Initial implementation of uploading with trusted publishing authentication #1194

takluyver · 2024-12-04T10:57:35Z

Fixes #999

This is quite rough - I suspect it needs some better error messages at least. But I figured I'd open it straight away to get comments on the overall structure. Does it make sense to have this logic in the auth.Resolver class, or should it be somewhere else?

sigmavirus24

Some early comments but I agree this belongs in the Resolver

twine/auth.py

sigmavirus24 · 2024-12-04T12:37:40Z

pyproject.toml

@@ -62,6 +62,7 @@ register = "twine.commands.register:main"

 [project.optional-dependencies]
 keyring = ["keyring >= 15.1"]
+oidc = ["id"]


Suggested change

oidc = ["id"]

trusted-publishing = ["id"]

twine/auth.py

sigmavirus24 · 2024-12-04T12:44:54Z

twine/auth.py

+
+            token_exchange_url = f"https://{repository_domain}/_/oidc/mint-token"
+
+            mint_token_resp = requests.post(


Using a session would be ideal. Better yet if we can share it with a Repository to get connection pooling and reuse for performance

This is happening before we construct Repository. I could make it so a session is made beforehand and passed in, but the Repository constructor modifies the session object, so that's a bit messy.

Do you think that's worth dealing with, or are you happy to have two sessions? Putting the two requests here in a session should be easy enough.

Yeah, I know the repository manages the session today. We could move that and the customization somewhere else. The repository manages it today because it was the only place to need a session. I'm not certain we need to share them, but it might be worth the effort.

twine/settings.py

pyproject.toml

takluyver · 2024-12-04T19:24:19Z

I've started reworking it without the explicit flag, as discussed, but I'm aware I still need to do the fallback to prompting for a token.

takluyver · 2024-12-04T21:02:54Z

I've made the fallback relatively narrow - only if we're not on a supported platform for trusted publishing - but demoted trusted publishing so a token in keyring or in ~/.pypirc has higher priority. So the only case left for the fallback is the interactive prompt, which is unlikely to be used on CI platforms.

webknjaz · 2024-12-05T23:31:35Z

I've made the fallback relatively narrow - only if we're not on a supported platform for trusted publishing - but demoted trusted publishing so a token in keyring or in ~/.pypirc has higher priority. So the only case left for the fallback is the interactive prompt, which is unlikely to be used on CI platforms.

@takluyver @woodruffw do you know if this would impact pypi-publish if we were to replace the autodetection logic with the new one in twine? Or would it not make sense unless #194 gets solved?

woodruffw · 2024-12-06T00:08:59Z

@takluyver @woodruffw do you know if this would impact pypi-publish if we were to replace the autodetection logic with the new one in twine? Or would it not make sense unless #194 gets solved?

I think it would indeed affect pypi-publish; I think ideally what would happen here is pypi-publish could use the behavior here directly.

I have no strong opinions on whether it makes sense to block that on #194 or not 🙂 -- I figure pypi-publish is already using twine as a CLI so it wouldn't hurt to keep doing so.

sigmavirus24 · 2024-12-06T01:08:54Z

One other note, please be sure to update our --version handling to include id and it's version string. Should be as easy as adding a string to a list

sigmavirus24

I think I'd be happy approving this as is right now. I'm not sure what other testing you've done for it though

twine/cli.py

tox.ini

…ation

takluyver · 2024-12-07T08:59:25Z

So far I've not actually tested this at all. I'll do some manual testing before it's merged by setting up a project to upload to TestPyPI.

How much of this is practical to test in twine's CI? Obviously I could mock out all the responses, but I'm never sure if a test like that is really worth much.

takluyver · 2024-12-07T20:58:58Z

Manual testing:

Successful upload (with --verbose flag) & files on TestPyPI.
Failure when trusted publishing is not set up correctly in CI
Failure when trusted publishing is not set up on PyPI

In between, I hit a separate error uploading (bad filetype), which #1198 should fix.

takluyver · 2024-12-07T21:38:29Z

One drawback I noticed of putting this below keyring in the priority order is that you get quite a long warning (including a traceback) to say that there's no keyring set up before it uses trusted publishing.

I'm roughly imagining that someone has a CI set up where keyring retrieves a token for PyPI (or another index) from some sort of secret manager. So I want that to still have precedence over trusted publishing, as another way to manually provide a token to twine. But maybe NoKeyringError, when there's no backend set up, should produce a smaller, less error-ish message?

sigmavirus24

LGTM. Would like @woodruffw or @di to give it a once over if they have time too as they know the PyPI/action side better than me

woodruffw · 2024-12-07T23:11:03Z

LGTM. Would like @woodruffw or @di to give it a once over if they have time too as they know the PyPI/action side better than me

I'll do a full review tomorrow!

di · 2024-12-07T23:48:50Z

Definitely can review on Monday!

takluyver · 2024-12-08T09:25:40Z

Thanks. 🙂

I've done as I mentioned yesterday and made a much smaller message on NoKeyringError. I realised there's already a brief info-level message if keyring can't be imported, and I think the case where it's installed but has no backend is quite similar to that.

woodruffw · 2024-12-09T18:57:22Z

Thanks @takluyver, this approach looks great to me! I'm going to try and do a TestPyPI deployment with this branch in a moment, to confirm that it works as well 🙂

woodruffw · 2024-12-09T19:10:20Z

Looks like the token exchange worked, although TestPyPI itself errored with a 400 for the actual upload (leaving the release created but empty): https://github.com/woodruffw-experiments/test-twine-tp/actions/runs/12242554831/job/34150133019

From the logs on TestPyPI:

takluyver · 2024-12-09T20:19:50Z

I think that's the issue same issue I ran into & fixed in #1198. There's a branch in my fork called oidc-debug-filetype which includes that fix on top of this branch; that's what I tested with.

woodruffw · 2024-12-09T20:37:06Z

I think that's the issue same issue I ran into & fixed in #1198. There's a branch in my fork called oidc-debug-filetype which includes that fix on top of this branch; that's what I tested with.

