This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 67de1b9 Update pyright and fix types to conform to its stricter
checking
67de1b9 is described below
commit 67de1b9e88bcc98eff342d509d4b8eafe3c9fc30
Author: Sean B. Palmer <[email protected]>
AuthorDate: Thu Jan 8 15:33:44 2026 +0000
Update pyright and fix types to conform to its stricter checking
---
atr/sbom/osv.py | 8 ++++----
uv.lock | 14 +++++++-------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/atr/sbom/osv.py b/atr/sbom/osv.py
index 78ccc38..4cba5c6 100644
--- a/atr/sbom/osv.py
+++ b/atr/sbom/osv.py
@@ -212,7 +212,8 @@ async def _fetch_vulnerability_details(
print(f"[DEBUG] Fetching details for {vuln_id}")
async with session.get(f"{_OSV_API_BASE}/vulns/{vuln_id}") as response:
response.raise_for_status()
- return await response.json()
+ data = await response.json()
+ return models.osv.VulnerabilityDetails.model_validate(data)
def _get_source(vuln: models.osv.VulnerabilityDetails) -> dict[str, str]:
@@ -309,7 +310,7 @@ async def _scan_bundle_populate_vulnerabilities(
) -> None:
details_cache: dict[str, models.osv.VulnerabilityDetails] = {}
for vulns in component_vulns_map.values():
- for vuln in vulns:
+ for i, vuln in enumerate(vulns):
vuln_id = vuln.id
if not vuln_id:
continue
@@ -317,7 +318,6 @@ async def _scan_bundle_populate_vulnerabilities(
if details is None:
details = await _fetch_vulnerability_details(session, vuln_id)
details_cache[vuln_id] = details
- vuln.__dict__.clear()
- vuln.__dict__.update(details)
+ vulns[i] = details
if _DEBUG:
print(f"[DEBUG] Fetched details for {len(details_cache)} unique
vulnerabilities")
diff --git a/uv.lock b/uv.lock
index 3886ddb..aabd877 100644
--- a/uv.lock
+++ b/uv.lock
@@ -3,7 +3,7 @@ revision = 3
requires-python = "==3.13.*"
[options]
-exclude-newer = "2026-01-07T19:52:05Z"
+exclude-newer = "2026-01-08T15:20:42Z"
[[package]]
name = "aiofiles"
@@ -1050,11 +1050,11 @@ wheels = [
[[package]]
name = "pathspec"
-version = "1.0.1"
+version = "1.0.2"
source = { registry = "https://pypi.org/simple"; }
-sdist = { url =
"https://files.pythonhosted.org/packages/28/2e/83722ece0f6ee24387d6cb830dd562ddbcd6ce0b9d76072c6849670c31b4/pathspec-1.0.1.tar.gz";,
hash =
"sha256:e2769b508d0dd47b09af6ee2c75b2744a2cb1f474ae4b1494fd6a1b7a841613c", size
= 129791, upload-time = "2026-01-06T13:02:55.15Z" }
+sdist = { url =
"https://files.pythonhosted.org/packages/41/b9/6eb731b52f132181a9144bbe77ff82117f6b2d2fbfba49aaab2c014c4760/pathspec-1.0.2.tar.gz";,
hash =
"sha256:fa32b1eb775ed9ba8d599b22c5f906dc098113989da2c00bf8b210078ca7fb92", size
= 130502, upload-time = "2026-01-08T04:33:27.613Z" }
wheels = [
- { url =
"https://files.pythonhosted.org/packages/d2/fe/2257c71721aeab6a6e8aa1f00d01f2a20f58547d249a6c8fef5791f559fc/pathspec-1.0.1-py3-none-any.whl";,
hash =
"sha256:8870061f22c58e6d83463cfce9a7dd6eca0512c772c1001fb09ac64091816721", size
= 54584, upload-time = "2026-01-06T13:02:53.601Z" },
+ { url =
"https://files.pythonhosted.org/packages/78/6b/14fc9049d78435fd29e82846c777bd7ed9c470013dc8d0260fff3ff1c11e/pathspec-1.0.2-py3-none-any.whl";,
hash =
"sha256:62f8558917908d237d399b9b338ef455a814801a4688bc41074b25feefd93472", size
= 54844, upload-time = "2026-01-08T04:33:26.4Z" },
]
[[package]]
@@ -1356,15 +1356,15 @@ wheels = [
[[package]]
name = "pyright"
-version = "1.1.407"
+version = "1.1.408"
source = { registry = "https://pypi.org/simple"; }
dependencies = [
{ name = "nodeenv" },
{ name = "typing-extensions" },
]
-sdist = { url =
"https://files.pythonhosted.org/packages/a6/1b/0aa08ee42948b61745ac5b5b5ccaec4669e8884b53d31c8ec20b2fcd6b6f/pyright-1.1.407.tar.gz";,
hash =
"sha256:099674dba5c10489832d4a4b2d302636152a9a42d317986c38474c76fe562262", size
= 4122872, upload-time = "2025-10-24T23:17:15.145Z" }
+sdist = { url =
"https://files.pythonhosted.org/packages/74/b2/5db700e52554b8f025faa9c3c624c59f1f6c8841ba81ab97641b54322f16/pyright-1.1.408.tar.gz";,
hash =
"sha256:f28f2321f96852fa50b5829ea492f6adb0e6954568d1caa3f3af3a5f555eb684", size
= 4400578, upload-time = "2026-01-08T08:07:38.795Z" }
wheels = [
- { url =
"https://files.pythonhosted.org/packages/dc/93/b69052907d032b00c40cb656d21438ec00b3a471733de137a3f65a49a0a0/pyright-1.1.407-py3-none-any.whl";,
hash =
"sha256:6dd419f54fcc13f03b52285796d65e639786373f433e243f8b94cf93a7444d21", size
= 5997008, upload-time = "2025-10-24T23:17:13.159Z" },
+ { url =
"https://files.pythonhosted.org/packages/0c/82/a2c93e32800940d9573fb28c346772a14778b84ba7524e691b324620ab89/pyright-1.1.408-py3-none-any.whl";,
hash =
"sha256:090b32865f4fdb1e0e6cd82bf5618480d48eecd2eb2e70f960982a3d9a4c17c1", size
= 6399144, upload-time = "2026-01-08T08:07:37.082Z" },
]
[[package]]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
