", "lsp", "language-server", "testing"]
 categories = ["development-tools", "development-tools::testing"]
 readme = "README.md"
 
+[[bin]]
+name = "pytest-language-server"
+path = "src/main.rs"
+
+[lib]
+name = "pytest_language_server"
+path = "src/lib.rs"
+
 [dependencies]
 tower-lsp = "0.20.0"
 tokio = { version = "1.48", features = ["full"] }

{pytest_language_server-0.3.0 → pytest_language_server-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pytest-language-server
-Version: 0.3.0
+Version: 0.4.0
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: MIT License
@@ -9,6 +9,7 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Programming Language :: Rust
 Classifier: Topic :: Software Development :: Testing
 Classifier: Topic :: Software Development :: Libraries
@@ -25,6 +26,14 @@ Project-URL: Issues, https://github.com/bellini666/pytest-language-server/issues
 
 # pytest-language-server 🔥
 
+[![CI](https://github.com/bellini666/pytest-language-server/workflows/CI/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/ci.yml)
+[![Security Audit](https://github.com/bellini666/pytest-language-server/workflows/Security%20Audit/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/security.yml)
+[![PyPI version](https://badge.fury.io/py/pytest-language-server.svg)](https://badge.fury.io/py/pytest-language-server)
+[![Downloads](https://static.pepy.tech/badge/pytest-language-server)](https://pepy.tech/project/pytest-language-server)
+[![Crates.io](https://img.shields.io/crates/v/pytest-language-server.svg)](https://crates.io/crates/pytest-language-server)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python Version](https://img.shields.io/pypi/pyversions/pytest-language-server.svg)](https://pypi.org/project/pytest-language-server/)
+
 > **Shamelessly vibed into existence** 🤖✨
 >
 > This entire LSP implementation was built from scratch in a single AI-assisted coding session.
@@ -48,6 +57,8 @@ Find all usages of a fixture across your entire test suite:
 - Works from fixture definitions or usage sites
 - Character-position aware (distinguishes between fixture name and parameters)
 - Shows references in all test files
+- Correctly handles fixture overriding and hierarchies
+- **LSP spec compliant**: Always includes the current position in results
 
 ### 📚 Hover Documentation
 View fixture information on hover:
@@ -139,6 +150,18 @@ require'lspconfig'.pytest_lsp.setup{
 }
 ```
 
+### Zed
+
+Install the extension from the extensions marketplace:
+
+1. Open Zed
+2. Open the command palette (Cmd+Shift+P / Ctrl+Shift+P)
+3. Search for "zed: extensions"
+4. Search for "pytest Language Server"
+5. Click "Install"
+
+The extension will automatically detect `pytest-language-server` if it's in your PATH.
+
 ### VS Code
 
 Install the extension from the marketplace (coming soon) or configure manually:
@@ -223,6 +246,31 @@ pytest-language-server correctly implements pytest's fixture shadowing rules:
 2. **Closest conftest.py**: Searches parent directories for conftest.py files
 3. **Virtual environment**: Third-party plugin fixtures
 
+### Fixture Overriding
+
+The LSP correctly handles complex fixture overriding scenarios:
+
+```python
+# conftest.py (parent)
+@pytest.fixture
+def cli_runner():
+    return "parent runner"
+
+# tests/conftest.py (child)
+@pytest.fixture
+def cli_runner(cli_runner):  # Overrides parent
+    return cli_runner  # Uses parent
+
+# tests/test_example.py
+def test_example(cli_runner):  # Uses child
+    pass
+```
+
+When using find-references:
+- Clicking on the **function name** `def cli_runner(...)` shows references to the child fixture
+- Clicking on the **parameter** `cli_runner(cli_runner)` shows references to the parent fixture
+- Character-position aware to distinguish between the two
+
 ## Supported Third-Party Fixtures
 
 Automatically discovers fixtures from popular pytest plugins:
@@ -265,10 +313,35 @@ cargo test
 RUST_LOG=debug cargo run
 ```
 
+## Security
+
+Security is a priority. This project includes:
+- Automated dependency vulnerability scanning (cargo-audit)
+- License compliance checking (cargo-deny)
+- Daily security audits in CI/CD
+- Dependency review on pull requests
+- Pre-commit security hooks
+
+See [SECURITY.md](SECURITY.md) for our security policy and how to report vulnerabilities.
+
 ## Contributing
 
 Contributions are welcome! Please feel free to submit a Pull Request.
 
+### Development Setup
+
+1. Install pre-commit hooks:
+   ```bash
+   pre-commit install
+   ```
+
+2. Run security checks locally:
+   ```bash
+   cargo audit
+   cargo clippy
+   cargo test
+   ```
+
 ## License
 
 MIT License - see LICENSE file for details.