🤦 I totally neglected to check whether this tip was behind main:HEAD. That explains it!

woodruffw · 2024-12-09T20:38:43Z

Success! https://github.com/woodruffw-experiments/test-twine-tp/actions/runs/12243884164/job/34154409484

woodruffw

LGTM, thanks a ton @takluyver!

di

LGTM aside from two nits!

twine/auth.py

sigmavirus24 · 2024-12-11T01:27:52Z

I think that's three approvals and a successful test run, so I'm meeting this

takluyver · 2024-12-11T09:09:42Z

Thanks all!

changelog: manually fixup index: fix link to pypi/warehouse#1627 For unknown reasons, this redirect is not honored during linkcheck. changelog: record missing #1194 and #1200. These did not have changelog files; I've written and imported them locally. Signed-off-by: William Woodruff <william@yossarian.net>

Bumps [twine](https://github.com/pypa/twine) from 6.0.1 to 6.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 6.1.0 (2025-01-17)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Twine now has preliminary built-in support for <code>Trusted Publishing <https://docs.pypi.org/trusted-publishers/></code>_ as an authentication mechanism. (<code>[#1194](pypa/twine#1194) <https://github.com/pypa/twine/pull/1194></code>_)</li> </ul> <p>Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li> <p>Remove support for <code>egg</code> and <code>wininst</code> distribution types. These are not accepted by PyPI and not produced by any modern build-backends. (<code>[#1195](pypa/twine#1195) <https://github.com/pypa/twine/issues/1195></code>_)</p> </li> <li> <p>Twine no longer supports <code>.tar.bz2</code> source distributions. (<code>[#1200](pypa/twine#1200) <https://github.com/pypa/twine/pull/1200></code>_)</p> </li> </ul> <p>Misc ^^^^</p> <ul> <li> <p><code>packaging</code> is used instead of <code>pkginfo</code> for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. <code>packaging</code> version 24.0 or later is required. Support for metadata version 2.4 requires <code>packaging</code> 24.2 or later. <code>pkginfo</code> is not a dependency anymore. (<code>[#1180](pypa/twine#1180) <https://github.com/pypa/twine/issues/1180></code>_)</p> </li> <li> <p>Use <code>"source"</code> instead of <code>None</code> as <code>pyversion</code> for <code>sdist</code> uploads. This is what PyPI (and most likely other package indexes) expects. (<code>[#1191](pypa/twine#1191) <https://github.com/pypa/twine/issues/1191></code>_)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/aa3a910cdef8e0a3cb4e893f4c371b58015f52e0"><code>aa3a910</code></a> Update changelog for 6.1.0 (<a href="https://github.com/pypa/twine/issues/1214">#1214</a>)</li> <li><a href="https://github.com/pypa/twine/commit/440603423ac579946aec0c15b280c6ef44477400"><code>4406034</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1208">#1208</a> from dnicolodi/rm-setuptools</li> <li><a href="https://github.com/pypa/twine/commit/2ca55db34c537bbcb00e157e407320c1e5f8f08b"><code>2ca55db</code></a> Simplify generation of test packages used in test_check</li> <li><a href="https://github.com/pypa/twine/commit/bffd2963bbc9c321670eea659d30178000a7bae7"><code>bffd296</code></a> Move build_archive() from test_sdist to common helpers module</li> <li><a href="https://github.com/pypa/twine/commit/fd0646e12e25752d136f9520d7af0d108bc1f29e"><code>fd0646e</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1206">#1206</a> from dnicolodi/rm-binary-blobs-part1</li> <li><a href="https://github.com/pypa/twine/commit/ab4ec8cc0f926a935070731246905f3985ff735d"><code>ab4ec8c</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1211">#1211</a> from pypa/dependabot/github_actions/actions/upload-a...</li> <li><a href="https://github.com/pypa/twine/commit/b562f7422403b0cadff694d2e81b98cf2e28894f"><code>b562f74</code></a> build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0</li> <li><a href="https://github.com/pypa/twine/commit/b2832de88421edd0d11bfe2ceb53470e12f18bb2"><code>b2832de</code></a> Remove tests/fixtures/twine-1.5.0.zip</li> <li><a href="https://github.com/pypa/twine/commit/970851d9b188dc916e6d95083b1797bd6c277ce5"><code>970851d</code></a> Remove tests/alt-fixtures/twine-1.5.0-py2.py3-none-any.whl</li> <li><a href="https://github.com/pypa/twine/commit/2386ca5300cd7bde59432834d362c07de61e9a53"><code>2386ca5</code></a> build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (<a href="https://github.com/pypa/twine/issues/1205">#1205</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/6.0.1...6.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=6.0.1&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…/packages/jsii-pacmak/lib/targets/python (#4749) Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 6.1.0 (2025-01-17)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Twine now has preliminary built-in support for <code>Trusted Publishing <https://docs.pypi.org/trusted-publishers/></code>_ as an authentication mechanism. (<code>[#1194](pypa/twine#1194) <https://github.com/pypa/twine/pull/1194></code>_)</li> </ul> <p>Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li> <p>Remove support for <code>egg</code> and <code>wininst</code> distribution types. These are not accepted by PyPI and not produced by any modern build-backends. (<code>[#1195](pypa/twine#1195) <https://github.com/pypa/twine/issues/1195></code>_)</p> </li> <li> <p>Twine no longer supports <code>.tar.bz2</code> source distributions. (<code>[#1200](pypa/twine#1200) <https://github.com/pypa/twine/pull/1200></code>_)</p> </li> </ul> <p>Misc ^^^^</p> <ul> <li> <p><code>packaging</code> is used instead of <code>pkginfo</code> for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. <code>packaging</code> version 24.0 or later is required. Support for metadata version 2.4 requires <code>packaging</code> 24.2 or later. <code>pkginfo</code> is not a dependency anymore. (<code>[#1180](pypa/twine#1180) <https://github.com/pypa/twine/issues/1180></code>_)</p> </li> <li> <p>Use <code>"source"</code> instead of <code>None</code> as <code>pyversion</code> for <code>sdist</code> uploads. This is what PyPI (and most likely other package indexes) expects. (<code>[#1191](pypa/twine#1191) <https://github.com/pypa/twine/issues/1191></code>_)</p> </li> </ul> <h2>Twine 6.0.1 (2024-11-30)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Fixed a regression where <code>twine check</code> would fail to expand wildcards, e.g. <code>twine check 'dist/*'</code>. (<code>[#1188](pypa/twine#1188) <https://github.com/pypa/twine/issues/1188></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#1184](pypa/twine#1184) <https://github.com/pypa/twine/issues/1184></code>_</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/aa3a910cdef8e0a3cb4e893f4c371b58015f52e0"><code>aa3a910</code></a> Update changelog for 6.1.0 (<a href="https://github.com/pypa/twine/issues/1214">#1214</a>)</li> <li><a href="https://github.com/pypa/twine/commit/440603423ac579946aec0c15b280c6ef44477400"><code>4406034</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1208">#1208</a> from dnicolodi/rm-setuptools</li> <li><a href="https://github.com/pypa/twine/commit/2ca55db34c537bbcb00e157e407320c1e5f8f08b"><code>2ca55db</code></a> Simplify generation of test packages used in test_check</li> <li><a href="https://github.com/pypa/twine/commit/bffd2963bbc9c321670eea659d30178000a7bae7"><code>bffd296</code></a> Move build_archive() from test_sdist to common helpers module</li> <li><a href="https://github.com/pypa/twine/commit/fd0646e12e25752d136f9520d7af0d108bc1f29e"><code>fd0646e</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1206">#1206</a> from dnicolodi/rm-binary-blobs-part1</li> <li><a href="https://github.com/pypa/twine/commit/ab4ec8cc0f926a935070731246905f3985ff735d"><code>ab4ec8c</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1211">#1211</a> from pypa/dependabot/github_actions/actions/upload-a...</li> <li><a href="https://github.com/pypa/twine/commit/b562f7422403b0cadff694d2e81b98cf2e28894f"><code>b562f74</code></a> build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0</li> <li><a href="https://github.com/pypa/twine/commit/b2832de88421edd0d11bfe2ceb53470e12f18bb2"><code>b2832de</code></a> Remove tests/fixtures/twine-1.5.0.zip</li> <li><a href="https://github.com/pypa/twine/commit/970851d9b188dc916e6d95083b1797bd6c277ce5"><code>970851d</code></a> Remove tests/alt-fixtures/twine-1.5.0-py2.py3-none-any.whl</li> <li><a href="https://github.com/pypa/twine/commit/2386ca5300cd7bde59432834d362c07de61e9a53"><code>2386ca5</code></a> build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (<a href="https://github.com/pypa/twine/issues/1205">#1205</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/6.0.1...6.1.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [twine](https://github.com/pypa/twine) from 6.0.1 to 6.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 6.1.0 (2025-01-17)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Twine now has preliminary built-in support for <code>Trusted Publishing <https://docs.pypi.org/trusted-publishers/></code>_ as an authentication mechanism. (<code>[#1194](pypa/twine#1194) <https://github.com/pypa/twine/pull/1194></code>_)</li> </ul> <p>Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li> <p>Remove support for <code>egg</code> and <code>wininst</code> distribution types. These are not accepted by PyPI and not produced by any modern build-backends. (<code>[#1195](pypa/twine#1195) <https://github.com/pypa/twine/issues/1195></code>_)</p> </li> <li> <p>Twine no longer supports <code>.tar.bz2</code> source distributions. (<code>[#1200](pypa/twine#1200) <https://github.com/pypa/twine/pull/1200></code>_)</p> </li> </ul> <p>Misc ^^^^</p> <ul> <li> <p><code>packaging</code> is used instead of <code>pkginfo</code> for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. <code>packaging</code> version 24.0 or later is required. Support for metadata version 2.4 requires <code>packaging</code> 24.2 or later. <code>pkginfo</code> is not a dependency anymore. (<code>[#1180](pypa/twine#1180) <https://github.com/pypa/twine/issues/1180></code>_)</p> </li> <li> <p>Use <code>"source"</code> instead of <code>None</code> as <code>pyversion</code> for <code>sdist</code> uploads. This is what PyPI (and most likely other package indexes) expects. (<code>[#1191](pypa/twine#1191) <https://github.com/pypa/twine/issues/1191></code>_)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/aa3a910cdef8e0a3cb4e893f4c371b58015f52e0"><code>aa3a910</code></a> Update changelog for 6.1.0 (<a href="https://github.com/pypa/twine/issues/1214">#1214</a>)</li> <li><a href="https://github.com/pypa/twine/commit/440603423ac579946aec0c15b280c6ef44477400"><code>4406034</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1208">#1208</a> from dnicolodi/rm-setuptools</li> <li><a href="https://github.com/pypa/twine/commit/2ca55db34c537bbcb00e157e407320c1e5f8f08b"><code>2ca55db</code></a> Simplify generation of test packages used in test_check</li> <li><a href="https://github.com/pypa/twine/commit/bffd2963bbc9c321670eea659d30178000a7bae7"><code>bffd296</code></a> Move build_archive() from test_sdist to common helpers module</li> <li><a href="https://github.com/pypa/twine/commit/fd0646e12e25752d136f9520d7af0d108bc1f29e"><code>fd0646e</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1206">#1206</a> from dnicolodi/rm-binary-blobs-part1</li> <li><a href="https://github.com/pypa/twine/commit/ab4ec8cc0f926a935070731246905f3985ff735d"><code>ab4ec8c</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1211">#1211</a> from pypa/dependabot/github_actions/actions/upload-a...