Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #69 +/- ##
==========================================
- Coverage 97.13% 97.03% -0.10%
==========================================
Files 12 12
Lines 697 709 +12
Branches 62 65 +3
==========================================
+ Hits 677 688 +11
Misses 18 18
- Partials 2 3 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
for more information, see https://pre-commit.ci
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on March 28
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| idx for idx in range(search_start, search_end) if old_dep_str in updated_lines[idx] | ||
| ] | ||
| if candidates: | ||
| dep_line_idx = min(candidates, key=lambda idx: abs(idx - dep_line_idx)) |
There was a problem hiding this comment.
Fallback search crash when no candidates found
Low Severity
When the fallback search at line 202 triggers because dep_line_idx >= len(updated_lines), but candidates is empty (no matching line found in the search range), dep_line_idx retains its original out-of-bounds value. Execution then falls through to updated_lines[dep_line_idx] at line 210, which raises an IndexError. The if candidates: guard on line 208 updates dep_line_idx only on success, leaving the invalid index untouched on failure.
| search_start = rev_line_idx | ||
| search_end = min(repo_end_idx + 1, len(updated_lines)) | ||
| candidates = [ | ||
| idx for idx in range(search_start, search_end) if old_dep_str in updated_lines[idx] |
There was a problem hiding this comment.
Substring search in fallback matches wrong dependency line
Medium Severity
The fallback candidate search uses old_dep_str in updated_lines[idx] (substring containment) to find the correct line for a dependency. When one dependency name is a prefix of another in the same hook (e.g., types-requests and types-requests-oauthlib), this matches multiple lines. The closest-to-dep_line_idx heuristic then picks the wrong line (the one nearest the ] closing bracket), and the subsequent replace call corrupts that unrelated dependency line. Before this change, the code would silently no-op on the wrong line; now it actively corrupts a different dependency.
1 participant
Note
Medium Risk
Touches dependency/tooling versions and Python compatibility (lockfile now targets
>=3.10), which can affect CI and contributor environments; core runtime logic changes are limited to config file rewriting heuristics.Overview
Improves
PreCommitHookConfig.update_pre_commit_repo_versionsto more robustly updateadditional_dependenciesby searching within the current repo block for the correct dependency line when the YAML parser’s line info doesn’t match the raw text (notably for flow-style multiline lists).Adds a new fixture and expands parametrized tests to cover the flow-style multiline
additional_dependenciescase.Bumps several dev/tooling versions (e.g.,
ruff-pre-commit,tox-ini-fmt) and refreshespdm.lock, including raising the lock targetrequires_pythonto>=3.10and updating multiple dev dependencies (e.g.,pytest,tox,mypy).Written by Cursor Bugbot for commit 959b0da. This will update automatically on new commits. Configure here.