{pytest_language_server-0.3.0 → pytest_language_server-0.4.0}/README.md

@@ -1,5 +1,13 @@
 # pytest-language-server 🔥
 
+[![CI](https://github.com/bellini666/pytest-language-server/workflows/CI/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/ci.yml)
+[![Security Audit](https://github.com/bellini666/pytest-language-server/workflows/Security%20Audit/badge.svg)](https://github.com/bellini666/pytest-language-server/actions/workflows/security.yml)
+[![PyPI version](https://badge.fury.io/py/pytest-language-server.svg)](https://badge.fury.io/py/pytest-language-server)
+[![Downloads](https://static.pepy.tech/badge/pytest-language-server)](https://pepy.tech/project/pytest-language-server)
+[![Crates.io](https://img.shields.io/crates/v/pytest-language-server.svg)](https://crates.io/crates/pytest-language-server)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python Version](https://img.shields.io/pypi/pyversions/pytest-language-server.svg)](https://pypi.org/project/pytest-language-server/)
+
 > **Shamelessly vibed into existence** 🤖✨
 >
 > This entire LSP implementation was built from scratch in a single AI-assisted coding session.
@@ -23,6 +31,8 @@ Find all usages of a fixture across your entire test suite:
 - Works from fixture definitions or usage sites
 - Character-position aware (distinguishes between fixture name and parameters)
 - Shows references in all test files
+- Correctly handles fixture overriding and hierarchies
+- **LSP spec compliant**: Always includes the current position in results
 
 ### 📚 Hover Documentation
 View fixture information on hover:
@@ -114,6 +124,18 @@ require'lspconfig'.pytest_lsp.setup{
 }
 ```
 
+### Zed
+
+Install the extension from the extensions marketplace:
+
+1. Open Zed
+2. Open the command palette (Cmd+Shift+P / Ctrl+Shift+P)
+3. Search for "zed: extensions"
+4. Search for "pytest Language Server"
+5. Click "Install"
+
+The extension will automatically detect `pytest-language-server` if it's in your PATH.
+
 ### VS Code
 
 Install the extension from the marketplace (coming soon) or configure manually:
@@ -198,6 +220,31 @@ pytest-language-server correctly implements pytest's fixture shadowing rules:
 2. **Closest conftest.py**: Searches parent directories for conftest.py files
 3. **Virtual environment**: Third-party plugin fixtures
 
+### Fixture Overriding
+
+The LSP correctly handles complex fixture overriding scenarios:
+
+```python
+# conftest.py (parent)
+@pytest.fixture
+def cli_runner():
+    return "parent runner"
+
+# tests/conftest.py (child)
+@pytest.fixture
+def cli_runner(cli_runner):  # Overrides parent
+    return cli_runner  # Uses parent
+
+# tests/test_example.py
+def test_example(cli_runner):  # Uses child
+    pass
+```
+
+When using find-references:
+- Clicking on the **function name** `def cli_runner(...)` shows references to the child fixture
+- Clicking on the **parameter** `cli_runner(cli_runner)` shows references to the parent fixture
+- Character-position aware to distinguish between the two
+
 ## Supported Third-Party Fixtures
 
 Automatically discovers fixtures from popular pytest plugins:
@@ -240,10 +287,35 @@ cargo test
 RUST_LOG=debug cargo run
 ```
 
+## Security
+
+Security is a priority. This project includes:
+- Automated dependency vulnerability scanning (cargo-audit)
+- License compliance checking (cargo-deny)
+- Daily security audits in CI/CD
+- Dependency review on pull requests
+- Pre-commit security hooks
+
+See [SECURITY.md](SECURITY.md) for our security policy and how to report vulnerabilities.
+
 ## Contributing
 
 Contributions are welcome! Please feel free to submit a Pull Request.
 
+### Development Setup
+
+1. Install pre-commit hooks:
+   ```bash
+   pre-commit install
+   ```
+
+2. Run security checks locally:
+   ```bash
+   cargo audit
+   cargo clippy
+   cargo test
+   ```
+
 ## License
 
 MIT License - see LICENSE file for details.

