From addead29d33d72cc6254188f7f7039c1e93745eb Mon Sep 17 00:00:00 2001 From: Brent Westbrook <36778786+ntBre@users.noreply.github.com> Date: Thu, 13 Mar 2025 15:50:22 -0400 Subject: [PATCH 1/3] Update ruff's JSON schema (#4562) This updates ruff's JSON schema to [27e9d1fe3e60a0b6731ba3be103a48a33b8e3a7c](https://github.com/astral-sh/ruff/commit/27e9d1fe3e60a0b6731ba3be103a48a33b8e3a7c) --- src/schemas/json/ruff.json | 47 ++++++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/src/schemas/json/ruff.json b/src/schemas/json/ruff.json index 21302a0b060..0791e8bbd0e 100644 --- a/src/schemas/json/ruff.json +++ b/src/schemas/json/ruff.json @@ -604,7 +604,7 @@ } }, "target-version": { - "description": "The minimum Python version to target, e.g., when considering automatic code upgrades, like rewriting type annotations. Ruff will not propose changes using features that are not available in the given version.\n\nFor example, to represent supporting Python >=3.10 or ==3.10 specify `target-version = \"py310\"`.\n\nIf you're already using a `pyproject.toml` file, we recommend `project.requires-python` instead, as it's based on Python packaging standards, and will be respected by other tools. For example, Ruff treats the following as identical to `target-version = \"py38\"`:\n\n```toml [project] requires-python = \">=3.8\" ```\n\nIf both are specified, `target-version` takes precedence over `requires-python`.\n\nNote that a stub file can [sometimes make use of a typing feature](https://typing.readthedocs.io/en/latest/spec/distributing.html#syntax) before it is available at runtime, as long as the stub does not make use of new *syntax*. For example, a type checker will understand `int | str` in a stub as being a `Union` type annotation, even if the type checker is run using Python 3.9, despite the fact that the `|` operator can only be used to create union types at runtime on Python 3.10+. As such, Ruff will often recommend newer features in a stub file than it would for an equivalent runtime file with the same target version.", + "description": "The minimum Python version to target, e.g., when considering automatic code upgrades, like rewriting type annotations. Ruff will not propose changes using features that are not available in the given version.\n\nFor example, to represent supporting Python >=3.10 or ==3.10 specify `target-version = \"py310\"`.\n\nIf you're already using a `pyproject.toml` file, we recommend `project.requires-python` instead, as it's based on Python packaging standards, and will be respected by other tools. For example, Ruff treats the following as identical to `target-version = \"py38\"`:\n\n```toml [project] requires-python = \">=3.8\" ```\n\nIf both are specified, `target-version` takes precedence over `requires-python`. See [_Inferring the Python version_](https://docs.astral.sh/ruff/configuration/#inferring-the-python-version) for a complete description of how the `target-version` is determined when left unspecified.\n\nNote that a stub file can [sometimes make use of a typing feature](https://typing.readthedocs.io/en/latest/spec/distributing.html#syntax) before it is available at runtime, as long as the stub does not make use of new *syntax*. For example, a type checker will understand `int | str` in a stub as being a `Union` type annotation, even if the type checker is run using Python 3.9, despite the fact that the `|` operator can only be used to create union types at runtime on Python 3.10+. As such, Ruff will often recommend newer features in a stub file than it would for an equivalent runtime file with the same target version.", "anyOf": [ { "$ref": "#/definitions/PythonVersion" @@ -792,10 +792,24 @@ "description": "Options for the `flake8-bandit` plugin.", "type": "object", "properties": { + "allowed-markup-calls": { + "description": "A list of callable names, whose result may be safely passed into [`markupsafe.Markup`](https://markupsafe.palletsprojects.com/en/stable/escaping/#markupsafe.Markup).\n\nExpects to receive a list of fully-qualified names (e.g., `bleach.clean`, rather than `clean`).\n\nThis setting helps you avoid false positives in code like:\n\n```python from bleach import clean from markupsafe import Markup\n\ncleaned_markup = Markup(clean(some_user_input)) ```\n\nWhere the use of [`bleach.clean`](https://bleach.readthedocs.io/en/latest/clean.html) usually ensures that there's no XSS vulnerability.\n\nAlthough it is not recommended, you may also use this setting to whitelist other kinds of calls, e.g. calls to i18n translation functions, where how safe that is will depend on the implementation and how well the translations are audited.