</li> <li><a href="https://github.com/pypa/twine/commit/b562f7422403b0cadff694d2e81b98cf2e28894f"><code>b562f74</code></a> build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0</li> <li><a href="https://github.com/pypa/twine/commit/b2832de88421edd0d11bfe2ceb53470e12f18bb2"><code>b2832de</code></a> Remove tests/fixtures/twine-1.5.0.zip</li> <li><a href="https://github.com/pypa/twine/commit/970851d9b188dc916e6d95083b1797bd6c277ce5"><code>970851d</code></a> Remove tests/alt-fixtures/twine-1.5.0-py2.py3-none-any.whl</li> <li><a href="https://github.com/pypa/twine/commit/2386ca5300cd7bde59432834d362c07de61e9a53"><code>2386ca5</code></a> build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (<a href="https://github.com/pypa/twine/issues/1205">#1205</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/6.0.1...6.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=6.0.1&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the python-root group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [flake8](https://github.com/pycqa/flake8) | `3.8.4` | `7.1.1` | | [isort](https://github.com/pycqa/isort) | `5.7.0` | `6.0.0` | | [build](https://github.com/pypa/build) | `0.3.0` | `1.2.2.post1` | | [twine](https://github.com/pypa/twine) | `3.3.0` | `6.1.0` | | [wheel](https://github.com/pypa/wheel) | `0.38.1` | `0.45.1` | | [setuptools](https://github.com/pypa/setuptools) | `70.0.0` | `75.8.0` | | [protobuf](https://github.com/protocolbuffers/protobuf) | `5.27.0` | `5.29.3` | | [jinja2](https://github.com/pallets/jinja) | `3.1.4` | `3.1.5` | Updates `flake8` from 3.8.4 to 7.1.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/flake8/commit/cf1542cefa3e766670b2066dd75c4571d682a649"><code>cf1542c</code></a> Release 7.1.1</li> <li><a href="https://github.com/PyCQA/flake8/commit/939ea3d8d9d5d7d9f348420036af52df74f5ca09"><code>939ea3d</code></a> Merge pull request <a href="https://github.com/pycqa/flake8/issues/1949">#1949</a> from stephenfin/issue-1948</li> <li><a href="https://github.com/PyCQA/flake8/commit/bdcd5c2c0afadaf7c92a4b26d96055cecdd38cf3"><code>bdcd5c2</code></a> Handle escaped braces in f-strings</li> <li><a href="https://github.com/PyCQA/flake8/commit/2a811cc4d2aaed3e8eb5a9f04f08ccc8af7c0791"><code>2a811cc</code></a> Merge pull request <a href="https://github.com/pycqa/flake8/issues/1946">#1946</a> from Viicos/patch-1</li> <li><a href="https://github.com/PyCQA/flake8/commit/10314ad9e5236f1ddf70cb25c2854c93c0840b66"><code>10314ad</code></a> Fix wording of plugins documentation</li> <li><a href="https://github.com/PyCQA/flake8/commit/65a38c42a7f1a05ff8d99b313160754fc9b7a0d8"><code>65a38c4</code></a> Release 7.1.0</li> <li><a href="https://github.com/PyCQA/flake8/commit/34c97e046a459b0682c82660f16c620369abd6b7"><code>34c97e0</code></a> Merge pull request <a href="https://github.com/pycqa/flake8/issues/1939">#1939</a> from PyCQA/new-pycodestyle</li> <li><a href="https://github.com/PyCQA/flake8/commit/defd315175b7b77472affb61a410e5720dabdc1a"><code>defd315</code></a> latest pycodestyle</li> <li><a href="https://github.com/PyCQA/flake8/commit/408d4d695c71b0b232cea576876e757c87a3379c"><code>408d4d6</code></a> Merge pull request <a href="https://github.com/pycqa/flake8/issues/1930">#1930</a> from mzagol/patch-1</li> <li><a href="https://github.com/PyCQA/flake8/commit/866ad729c64eea359960a8ac4e3f1201104ee55c"><code>866ad72</code></a> Add --extend-exclude to the TOC</li> <li>Additional commits viewable in <a href="https://github.com/pycqa/flake8/compare/3.8.4...7.1.1">compare view</a></li> </ul> </details> <br /> Updates `isort` from 5.7.0 to 6.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pycqa/isort/releases">isort's releases</a>.</em></p> <blockquote> <h2>6.0.0</h2> <h2>Changes</h2> <h2>:boom: Breaking Changes</h2> <ul> <li>Remove support for Python 3.8 (<a href="https://github.com/pycqa/isort/issues/2327">#2327</a>) <a href="https://github.com/DanielNoord"><code>@DanielNoord</code></a></li> </ul> <h2>:rocket: Features</h2> <ul> <li>Python 3.13 support (<a href="https://github.com/pycqa/isort/issues/2306">#2306</a>) <a href="https://github.com/mayty"><code>@mayty</code></a></li> <li>Updates round 3 (<a href="https://github.com/pycqa/isort/issues/2334">#2334</a>) <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a></li> <li>Speed up exists_case_sensitive calls (<a href="https://github.com/pycqa/isort/issues/2264">#2264</a>) <a href="https://github.com/correctmost"><code>@correctmost</code></a></li> <li>nit: Fix deprecation message link (<a href="https://github.com/pycqa/isort/issues/2220">#2220</a>) <a href="https://github.com/syou6162"><code>@syou6162</code></a></li> <li>Ensure that split_on_trailing_comma works with <code>as</code> imports (<a href="https://github.com/pycqa/isort/issues/2340">#2340</a>) <a href="https://github.com/DanielNoord"><code>@DanielNoord</code></a></li> <li>Black profile: enable magic comma (<a href="https://github.com/pycqa/isort/issues/2236">#2236</a>) <a href="https://github.com/MrMino"><code>@MrMino</code></a></li> <li>Fix google style test (<a href="https://github.com/pycqa/isort/issues/2336">#2336</a>) <a href="https://github.com/DanielNoord"><code>@DanielNoord</code></a></li> <li>Update line_length and single_line_exclusions in google profile (<a href="https://github.com/pycqa/isort/issues/2149">#2149</a>) <a href="https://github.com/jagapiou"><code>@jagapiou</code></a></li> <li>Updates round 2 (<a href="https://github.com/pycqa/isort/issues/2329">#2329</a>) <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a></li> <li>Dependency updates round 1 (<a href="https://github.com/pycqa/isort/issues/2325">#2325</a>) <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a></li> <li>Run <code>pre-commit autoupdate</code> (<a href="https://github.com/pycqa/isort/issues/2321">#2321</a>) <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a></li> </ul> <h2>:beetle: Fixes</h2> <ul> <li>Allow <code>--diff</code> to be used with <code>--jobs</code> (<a href="https://github.com/pycqa/isort/issues/2302">#2302</a>) <a href="https://github.com/mnakama"><code>@mnakama</code></a></li> <li><code>wemake</code> has 80 chars hard limit, not 79 (<a href="https://github.com/pycqa/isort/issues/2241">#2241</a>) <a href="https://github.com/sobolevn"><code>@sobolevn</code></a></li> <li>Fix errors on <code>main</code> (<a href="https://github.com/pycqa/isort/issues/2320">#2320</a>) <a href="https://github.com/DanielNoord"><code>@DanielNoord</code></a></li> <li>Fixed syntax error (<a href="https://github.com/pycqa/isort/issues/2289">#2289</a>) <a href="https://github.com/Sergio-prog"><code>@Sergio-prog</code></a></li> <li>fix: typo (<a href="https://github.com/pycqa/isort/issues/2298">#2298</a>) <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Fix <code>sort_reexports</code> code mangling (<a href="https://github.com/pycqa/isort/issues/2283">#2283</a>) <a href="https://github.com/Helveg"><code>@Helveg</code></a></li> <li>fix: correct group by package tokenization (<a href="https://github.com/pycqa/isort/issues/2136">#2136</a>) <a href="https://github.com/glasnt"><code>@glasnt</code></a></li> <li>Fix isort-action usage documentation (<a href="https://github.com/pycqa/isort/issues/2297">#2297</a>) <a href="https://github.com/jamescurtin"><code>@jamescurtin</code></a></li> <li>Fix CDN for Ace (<a href="https://github.com/pycqa/isort/issues/2127">#2127</a>) <a href="https://github.com/abitrolly"><code>@abitrolly</code></a></li> <li>Fix help text (<a href="https://github.com/pycqa/isort/issues/2229">#2229</a>) <a href="https://github.com/stweil"><code>@stweil</code></a></li> <li>docs: fix spelling mistake (<a href="https://github.com/pycqa/isort/issues/2249">#2249</a>) <a href="https://github.com/cachho"><code>@cachho</code></a></li> </ul> <h2>:construction_worker: Continuous Integration</h2> <ul> <li>UV replacement of Poetry (<a href="https://github.com/pycqa/isort/issues/2349">#2349</a>) <a href="https://github.com/staticdev"><code>@staticdev</code></a></li> <li>Make actions happy (<a href="https://github.com/pycqa/isort/issues/2311">#2311</a>) <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a></li> <li>Fix GitHub Actions badges (<a href="https://github.com/pycqa/isort/issues/2326">#2326</a>) <a href="https://github.com/hugovk"><code>@hugovk</code></a></li> <li>Eliminate <code>actions/cache@v2</code> usage (<a href="https://github.com/pycqa/isort/issues/2322">#2322</a>) <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a></li> <li>feat: add dependabot for GH action update (<a href="https://github.com/pycqa/isort/issues/2300">#2300</a>) <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Update stage names for <code>pre-commit</code> (<a href="https://github.com/pycqa/isort/issues/2296">#2296</a>) <a href="https://github.com/matthewhughes934"><code>@matthewhughes934</code></a></li> </ul> <h2>:package: Dependencies</h2> <ul> <li>Bump <code>poetry</code> to <code>2.0.1</code> (<a href="https://github.com/pycqa/isort/issues/2341">#2341</a>) <a href="https://github.com/DanielNoord"><code>@DanielNoord</code></a></li> <li>Fix misc unsafe dependencies (<a href="https://github.com/pycqa/isort/issues/2345">#2345</a>) <a href="https://github.com/staticdev"><code>@staticdev</code></a></li> <li>Bump the github-actions group across 1 directory with 5 updates (<a href="https://github.com/pycqa/isort/issues/2324">#2324</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump gitpython from 3.1.40 to 3.1.41 (<a href="https://github.com/pycqa/isort/issues/2223">#2223</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/isort/blob/main/CHANGELOG.md">isort's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>NOTE: isort follows the <a href="https://semver.org/">semver</a> versioning standard. Find out more about isort's release policy <a href="https://pycqa.github.io/isort/docs/major_releases/release_policy">here</a>.