AST-146437: Enhance PyPI parser for all Python dependency formats#18
Open
cx-sumit-morchhale wants to merge 4 commits intomainfrom
Open
AST-146437: Enhance PyPI parser for all Python dependency formats#18cx-sumit-morchhale wants to merge 4 commits intomainfrom
cx-sumit-morchhale wants to merge 4 commits intomainfrom
Conversation
…cy formats - Add line continuation (\) support for pip-compile, pip-tools, uv export formats - Add --hash= option stripping for hashed requirements - Add pip CLI option skipping (-i, -r, -c, -e, -f, --index-url, etc.) - Add === arbitrary equality version operator support - Add URL requirement parsing (PEP 508: pkg @ https://...) - Add VCS requirement parsing (git+, hg+, svn+, bzr+ with #egg=) - Add constraints.txt / constraints-*.txt file pattern support - Add 15 new unit tests covering all new formats and edge cases - Add 8 new selector tests for file pattern matching - Add test fixtures for uv export, pip-freeze, and pip-compile formats - Zero regressions: all existing tests continue to pass Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Great job! No new security vulnerabilities introduced in this pull request |
Update all test fixture files and inline test content to use non-vulnerable package versions: - asgiref 3.7.2 → 3.8.1 - django 4.2.4 → 5.1.7 - pycryptodome 3.18.0 → 3.21.0 - sqlparse 0.4.2/0.4.4 → 0.5.3 - typing-extensions 4.7.1 → 4.12.2 - flask 2.0.1 → 3.1.0 - requests 2.28.0 → 2.32.3 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Relocate requirements-uv-export.txt, requirements-pip-freeze.txt, and requirements-pip-compile.txt to test/resources to follow existing project convention. Update test file paths accordingly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Django 5.1.7 → 5.2.13 (5.1 is EOL, 5.2.13 is latest LTS security release) - sqlparse 0.5.3 → 0.5.5 (latest stable with security fixes) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
\line continuations and--hash=sha256:...options used bypip-compile,pip-tools,uv export, andPoetry exportpkg @ https://...), VCS requirements (git+,hg+,svn+,bzr+with#egg=),===arbitrary equality operator, pip CLI options skipping (-i,-r,-c,-e,-f, etc.)constraints.txt/constraints-*.txtnow routes to PyPI parserFiles Changed
internal/parsers/pypi/pypi-parser.gointernal/parsers/pypi/pypi-parser_test.gopkg/parser/manifest-file-selector.goconstraints.txtpatternpkg/parser/manifest-file-selector_test.gointernal/testdata/requirements-uv-export.txtinternal/testdata/requirements-pip-freeze.txtinternal/testdata/requirements-pip-compile.txtTest plan
🤖 Generated with Claude Code