Merge branch 'main' into add_unfixable

Author: jhossbach

.gitignore

@@ -4,3 +4,5 @@ __pycache__/
 *.swp
 tags
 /build/
+
+.spyproject/

README.md

@@ -4,9 +4,12 @@
 [![Anaconda](https://anaconda.org/conda-forge/python-lsp-ruff/badges/version.svg)](https://anaconda.org/conda-forge/python-lsp-ruff)
 [![Python](https://github.com/python-lsp/python-lsp-ruff/actions/workflows/python.yml/badge.svg)](https://github.com/python-lsp/python-lsp-ruff/actions/workflows/python.yml)
 
-`python-lsp-ruff` is a plugin for `python-lsp-server` that adds linting, code action and formatting capabilities that are provided by [ruff](https://github.com/charliermarsh/ruff),
+`python-lsp-ruff` is a plugin for `python-lsp-server` that adds **linting**, **code actions** and **formatting** capabilities that are provided by [ruff](https://github.com/charliermarsh/ruff),
 an extremely fast Python linter and formatter written in Rust.
 
+Note that `ruff>0.4.5` ships with a built-in LSP server (and `ruff-lsp` before that), which allows linting, formatting and code actions.
+In contrast, this implementation adds `ruff` as a plugin for `pylsp` in addition to `pylsp`'s other functionalities (go-to support, ...).
+
 ## Install
 
 In the same `virtualenv` as `python-lsp-server`:

SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+
+## Supported Versions
+
+We normally support only the most recently released version with bug fixes, security updates and compatibility improvements.
+
+
+## Reporting a Vulnerability
+
+If you believe you've discovered a security vulnerability in this project, please open a new security advisory with [our GitHub repo's private vulnerability reporting](https://github.com/python-lsp/python-lsp-ruff/security/advisories/new).
+Please be sure to carefully document the vulnerability, including a summary, describing the impacts, identifying the line(s) of code affected, stating the conditions under which it is exploitable and including a minimal reproducible test case.
+Further information and advice or patches on how to mitigate it is always welcome.
+You can usually expect to hear back within 1 week, at which point we'll inform you of our evaluation of the vulnerability and what steps we plan to take, and will reach out if we need further clarification from you.
+We'll discuss and update the advisory thread, and are happy to update you on its status should you further inquire.
+While this is a volunteer project and we don't have financial compensation to offer, we can certainly publicly thank and credit you for your help if you would like.
+Thanks!

pylsp_ruff/plugin.py

@@ -10,6 +10,13 @@
 from subprocess import PIPE, Popen
 from typing import Dict, Generator, List, Optional
 
+if sys.platform == "win32":
+    from subprocess import CREATE_NO_WINDOW
+else:
+    # CREATE_NO_WINDOW flag only available on Windows.
+    # Set constant as default `Popen` `creationflag` kwarg value (`0`)
+    CREATE_NO_WINDOW = 0
+
 if sys.version_info >= (3, 11):
     import tomllib
 else:
@@ -502,7 +509,7 @@ def find_executable(executable) -> List[str]:
     # try the python module
     if cmd is None:
         if importlib.util.find_spec("ruff") is not None:
-            cmd = [sys.executable, "-m", "ruff"]
+            cmd = [sys.executable.replace("pythonw", "python"), "-m", "ruff"]
 
     # try system's ruff executable
     if cmd is None:
@@ -557,7 +564,7 @@ def run_ruff(
     cmd = [*find_executable(executable), str(subcommand), *arguments]
 
     log.debug(f"Calling {cmd} on '{document_path}'")
-    p = Popen(cmd, stdin=PIPE, stdout=PIPE)
+    p = Popen(cmd, stdin=PIPE, stdout=PIPE, creationflags=CREATE_NO_WINDOW)
     (stdout, _) = p.communicate(document_source.encode())
 
     if p.returncode != 0: