chore: release v0.2.2 with lock file support (#23)

* docs: update README and CHANGELOG for lock file support

- Add lock file support to features in main README
- Update CHANGELOG with PyPI support and lock file parsing
- Add lock file feature to deps-core, deps-cargo, deps-npm, deps-pypi READMEs

* chore: bump version to 0.2.2

Author: bug-ops

CHANGELOG.md

@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.2] - 2025-12-23
+
+### Added
+- **Lock file support** — Resolved versions from lock files
+  - Cargo.lock parsing with version extraction
+  - package-lock.json v2/v3 parsing for npm
+  - poetry.lock and uv.lock parsing for PyPI
+  - Hover shows resolved version from lock file
+  - Inlay hints compare resolved version vs latest
+- **PyPI/pyproject.toml support** — Full ecosystem support for Python packages
+  - PEP 621 format (`[project.dependencies]`)
+  - PEP 735 dependency groups (`[dependency-groups]`)
+  - Poetry format (`[tool.poetry.dependencies]`)
+  - Package name autocomplete from PyPI registry
+  - Version hints and diagnostics
+
+### Fixed
+- PyPI parser: Correct version range position for normalized specifiers (pep508 adds spaces)
+
 ## [0.2.1] - 2025-12-22
 
 ### Fixed
@@ -79,7 +98,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - TLS enforced via rustls
 - cargo-deny configured for vulnerability scanning
 
-[Unreleased]: https://github.com/bug-ops/deps-lsp/compare/v0.2.1...HEAD
+[Unreleased]: https://github.com/bug-ops/deps-lsp/compare/v0.2.2...HEAD
+[0.2.2]: https://github.com/bug-ops/deps-lsp/compare/v0.2.1...v0.2.2
 [0.2.1]: https://github.com/bug-ops/deps-lsp/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/bug-ops/deps-lsp/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/bug-ops/deps-lsp/releases/tag/v0.1.0

Cargo.lock

@@ -4,7 +4,7 @@ exclude = ["crates/deps-zed"]
 resolver = "2"
 
 [workspace.package]
-version = "0.2.1"
+version = "0.2.2"
 edition = "2024"
 rust-version = "1.89"
 authors = ["Andrei G"]
@@ -15,11 +15,11 @@ repository = "https://github.com/bug-ops/deps-lsp"
 async-trait = "0.1"
 criterion = "0.8"
 dashmap = "6.1"
-deps-core = { version = "0.2.1", path = "crates/deps-core" }
-deps-cargo = { version = "0.2.1", path = "crates/deps-cargo" }
-deps-npm = { version = "0.2.1", path = "crates/deps-npm" }
-deps-pypi = { version = "0.2.1", path = "crates/deps-pypi" }
-deps-lsp = { version = "0.2.1", path = "crates/deps-lsp" }
+deps-core = { version = "0.2.2", path = "crates/deps-core" }
+deps-cargo = { version = "0.2.2", path = "crates/deps-cargo" }
+deps-npm = { version = "0.2.2", path = "crates/deps-npm" }
+deps-pypi = { version = "0.2.2", path = "crates/deps-pypi" }
+deps-lsp = { version = "0.2.2", path = "crates/deps-lsp" }
 futures = "0.3"
 insta = "1"
 mockito = "1"

Cargo.toml

@@ -14,8 +14,9 @@ A universal Language Server Protocol (LSP) server for dependency management acro
 
 - **Intelligent Autocomplete** — Package names, versions, and feature flags
 - **Version Hints** — Inlay hints showing latest available versions
+- **Lock File Support** — Reads resolved versions from Cargo.lock, package-lock.json, poetry.lock, uv.lock
 - **Diagnostics** — Warnings for outdated, unknown, or yanked dependencies
-- **Hover Information** — Package descriptions, links to documentation
+- **Hover Information** — Package descriptions with resolved version from lock file
 - **Code Actions** — Quick fixes to update dependencies
 
 ![deps-lsp in action](https://raw.githubusercontent.com/bug-ops/deps-zed/main/assets/img.png)

README.md

@@ -12,6 +12,7 @@ This crate provides parsing and registry integration for Rust's Cargo ecosystem.
 ## Features
 
 - **TOML Parsing** — Parse `Cargo.toml` with position tracking using `toml_edit`
+- **Lock File Parsing** — Extract resolved versions from `Cargo.lock`
 - **crates.io Registry** — Sparse index client for package metadata
 - **Version Resolution** — Semver-aware version matching
 - **Workspace Support** — Handle `workspace.dependencies` inheritance

crates/deps-cargo/README.md

@@ -12,7 +12,8 @@ This crate provides the shared infrastructure used by ecosystem-specific crates
 ## Features
 
 - **EcosystemHandler Trait** — Unified interface for all package ecosystems
-- **Generic LSP Handlers** — `generate_inlay_hints`, `generate_hover_info`, `generate_code_actions`, `generate_diagnostics`
+- **LockFileProvider Trait** — Abstract lock file parsing for resolved versions
+- **Generic LSP Handlers** — `generate_inlay_hints`, `generate_hover`, `generate_code_actions`, `generate_diagnostics`
 - **HTTP Cache** — ETag/Last-Modified caching for registry requests
 - **Version Matchers** — Semver and PEP 440 version matching
 - **Error Types** — Unified error handling with `thiserror`

crates/deps-core/README.md

@@ -12,6 +12,7 @@ This crate provides parsing and registry integration for the npm ecosystem.
 ## Features
 
 - **JSON Parsing** — Parse `package.json` with position tracking
+- **Lock File Parsing** — Extract resolved versions from `package-lock.json` (v2/v3)
 - **npm Registry** — Client for npm registry API
 - **Version Resolution** — Node semver-aware version matching (`^`, `~`, ranges)
 - **Scoped Packages** — Support for `@scope/package` format

crates/deps-npm/README.md

@@ -14,6 +14,7 @@ This crate provides parsing and registry integration for Python's PyPI ecosystem
 - **PEP 621 Support** — Parse `[project.dependencies]` and `[project.optional-dependencies]`
 - **PEP 735 Support** — Parse `[dependency-groups]` (new standard)
 - **Poetry Support** — Parse `[tool.poetry.dependencies]` and groups
+- **Lock File Parsing** — Extract resolved versions from `poetry.lock` and `uv.lock`
 - **PEP 508 Parsing** — Handle complex dependency specifications with extras and markers
 - **PEP 440 Versions** — Validate and compare Python version specifiers
 - **PyPI API Client** — Fetch package metadata from PyPI JSON API