feat(python): Add support for astral UV

[knqyf263]

Description

Parse uv.lock to identify dependencies (example).

TODO

• Add new parser.
  • uv.lock contains dependencies for package - so parser should detect []Package and []Dependency.(check the case when 2 packages with different versions are used (if possible)
  • uv.lock contains root package (e.g. https://github.com/astral-sh/uv/blob/312eeb8f573d36f6df658f85ecadc52799647bb3/scripts/benchmark/uv.lock#L27). Can we detect that this is root package (e.g. from source field)?
  • fill Relationship field.
• add new analyzer.
  • If we can detect Root package from uv.lock file - we can use analyzer interface. If no - we need to use PostAnalyzer and detect root package from pyproject.toml file.
  • This is lock file, so we need to add it into TypeLockfiles (don't forget about TypeLanguages)
• add new type into purl package
• update driver for Python
• add unit and integration tests
• docs: update Python and overview pages

Discussed in #7647

[knqyf263]

I assigned it to @nikpivkin since he has time now, but @DmitriyLewen, please help him as you have more knowledge regarding lockfile analysis.

[knqyf263]

There are several things to do, like dependency tree, etc. @DmitriyLewen Can you make a list for him first?

[DmitriyLewen]

@knqyf263 @nikpivkin I added a TODO list to the issue description.
I'll update it if I remember anything else

[nikpivkin]

@DmitriyLewen Thanks!

[nikpivkin]

The list of direct dependencies and the root package can be retrieved from the lockfile. But, there is a concept of workspaces in uv that we can add support for later, so I implemented the analyzer as PostAnalyzer so that we can make fewer changes in the future.

[Aweptimum]

Was the documentation ever updated to reflect this? It's currently missing from the live site

[nikpivkin]

Hi @Aweptimum . v59.0 has not been released yet.