\n\nAnother common use-case is to wrap the output of functions that generate markup like [`xml.etree.ElementTree.tostring`](https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.tostring) or template rendering engines where sanitization of potential user input is either already baked in or has to happen before rendering.", + "type": ["array", "null"], + "items": { + "type": "string" + } + }, "check-typed-exception": { "description": "Whether to disallow `try`-`except`-`pass` (`S110`) for specific exception types. By default, `try`-`except`-`pass` is only disallowed for `Exception` and `BaseException`.", "type": ["boolean", "null"] }, + "extend-markup-names": { + "description": "A list of additional callable names that behave like [`markupsafe.Markup`](https://markupsafe.palletsprojects.com/en/stable/escaping/#markupsafe.Markup).\n\nExpects to receive a list of fully-qualified names (e.g., `webhelpers.html.literal`, rather than `literal`).", + "type": ["array", "null"], + "items": { + "type": "string" + } + }, "hardcoded-tmp-directory": { "description": "A list of directories to consider temporary (see `S108`).", "type": ["array", "null"], @@ -845,22 +859,43 @@ "description": "Options for the `flake8-builtins` plugin.", "type": "object", "properties": { - "builtins-allowed-modules": { + "allowed-modules": { "description": "List of builtin module names to allow.", "type": ["array", "null"], "items": { "type": "string" } }, + "builtins-allowed-modules": { + "description": "DEPRECATED: This option has been renamed to `allowed-modules`. Use `allowed-modules` instead.\n\nList of builtin module names to allow.\n\nThis option is ignored if both `allowed-modules` and `builtins-allowed-modules` are set.", + "deprecated": true, + "type": ["array", "null"], + "items": { + "type": "string" + } + }, "builtins-ignorelist": { - "description": "Ignore list of builtins.", + "description": "DEPRECATED: This option has been renamed to `ignorelist`. Use `ignorelist` instead.\n\nIgnore list of builtins.\n\nThis option is ignored if both `ignorelist` and `builtins-ignorelist` are set.", + "deprecated": true, "type": ["array", "null"], "items": { "type": "string" } }, "builtins-strict-checking": { - "description": "Compare module names instead of full module paths.\n\nUsed by [`A005` - `stdlib-module-shadowing`](https://docs.astral.sh/ruff/rules/stdlib-module-shadowing/).\n\nIn preview mode the default value is `false` rather than `true`.", + "description": "DEPRECATED: This option has been renamed to `strict-checking`. Use `strict-checking` instead.\n\nCompare module names instead of full module paths.\n\nThis option is ignored if both `strict-checking` and `builtins-strict-checking` are set.", + "deprecated": true, + "type": ["boolean", "null"] + }, + "ignorelist": { + "description": "Ignore list of builtins.", + "type": ["array", "null"], + "items": { + "type": "string" + } + }, + "strict-checking": { + "description": "Compare module names instead of full module paths.\n\nUsed by [`A005` - `stdlib-module-shadowing`](https://docs.astral.sh/ruff/rules/stdlib-module-shadowing/).", "type": ["boolean", "null"] } }, @@ -2305,6 +2340,7 @@ "properties": { "allowed-markup-calls": { "description": "A list of callable names, whose result may be safely passed into [`markupsafe.Markup`](https://markupsafe.palletsprojects.com/en/stable/escaping/#markupsafe.Markup).\n\nExpects to receive a list of fully-qualified names (e.g., `bleach.clean`, rather than `clean`).\n\nThis setting helps you avoid false positives in code like:\n\n```python from bleach import clean from markupsafe import Markup\n\ncleaned_markup = Markup(clean(some_user_input)) ```\n\nWhere the use of [`bleach.clean`](https://bleach.readthedocs.io/en/latest/clean.html) usually ensures that there's no XSS vulnerability.\n\nAlthough it is not recommended, you may also use this setting to whitelist other kinds of calls, e.g. calls to i18n translation functions, where how safe that is will depend on the implementation and how well the translations are audited.\n\nAnother common use-case is to wrap the output of functions that generate markup like [`xml.etree.ElementTree.tostring`](https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.tostring) or template rendering engines where sanitization of potential user input is either already baked in or has to happen before rendering.", + "deprecated": true, "type": ["array", "null"], "items": { "type": "string" @@ -2312,6 +2348,7 @@ }, "extend-markup-names": { "description": "A list of additional callable names that behave like [`markupsafe.Markup`](https://markupsafe.palletsprojects.com/en/stable/escaping/#markupsafe.Markup).