</p> <h3>5.13.2 December 13 2023</h3> <ul> <li>Apply the bracket fix from issue <a href="https://github.com/pycqa/isort/issues/471">#471</a> only for use_parentheses=True (<a href="https://github.com/pycqa/isort/issues/2184">#2184</a>) <a href="https://github.com/bp72"><code>@bp72</code></a></li> <li>Confine pre-commit to stages (<a href="https://github.com/pycqa/isort/issues/2213">#2213</a>) <a href="https://github.com/davidculley"><code>@davidculley</code></a></li> <li>Fixed colors extras (<a href="https://github.com/pycqa/isort/issues/2212">#2212</a>) <a href="https://github.com/staticdev"><code>@staticdev</code></a></li> </ul> <h3>5.13.1 December 11 2023</h3> <ul> <li>Fixed integration tests (<a href="https://github.com/pycqa/isort/issues/2208">#2208</a>) <a href="https://github.com/bp72"><code>@bp72</code></a></li> <li>Fixed normalizing imports from more than one level of parent modules (issue/2152) (<a href="https://github.com/pycqa/isort/issues/2191">#2191</a>) <a href="https://github.com/bp72"><code>@bp72</code></a></li> <li>Remove optional dependencies without extras (<a href="https://github.com/pycqa/isort/issues/2207">#2207</a>) <a href="https://github.com/staticdev"><code>@staticdev</code></a></li> </ul> <h3>5.13.0 December 9 2023</h3> <ul> <li>Cleanup deprecated extras (<a href="https://github.com/pycqa/isort/issues/2089">#2089</a>) <a href="https://github.com/staticdev"><code>@staticdev</code></a></li> <li>Fixed <a href="https://github.com/pycqa/isort/issues/1989">#1989</a>: settings lookup when working in stream based mode</li> <li>Fixed 80 line length for wemake linter (<a href="https://github.com/pycqa/isort/issues/2183">#2183</a>) <a href="https://github.com/skatromb"><code>@skatromb</code></a></li> <li>Add support for Python 3.12 (<a href="https://github.com/pycqa/isort/issues/2175">#2175</a>) <a href="https://github.com/hugovk"><code>@hugovk</code></a></li> <li>Fixed: add newest version to pre-commit docs (<a href="https://github.com/pycqa/isort/issues/2190">#2190</a>) <a href="https://github.com/AzulGarza"><code>@AzulGarza</code></a></li> <li>Fixed assertions in test_git_hook (<a href="https://github.com/pycqa/isort/issues/2196">#2196</a>) <a href="https://github.com/mgorny"><code>@mgorny</code></a></li> <li>Removed check for include_trailing_comma for the Hanging Indent wrap mode (<a href="https://github.com/pycqa/isort/issues/2192">#2192</a>) <a href="https://github.com/bp72"><code>@bp72</code></a></li> <li>Use the standard library tomllib on sufficiently new python (<a href="https://github.com/pycqa/isort/issues/2202">#2202</a>) <a href="https://github.com/eli-schwartz"><code>@eli-schwartz</code></a></li> <li>Update pre-commit.md version number (<a href="https://github.com/pycqa/isort/issues/2197">#2197</a>) <a href="https://github.com/nicobako"><code>@nicobako</code></a></li> <li>doc: Update black_compatibility.md (<a href="https://github.com/pycqa/isort/issues/2177">#2177</a>) <a href="https://github.com/JSS95"><code>@JSS95</code></a></li> <li>Fixed safety sept 2023 (<a href="https://github.com/pycqa/isort/issues/2178">#2178</a>) <a href="https://github.com/staticdev"><code>@staticdev</code></a></li> <li>docs: fix black profile documentation (<a href="https://github.com/pycqa/isort/issues/2163">#2163</a>) <a href="https://github.com/nijel"><code>@nijel</code></a></li> <li>Fixed typo: indended -> indented (<a href="https://github.com/pycqa/isort/issues/2161">#2161</a>) <a href="https://github.com/vadimkerr"><code>@vadimkerr</code></a></li> <li>Docs(configuration/options.md): fix missing trailing spaces for hard linebreak (<a href="https://github.com/pycqa/isort/issues/2157">#2157</a>) <a href="https://github.com/JoeyTeng"><code>@JoeyTeng</code></a></li> <li>Update pre-commit.md (<a href="https://github.com/pycqa/isort/issues/2148">#2148</a>) <a href="https://github.com/godiard"><code>@godiard</code></a></li> <li>chore: move configurations to pyproject.toml (<a href="https://github.com/pycqa/isort/issues/2115">#2115</a>) <a href="https://github.com/SauravMaheshkar"><code>@SauravMaheshkar</code></a></li> <li>Fixed typo in README (<a href="https://github.com/pycqa/isort/issues/2112">#2112</a>) <a href="https://github.com/stefmolin"><code>@stefmolin</code></a></li> <li>Update version in pre-commit setup to avoid installation issue with poetry (<a href="https://github.com/pycqa/isort/issues/2103">#2103</a>) <a href="https://github.com/stefmolin"><code>@stefmolin</code></a></li> <li>Skip .pytype directory by default. (<a href="https://github.com/pycqa/isort/issues/2098">#2098</a>) <a href="https://github.com/manueljacob"><code>@manueljacob</code></a></li> <li>Fixed a tip block styling in the Config Files section (<a href="https://github.com/pycqa/isort/issues/2097">#2097</a>) <a href="https://github.com/Klavionik"><code>@Klavionik</code></a></li> <li>Do not cache configuration files (<a href="https://github.com/pycqa/isort/issues/1995">#1995</a>) <a href="https://github.com/kaste"><code>@kaste</code></a></li> <li>Derive settings_path from --filename (<a href="https://github.com/pycqa/isort/issues/1992">#1992</a>) <a href="https://github.com/kaste"><code>@kaste</code></a></li> <li>Fixed year of version 5.12.0 in CHANGELOG.md (<a href="https://github.com/pycqa/isort/issues/2082">#2082</a>) <a href="https://github.com/DjLegolas"><code>@DjLegolas</code></a></li> </ul> <h3>5.12.0 January 28 2023</h3> <ul> <li>Removed support for Python 3.7</li> <li>Fixed incompatiblity with latest poetry version</li> <li>Added support for directory limitations within built in git hook</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/isort/commit/0a0b7a830386ba6a31c2ec8316849ae4d1b8240d"><code>0a0b7a8</code></a> 6.0.0</li> <li><a href="https://github.com/PyCQA/isort/commit/2d00730d48c2963a02c436f3353552ce24689a79"><code>2d00730</code></a> Merge pull request <a href="https://github.com/pycqa/isort/issues/2349">#2349</a> from PyCQA/revert-2347-revert-2346-ci/uv-replacement...