Type Annotations for RestrictedPython #303
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds type annotations to the RestrictedPython library to improve type safety and developer experience. The changes include comprehensive type annotations for classes, methods, and functions throughout the codebase, along with updates to support Python 3.14.
- Added complete type annotations to transformer.py including method signatures and return types
- Updated compile.py with proper type annotations using typing module imports
- Added version compatibility checks for Python 3.13+ and dropped Python 3.9 support
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tox.ini | Updated Python version references from 3.11 to 3.14 for testing environments |
| src/RestrictedPython/transformer.py | Added comprehensive type annotations to all methods and functions in the RestrictingNodeTransformer class |
| src/RestrictedPython/compile.py | Added type annotations and imports for compile functions with proper type aliases |
| src/RestrictedPython/_compat.py | Added version compatibility flags for Python 3.13 and 3.14 |
| src/RestrictedPython/Utilities.py | Added type annotations to the reorder function with proper collection types |
| setup.py | Updated Python version support, removed 3.9, added 3.14, and included typing metadata |
| .meta.toml | Updated test environment dependencies to use py314-datetime instead of py311-datetime |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
src/RestrictedPython/transformer.py
Outdated
| keywords=[]) | ||
|
|
||
| elif isinstance(slice_, ast.ExtSlice): | ||
| elif isinstance(slice_, ast.Tuple): |
There was a problem hiding this comment.
This code change from ast.ExtSlice to ast.Tuple may be incorrect. In Python 3.9+, ast.ExtSlice was deprecated and replaced with ast.Tuple, but this needs verification against the minimum Python version support. Since the PR drops Python 3.9 support and requires 3.10+, this change should be correct, but the comment on line 416 still mentions 'Index, Slice and ExtSlice' which is now outdated.
Copilot uses AI. Check for mistakes.
src/RestrictedPython/Utilities.py
Outdated
| def reorder(s: Iterable, with_: Iterable | None = None, | ||
| without: Iterable | None = None) -> Iterable: |
There was a problem hiding this comment.
The default value for without parameter is changed from () (empty tuple) to None, but the function implementation expects a sequence. This could cause runtime errors when without=None is passed and the function tries to iterate over it.
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| keywords=[]) | ||
|
|
||
| elif isinstance(slice_, ast.ExtSlice): | ||
| elif isinstance(slice_, (ast.Tuple, ast.ExtSlice)): |
There was a problem hiding this comment.
The condition isinstance(slice_, (ast.Tuple, ast.ExtSlice)) may be incorrect. In Python 3.9+, ast.ExtSlice was removed and its functionality merged into ast.Tuple. This change should be conditional based on Python version or simplified to handle the version differences properly.
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
The assertion is not correct. I just checked manually and ast.ExtSlice was deprecated in Python 3.9 but it is still documented as existing in 3.14.
| def visit_TryStar(self, node: ast.AST) -> ast.AST: | ||
| """Disallow `ExceptionGroup` due to a potential sandbox escape. | ||
| TODO: Type Annotation for node when dropping support | ||
| for Python < 3.11 should be ast.TryStar. | ||
| """ |
There was a problem hiding this comment.
Since Python 3.9 support has been dropped in this PR and the minimum version is now 3.10, the type annotation for node should be updated to ast.TryStar | None or a more specific type, as ast.TryStar was introduced in Python 3.11. The TODO comment should be addressed given the version requirement changes.
| def visit_TryStar(self, node: ast.AST) -> ast.AST: | |
| """Disallow `ExceptionGroup` due to a potential sandbox escape. | |
| TODO: Type Annotation for node when dropping support | |
| for Python < 3.11 should be ast.TryStar. | |
| """ | |
| def visit_TryStar(self, node: ast.TryStar) -> ast.AST: | |
| """Disallow `ExceptionGroup` due to a potential sandbox escape.""" |
Copilot uses AI. Check for mistakes.
|
Please do not unilaterally remove Python 3.9 support. This is done in concert with all other ZF packages. |
@dataflake as RestrictedPython is one of the most underlying Package in Zope, that is where removal of Python Versions that are EOL needs to start. I am not willing to add or accept Python 3.9 Support on RestrictedPython as soon as Pthon 3.14 Support is wanted. We sould follow https://devguide.python.org/versions/ recommendations and remove Version support as soon as EOL is reached. |
I disagree. We have always done it the other way around. Zope officially declares a Python version unsupported and after that its dependencies can drop it.
