pre-commit fixes

Author: dainnilsson

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/astral-sh/ruff-pre-commit
-  rev: v0.14.10
+  rev: v0.15.7
   hooks:
     # Run the linter, organize imports
     - id: ruff-check
@@ -14,7 +14,7 @@ repos:
       exclude: ^(tests/|docs/)  # keep in sync with mypy.ini
       additional_dependencies: []
 - repo: https://github.com/RobertCraigie/pyright-python
-  rev: v1.1.407
+  rev: v1.1.408
   hooks:
     - id: pyright
 - repo: local

pyproject.toml

@@ -27,7 +27,7 @@ dependencies = [
 
 [dependency-groups]
 dev = [
-    "pytest>=8.0,<9",
+    "pytest>=8.0,<10",
     "makefun>=1.9.5,<2",
     "pyinstaller>=6.10,<7",
     "sphinx>=7.4,<8",
@@ -70,3 +70,13 @@ venvPath = "."
 venv = ".venv"
 exclude = ["tests/", "docs/"]
 reportPrivateImportUsage = false
+
+[tool.ty.src]
+exclude = ["docs"]
+
+[[tool.ty.overrides]]
+include = ["tests/**", "**/test_*.py"]
+
+[tool.ty.overrides.rules]
+unresolved-attribute = "ignore"
+invalid-argument-type = "ignore"

tests/device/cli/conftest.py

@@ -3,7 +3,6 @@
 
 import pytest
 from click.testing import CliRunner
-
 from ykman._cli.__main__ import cli
 from ykman._cli.util import CliFail
 from yubikit.core import TRANSPORT
@@ -21,7 +20,7 @@ def _ykman_cli(*argv, **kwargs):
         if result.exit_code != 0:
             if isinstance(result.exception, CliFail):
                 raise SystemExit()
-            raise result.exception
+            raise result.exception  # ty:ignore[invalid-raise]
         return result
 
     if device.transport == TRANSPORT.NFC:

tests/device/condition.py

@@ -55,8 +55,10 @@ def has_transport(transport):
 
 def capability(capability, transport=None):
     return check(
-        lambda info, device: capability
-        in info.config.enabled_capabilities.get(transport or device.transport, []),
+        lambda info, device: (
+            capability
+            in info.config.enabled_capabilities.get(transport or device.transport, [])
+        ),
         f"Requires {capability}",
     )
 

tests/test_device.py

@@ -17,7 +17,7 @@
     serial=None,
     version=Version(5, 3, 0),
     form_factor=FORM_FACTOR.USB_A_KEYCHAIN,
-    supported_capabilities={TRANSPORT.USB: CAPABILITY(0xFF)},  # type: ignore
+    supported_capabilities={TRANSPORT.USB: CAPABILITY(0xFF)},
     is_locked=False,
     is_fips=False,
 )

tests/test_util.py

@@ -3,7 +3,6 @@
 import re
 
 import pytest
-
 from ykman import __version__ as version
 from ykman.otp import format_oath_code, generate_static_pw, time_challenge
 from ykman.util import (
@@ -208,4 +207,4 @@ def test_form_factor_from_code(code, expected):
 
 def test_form_factor_from_code_rejects_invalid_type():
     with pytest.raises(ValueError):
-        FORM_FACTOR.from_code("im a string")  # type: ignore[arg-type]
+        FORM_FACTOR.from_code("im a string")

uv.lock

@@ -27,6 +27,7 @@
 
 import logging
 from datetime import datetime, timezone
+from typing import Any
 
 from yubikit.core.smartcard import (
     AID,
@@ -129,7 +130,7 @@ def get_openpgp_info(session: OpenPgpSession):
     data = session.get_application_related_data()
     discretionary = data.discretionary
     retries = discretionary.pw_status
-    info = {
+    info: dict[str, Any] = {
         "OpenPGP version": "%d.%d" % data.aid.version,
         "Application version": "%d.%d.%d" % session.version,
         "PIN tries remaining": retries.attempts_user,

ykman/openpgp.py

@@ -153,8 +153,7 @@ def __new__(cls, kid_or_data: int | bytes, kvn: int | None = None):
                 raise ValueError("kvn can only be provided if kid_or_data is a kid")
             data = kid_or_data
 
-        # mypy thinks this is wrong
-        return super(KeyRef, cls).__new__(cls, data)  # type: ignore
+        return super(KeyRef, cls).__new__(cls, data)
 
     def __init__(self, kid_or_data: int | bytes, kvn: int | None = None):
         if len(self) != 2:
@@ -354,7 +353,7 @@ def scp11_init(
         # GPC v2.3 Amendment F (SCP11) v1.3 §3.1.2 Key Derivation
         key_agreement_data = data + epk_sd_ecka_tlv
         sharedinfo = key_usage + key_type + key_len
-        keys = X963KDF(hashes.SHA256(), 5 * key_len[0], sharedinfo).derive(
+        keybytes = X963KDF(hashes.SHA256(), 5 * key_len[0], sharedinfo).derive(
             esk_oce_ecka.exchange(
                 ec.ECDH(),
                 ec.EllipticCurvePublicKey.from_encoded_point(
@@ -366,7 +365,7 @@ def scp11_init(
 
         # 5 keys were derived, one for verification of receipt
         ln = key_len[0]
-        keys = [keys[i : i + ln] for i in range(0, ln * 5, ln)]
+        keys = [keybytes[i : i + ln] for i in range(0, ln * 5, ln)]
         c = cmac.CMAC(algorithms.AES(keys.pop(0)))
         c.update(key_agreement_data)
         c.verify(receipt)

yubikit/core/smartcard/scp.py

@@ -417,8 +417,7 @@ class KEY_STATUS(IntEnum):
 PrivateKey: TypeAlias = rsa.RSAPrivateKeyWithSerialization | EcPrivateKey
 
 
-# mypy doesn't handle abstract dataclasses well
-@dataclass  # type: ignore[misc]
+@dataclass
 class AlgorithmAttributes(abc.ABC):
     """OpenPGP key algorithm attributes."""
 
@@ -686,8 +685,7 @@ def parse(cls, encoded: bytes) -> SecuritySupportTemplate:
         return cls(bytes2int(data[TAG_SIGNATURE_COUNTER]))
 
 
-# mypy doesn't handle abstract dataclasses well
-@dataclass  # type: ignore[misc]
+@dataclass
 class Kdf(abc.ABC):
     algorithm: ClassVar[int]
 
@@ -821,8 +819,7 @@ def __bytes__(self):
         )
 
 
-# mypy doesn't handle abstract dataclasses well
-@dataclass  # type: ignore[misc]
+@dataclass
 class PrivateKeyTemplate(abc.ABC):
     crt: CRT