</li> <li><a href="https://github.com/PyCQA/isort/commit/16bb0e2d9b7c42edccf4e1ab292d27e9da908e5c"><code>16bb0e2</code></a> Return user_options</li> <li><a href="https://github.com/PyCQA/isort/commit/73abbc8ec7cffc68d9e9c6c47935b46aed5b3665"><code>73abbc8</code></a> Fix dev and optional dependencies</li> <li><a href="https://github.com/PyCQA/isort/commit/8b3828d756d2a359d1b44021c132821ce5955bdf"><code>8b3828d</code></a> Pin UV version</li> <li><a href="https://github.com/PyCQA/isort/commit/02258755eb35111700745a47cce907865c67021a"><code>0225875</code></a> Remove pip and virtualenv usage</li> <li><a href="https://github.com/PyCQA/isort/commit/3d49bc0c44392100bf04b46014fdfc1e9c276f36"><code>3d49bc0</code></a> Revert "Revert "UV replacement of Poetry""</li> <li><a href="https://github.com/PyCQA/isort/commit/b3760ab1b8844fd4a2c59adee3e0bf3f420fd418"><code>b3760ab</code></a> Merge pull request <a href="https://github.com/pycqa/isort/issues/2347">#2347</a> from PyCQA/revert-2346-ci/uv-replacement-for-poetry</li> <li><a href="https://github.com/PyCQA/isort/commit/cc12cce681098bba70bd78efe76140bdc39792d6"><code>cc12cce</code></a> Revert "UV replacement of Poetry"</li> <li><a href="https://github.com/PyCQA/isort/commit/f7ab073fda5ddab3651fc4438c4e7e16853b3bca"><code>f7ab073</code></a> Merge pull request <a href="https://github.com/pycqa/isort/issues/2346">#2346</a> from PyCQA/ci/uv-replacement-for-poetry</li> <li>Additional commits viewable in <a href="https://github.com/pycqa/isort/compare/5.7.0...6.0.0">compare view</a></li> </ul> </details> <br /> Updates `build` from 0.3.0 to 1.2.2.post1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/build/releases">build's releases</a>.</em></p> <blockquote> <h2>1.2.2.post1</h2>  <p>This release only makes metadata (Python 3.13 classifier), docs, and test suite changes.</p> <h2>What's Changed</h2> <ul> <li>ci: add Python 3.13 by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://github.com/pypa/build/pull/815">pypa/build#815</a></li> <li>docs: mention conda-forge name in README by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://github.com/pypa/build/pull/816">pypa/build#816</a></li> <li>docs: add a missing ` in README by <a href="https://github.com/SigureMo"><code>@SigureMo</code></a> in <a href="https://github.com/pypa/build/pull/817">pypa/build#817</a></li> <li>tests: fix under pyproject-hooks 1.2 by <a href="https://github.com/layday"><code>@layday</code></a> in <a href="https://github.com/pypa/build/pull/824">pypa/build#824</a></li> <li>ci: add PyPI attestations by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://github.com/pypa/build/pull/821">pypa/build#821</a></li> <li>chore: 1.2.2.post1 by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://github.com/pypa/build/pull/820">pypa/build#820</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/SigureMo"><code>@SigureMo</code></a> made their first contribution in <a href="https://github.com/pypa/build/pull/817">pypa/build#817</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/build/compare/1.2.2...1.2.2.post1">https://github.com/pypa/build/compare/1.2.2...1.2.2.post1</a></p> <h2>Version 1.2.2</h2>  <h2>What's Changed</h2> <ul> <li>Add editable to <code>builder.get_requries_for_build</code>'s static types (PR <a href="https://github.com/pypa/build/issues/764">#764</a>, fixes issue <a href="https://github.com/pypa/build/issues/763">#763</a>)</li> <li>Include artifact attestations in our release (PR <a href="https://github.com/pypa/build/issues/782">#782</a>)</li> <li>Fix typing compatibility with typed <code>pyproject-hooks</code> (PR <a href="https://github.com/pypa/build/issues/788">#788</a>)</li> <li>Mark more tests with <code>network</code> (PR <a href="https://github.com/pypa/build/issues/808">#808</a>)</li> <li>Add more intersphinx links to docs (PR <a href="https://github.com/pypa/build/issues/804">#804</a>)</li> <li>Make <code>uv</code> optional for tests (PR <a href="https://github.com/pypa/build/issues/807">#807</a> and <a href="https://github.com/pypa/build/issues/813">#813</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/carlwgeorge"><code>@carlwgeorge</code></a> made their first contribution in <a href="https://github.com/pypa/build/pull/808">pypa/build#808</a></li> <li><a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a> made their first contribution in <a href="https://github.com/pypa/build/pull/804">pypa/build#804</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/build/compare/1.2.1...1.2.2">https://github.com/pypa/build/compare/1.2.1...1.2.2</a></p> <h2>Version 1.2.1</h2> <h2>What's Changed</h2> <ul> <li>Avoid error when terminal width is undetectable on Python < 3.11 (PR <a href="https://github.com/pypa/build/issues/761">#761</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/build/blob/main/CHANGELOG.rst">build's changelog</a>.