I appreciate your work but I really don't like the fact that you are forcing this issue without even asking anyone before. You do realize that e.g. the Plone 6.0 release series, which is in security support mode until the end of 2027, still uses Python 3.9? If you had told me beforehand that you were making work on Python 3.14 dependent on dropping 3.9 we could have planned for that. Or I would have said thank you, I'll just do it myself then. |
|
I have and will always do my best to preserve compatibility to base packages. Keeping 3.9 Support in unreasonable at the moment. As the Plone Community is moving towards typing support for all Packages, this Pull Requests adds typing Annotation and Python 3.14 Support. Yes we could have done that on seperate Pull requests, but rerssources are limited. And @dataflake saying that this was done with out asking anyone is untrue, I am at the Plone Conf sprint, where most of the underlying maintainace of Packages happen, and spoken and discussed it with relevant stakeholders. And also let me say that, I am very unhappy with the maintainance of this package. Before me no-one in the community has taken care of this package, even if all of Zope and Plone was depending on this package. I have invested several years or work getting it into maintainable shape and into continious maintainance. Yes that would not be able without the help of @icemac . But I am actually pretty annoyed if people delete almost one third of the documentation and history, because they feel it is not needed anymore, as versions has been dropped. Another example of this is that I invested a lot of work into make this package maintainable and understandable, with making the NodeTransformer as explicite as possible. And than someone thinks we can reduce the amount of unneccesary code by deleting and implicit calling of |
|
I have added Python 3.9 to be allow with this Pull Request, but I will not solve the errors of that Version. |
|
and for the Zope/Plone Support see https://plone.org/security/update-policy SO I do not see any reasoning for your argument in the first place. |
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| errors: list[str] | None = None, | ||
| warnings: list[str] | None = None, | ||
| used_names: dict[str, | ||
| str] | None = None): |
There was a problem hiding this comment.
The type annotation for used_names parameter is incorrect. Based on the context and usage patterns in the codebase, used_names should be dict[str, bool] not dict[str, str], as it maps variable names to boolean values indicating their usage.
| str] | None = None): | |
| bool] | None = None): |
Copilot uses AI. Check for mistakes.
| long_description=read('README.rst') + '\n' + read('CHANGES.rst'), | ||
| long_description_content_type='text/x-rst', | ||
| classifiers=[ | ||
| 'Development Status :: 6 - Mature', |
There was a problem hiding this comment.
The 'License :: OSI Approved :: Zope Public License' classifier was removed but should be retained as it provides important licensing information for package consumers.
| 'Development Status :: 6 - Mature', | |
| 'Development Status :: 6 - Mature', | |
| 'License :: OSI Approved :: Zope Public License', |
Copilot uses AI. Check for mistakes.
What I am reading is that you're not discussing with anyone involved in maintaining Zope itself or the Zope Foundation package ecosystem of nearly 300 packages. You're at the Plone conference and speaking to Plone package maintainers who provide you with input about their goals. I don't see any discussion to synchronize these goals with the Zope community, all I see is unilateral decisions and then a refusal to consider other standpoints.
Why did you not bring up these concerns when that happened and instead try to use it now as an example for how unnamed people other than you are bad at maintaining this package?
See above. |
|
I have now merged in |
3 participants
If your pull request closes an open issue, include the exact text below, immediately followed by the issue number. When your pull request gets merged, then that issue will close automatically.
Closes #