pytest_language_server-0.4.0/SECURITY.md

@@ -0,0 +1,131 @@
+# Security Policy
+
+## Supported Versions
+
+We release security updates for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.3.x   | :white_check_mark: |
+| < 0.3   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of pytest-language-server seriously. If you believe you have found a security vulnerability, please report it to us as described below.
+
+### How to Report
+
+**Please do NOT report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via email to:
+
+- **Email**: hackedbellini@gmail.com
+- **Subject**: [SECURITY] pytest-language-server vulnerability report
+
+Please include the following information in your report:
+
+- Type of vulnerability
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit it
+
+### What to Expect
+
+- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours.
+- **Updates**: We will send you regular updates about our progress, at minimum every 7 days.
+- **Disclosure Timeline**: We aim to disclose vulnerabilities within 90 days of the initial report.
+- **Credit**: We will credit you in the security advisory unless you prefer to remain anonymous.
+
+### Security Update Process
+
+1. The security team will investigate and validate the vulnerability
+2. A fix will be developed in a private repository
+3. A new version will be released with the fix
+4. A security advisory will be published on GitHub
+5. The CVE (if applicable) will be requested and published
+
+## Security Best Practices for Users
+
+### Installation
+
+- Always install from official sources (PyPI, Homebrew, or crates.io)
+- Verify checksums when downloading pre-built binaries
+- Use the latest stable version
+
+### Running the Server
+
+- Run the LSP server with the minimum required privileges
+- Do not expose the LSP server to untrusted networks
+- Be cautious when opening untrusted workspace directories
+- Review the workspace before allowing the server to scan it
+
+### Known Limitations
+
+- The server scans all Python files in the workspace recursively
+- The server reads contents of test files and conftest.py files
+- The server may follow symlinks in the workspace
+- Virtual environment scanning may access third-party code
+
+## Security Measures
+
+### Development
+
+- All code changes are reviewed before merging
+- We use automated security scanning in CI/CD:
+  - `cargo audit` for known vulnerabilities
+  - `cargo deny` for license compliance and security policies
+  - `cargo clippy` for code quality and potential issues
+  - Dependency review on pull requests
+- GitHub Actions are pinned to specific commit SHAs
+- We use GitHub's security features (Dependabot, security advisories)
+
+### Build Process
+
+- Builds are reproducible via Cargo.lock
+- Release artifacts include build provenance attestations
+- PyPI releases use trusted publishing with OIDC
+
+### Dependencies
+
+- We minimize the dependency tree
+- Dependencies are regularly updated
+- Unmaintained dependencies are monitored and replaced when necessary
+
+## Security Auditing
+
+We perform regular security audits:
+
+- **Daily**: Automated dependency vulnerability scanning
+- **Weekly**: Manual review of security alerts
+- **Per Release**: Full security review before each release
+
+## Responsible Disclosure
+
+We believe in responsible disclosure and will work with security researchers to:
+
+- Understand and reproduce the vulnerability
+- Develop and test a fix
+- Coordinate disclosure timing
+- Provide credit in security advisories
+
+## Contact
+
+For security-related questions or concerns that do not relate to a vulnerability, you can:
+
+- Open a GitHub discussion (for general security questions)
+- Email: hackedbellini@gmail.com (for sensitive matters)
+
+## Hall of Fame
+
+We thank the following researchers for responsibly disclosing security issues:
+
+<!-- This section will be updated as researchers report vulnerabilities -->
+
+*No vulnerabilities reported yet. Be the first!*
+
+---
+
+**Last Updated**: 2025-01-15

pytest_language_server-0.4.0/bump-version.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# Version bump script for pytest-language-server
+# Usage: ./bump-version.sh <new-version>
+# Example: ./bump-version.sh 0.3.1
+
+set -e
+
+if [ -z "$1" ]; then
+    echo "Usage: $0 <new-version>"
+    echo "Example: $0 0.3.1"
+    exit 1
+fi
+
+NEW_VERSION="$1"
+
+# Validate version format (basic semver check)
+if ! echo "$NEW_VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
+    echo "Error: Version must be in format X.Y.Z (e.g., 0.3.1)"
+    exit 1
+fi
+
+echo "Bumping version to $NEW_VERSION..."
+
+# Update Cargo.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" Cargo.toml && rm Cargo.toml.bak
+
+# Update pyproject.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" pyproject.toml && rm pyproject.toml.bak
+
+# Update zed-extension/Cargo.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" zed-extension/Cargo.toml && rm zed-extension/Cargo.toml.bak
+
+# Update zed-extension/extension.toml
+sed -i.bak "s/^version = \".*\"/version = \"$NEW_VERSION\"/" zed-extension/extension.toml && rm zed-extension/extension.toml.bak
+
+# Update Cargo.lock
+cargo update -p pytest-language-server
+
+echo "✓ Version bumped to $NEW_VERSION in:"
+echo "  - Cargo.toml"
+echo "  - pyproject.toml"
+echo "  - zed-extension/Cargo.toml"
+echo "  - zed-extension/extension.toml"
+echo "  - Cargo.lock"
+echo ""
+echo "Run 'git add -A && git commit -m \"chore: bump version to $NEW_VERSION\"' to commit"