\n\nExpects to receive a list of fully-qualified names (e.g., `webhelpers.html.literal`, rather than `literal`).", + "deprecated": true, "type": ["array", "null"], "items": { "type": "string" @@ -3398,7 +3435,6 @@ "RUF032", "RUF033", "RUF034", - "RUF035", "RUF036", "RUF037", "RUF038", @@ -3520,6 +3556,7 @@ "S70", "S701", "S702", + "S704", "SIM", "SIM1", "SIM10", From 7ffd3a736523abda754d2a5e165157573cf61283 Mon Sep 17 00:00:00 2001 From: yassun7010 <47286750+yassun7010@users.noreply.github.com> Date: Fri, 14 Mar 2025 07:28:47 +0900 Subject: [PATCH 2/3] Update tool (#4564) Co-authored-by: yassun7010 --- src/schemas/json/pyproject.json | 62 ++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/src/schemas/json/pyproject.json b/src/schemas/json/pyproject.json index ae9208df132..dbc6903bcd7 100644 --- a/src/schemas/json/pyproject.json +++ b/src/schemas/json/pyproject.json @@ -870,48 +870,74 @@ "x-tombi-table-keys-order": "ascending", "properties": { "black": { - "$ref": "https://json.schemastore.org/partial-black.json" + "$ref": "https://json.schemastore.org/partial-black.json", + "title": "Code Formatter", + "description": "The uncompromising Python code formatter." }, "cibuildwheel": { - "$ref": "https://json.schemastore.org/partial-cibuildwheel.json" + "$ref": "https://json.schemastore.org/partial-cibuildwheel.json", + "title": "Wheel Builder", + "description": "Build Python wheels for all platforms." }, "mypy": { - "$ref": "https://json.schemastore.org/partial-mypy.json" + "$ref": "https://json.schemastore.org/partial-mypy.json", + "title": "Static Type Checker", + "description": "Optional static typing for Python." }, "ruff": { - "$ref": "https://json.schemastore.org/ruff.json" + "$ref": "https://json.schemastore.org/ruff.json", + "title": "Linter and Formatter", + "description": "An extremely fast Python linter and formatter, written in Rust." }, "hatch": { - "$ref": "https://json.schemastore.org/hatch.json" + "$ref": "https://json.schemastore.org/hatch.json", + "title": "Project Manager", + "description": "Modern, extensible Python project management." }, "maturin": { "$ref": "https://json.schemastore.org/maturin.json", - "title": "Maturin", + "title": "Rust-Python Package Builder", "description": "Build and publish crates with pyo3, cffi and uniffi bindings as well as rust binaries as python packages" }, "scikit-build": { - "$ref": "https://json.schemastore.org/partial-scikit-build.json" + "$ref": "https://json.schemastore.org/partial-scikit-build.json", + "title": "Build System Generator", + "description": "Improved build system generator for Python C/C++/Fortran extensions" }, "setuptools": { - "$ref": "https://json.schemastore.org/partial-setuptools.json" + "$ref": "https://json.schemastore.org/partial-setuptools.json", + "title": "Package Manager", + "description": "Easily download, build, install, upgrade, and uninstall Python packages." }, "setuptools_scm": { - "$ref": "https://json.schemastore.org/partial-setuptools-scm.json" + "$ref": "https://json.schemastore.org/partial-setuptools-scm.json", + "title": "Version Manager", + "description": "Manage Python package versions using SCM (e.g. Git)." }, "poe": { - "$ref": "https://json.schemastore.org/partial-poe.json" + "$ref": "https://json.schemastore.org/partial-poe.json", + "title": "Task Runner", + "description": "A task runner that works well with pyproject.toml files." }, "poetry": { - "$ref": "https://json.schemastore.org/partial-poetry.json" + "$ref": "https://json.schemastore.org/partial-poetry.json", + "title": "Package Manager", + "description": "Python dependency management and packaging made easy." }, "pdm": { - "$ref": "https://json.schemastore.org/partial-pdm.json" + "$ref": "https://json.schemastore.org/partial-pdm.json", + "title": "Package Manager", + "description": "A modern Python package manager with PEP 621 support." }, "pyright": { - "$ref": "https://json.schemastore.org/partial-pyright.json" + "$ref": "https://json.schemastore.org/partial-pyright.json", + "title": "Static Type Checker", + "description": "Static type checker for Python." }, "repo-review": { - "$ref": "https://json.schemastore.org/partial-repo-review.json" + "$ref": "https://json.schemastore.org/partial-repo-review.json", + "title": "Repository Reviewer", + "description": "Review a repository for best practices." }, "taskipy": { "$ref": "https://json.schemastore.org/partial-taskipy.json", @@ -924,10 +950,14 @@ "description": "Tombi (鳶) is a toolkit for TOML; providing a formatter/linter and language server" }, "tox": { - "$ref": "https://json.schemastore.org/partial-tox.json" + "$ref": "https://json.schemastore.org/partial-tox.json", + "title": "Testing Framework", + "description": "Standardized automated testing of Python packages" }, "uv": { - "$ref": "https://json.schemastore.org/uv.json" + "$ref": "https://json.schemastore.org/uv.json", + "title": "Package Manager", + "description": "An extremely fast Python package installer and resolver, written in Rust." } }, "examples": [ From 207f6fd99bd79d49f0560d0ee17fbddde7e2dc19 Mon Sep 17 00:00:00 2001 From: john-s-lin <66440371+john-s-lin@users.noreply.github.com> Date: Thu, 13 Mar 2025 19:42:47 -0400 Subject: [PATCH 3/3] feat: add uv to dependabot 2.0 schema (#4563) --- src/schemas/json/dependabot-2.0.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/schemas/json/dependabot-2.0.json b/src/schemas/json/dependabot-2.0.json index 9dc39990853..05a79e89c6e 100644 --- a/src/schemas/json/dependabot-2.0.json +++ b/src/schemas/json/dependabot-2.0.json @@ -666,7 +666,8 @@ "pip", "pub", "swift", - "terraform" + "terraform", + "uv" ] }, "schedule-day": {