</em></p> <blockquote> <p>+++++++++ Changelog +++++++++</p> <h1>1.2.2 (2024-09-06)</h1> <ul> <li>Add editable to <code>builder.get_requries_for_build</code>'s static types (PR :pr:<code>764</code>, fixes issue :issue:<code>763</code>)</li> <li>Include artifact attestations in our release (PR :pr:<code>782</code>)</li> <li>Fix typing compatibility with typed <code>pyproject-hooks</code> (PR :pr:<code>788</code>)</li> <li>Mark more tests with <code>network</code> (PR :pr:<code>808</code>)</li> <li>Add more intersphinx links to docs (PR :pr:<code>804</code>)</li> <li>Make <code>uv</code> optional for tests (PR :pr:<code>807</code> and :pr:<code>813</code>)</li> </ul> <h1>1.2.1 (2024-03-28)</h1> <ul> <li>Avoid error when terminal width is undetectable on Python < 3.11 (PR :pr:<code>761</code>)</li> </ul> <h1>1.2.0 (2024-03-27)</h1> <ul> <li>Add <code>--installer</code> option, supporting <code>pip</code> and <code>uv</code>. Added <code>uv</code> extra. (PR :pr:<code>751</code>)</li> <li>Improve console output and provide <code>-v</code> for dependency installation (PR :pr:<code>749</code>)</li> <li>Avoid compiling unused bytecode when using <code>pip</code> (PR :pr:<code>752</code>)</li> <li>Dropped support for Python 3.7 (PR :pr:<code>743</code>)</li> </ul> <h1>1.1.1 (2024-02-29)</h1> <ul> <li>Fixed invoking outer pip from user site packages (PR :pr:<code>746</code>, fixes issue :issue:<code>745</code>)</li> <li>Corrected the minimum pip version required to use an outer pip (PR :pr:<code>746</code>, fixes issue :issue:<code>745</code>)</li> </ul> <p>1.1.0 (2024-02-29)</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/build/commit/2f667024a90718da24c5bdfdb264944436adf82e"><code>2f66702</code></a> chore: 1.2.2.post1 (<a href="https://github.com/pypa/build/issues/820">#820</a>)</li> <li><a href="https://github.com/pypa/build/commit/0580c6d125fd5479dae3dde36923bfd9b5220a37"><code>0580c6d</code></a> ci: add PyPI attestations (<a href="https://github.com/pypa/build/issues/821">#821</a>)</li> <li><a href="https://github.com/pypa/build/commit/e0e911cc895ca22559be2b80b04be27e33220b87"><code>e0e911c</code></a> tests: fix under pyproject-hooks 1.2</li> <li><a href="https://github.com/pypa/build/commit/a73ecbdf16d8a8abb44cbbe95e9ab5f8f2a7c9b9"><code>a73ecbd</code></a> pre-commit: bump repositories</li> <li><a href="https://github.com/pypa/build/commit/56b350439e54d164aed89f251dc39eb7536c0b71"><code>56b3504</code></a> pre-commit: bump repositories (<a href="https://github.com/pypa/build/issues/819">#819</a>)</li> <li><a href="https://github.com/pypa/build/commit/481ca546a5c9f50f255d245fb75d841f2e2e0d4b"><code>481ca54</code></a> pre-commit: bump repositories (<a href="https://github.com/pypa/build/issues/818">#818</a>)</li> <li><a href="https://github.com/pypa/build/commit/025836ae620e22d017396f7712237b8423b1f5c1"><code>025836a</code></a> docs: add a missing ` in README (<a href="https://github.com/pypa/build/issues/817">#817</a>)</li> <li><a href="https://github.com/pypa/build/commit/ae373408f0d4541e9ec8ce711b640ad2faddce4e"><code>ae37340</code></a> docs: mention conda-forge name in README (<a href="https://github.com/pypa/build/issues/816">#816</a>)</li> <li><a href="https://github.com/pypa/build/commit/f81aac058003f6df7414b19e45c848c8b7ed7c75"><code>f81aac0</code></a> ci: add Python 3.13 (<a href="https://github.com/pypa/build/issues/815">#815</a>)</li> <li><a href="https://github.com/pypa/build/commit/3b0b5d07077473f5da3f038cf7b74cd2b65d2a98"><code>3b0b5d0</code></a> docs: changelog for 1.2.2 (<a href="https://github.com/pypa/build/issues/812">#812</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/build/compare/0.3.0...1.2.2.post1">compare view</a></li> </ul> </details> <br /> Updates `twine` from 3.3.0 to 6.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/releases">twine's releases</a>.</em></p> <blockquote> <h2>6.1.0</h2> <p>No release notes provided.</p> <h2>6.0.1</h2> <p>No release notes provided.</p> <h2>6.0.0</h2> <p>No release notes provided.</p> <h2>Release v5.1.1</h2> <p>No release notes provided.</p> <h2>5.1.0</h2> <p>No release notes provided.</p> <h2>5.0.0</h2> <p>No release notes provided.</p> <h2>4.0.2</h2> <p><a href="https://pypi.org/project/twine/4.0.2/">https://pypi.org/project/twine/4.0.2/</a></p> <p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-2-2022-11-30">Changelog</a></p> <h2>4.0.1</h2> <p><a href="https://pypi.org/project/twine/4.0.1/">https://pypi.org/project/twine/4.0.1/</a></p> <p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-1-2022-06-01">Changelog</a></p> <h2>4.0.0</h2> <p><a href="https://pypi.org/project/twine/4.0.0/">https://pypi.org/project/twine/4.0.0/</a></p> <p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-0-2022-03-31">Changelog</a></p> <h2>3.8.0</h2> <p><a href="https://pypi.org/project/twine/3.8.0/">https://pypi.org/project/twine/3.8.0/</a></p> <p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-3-8-0-2022-02-02">Changelog</a></p> <h2>3.7.1</h2> <p><a href="https://pypi.org/project/twine/3.7.1/">https://pypi.org/project/twine/3.7.1/</a></p> <p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-3-7-1-2021-12-07">Changelog</a></p> <h2>3.7.0</h2> <p><a href="https://pypi.org/project/twine/3.7.0/">https://pypi.org/project/twine/3.7.0/</a></p> <p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-3-7-0-2021-12-01">Changelog</a></p> <h2>3.6.0</h2> <p><a href="https://pypi.org/project/twine/3.6.0/">https://pypi.org/project/twine/3.6.0/</a></p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 6.1.0 (2025-01-17)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Twine now has preliminary built-in support for <code>Trusted Publishing <https://docs.pypi.org/trusted-publishers/></code>_ as an authentication mechanism. (<code>[#1194](https://github.com/pypa/twine/issues/1194) <https://github.com/pypa/twine/pull/1194></code>_)</li> </ul> <p>Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li> <p>Remove support for <code>egg</code> and <code>wininst</code> distribution types. These are not accepted by PyPI and not produced by any modern build-backends. (<code>[#1195](https://github.com/pypa/twine/issues/1195) <https://github.com/pypa/twine/issues/1195></code>_)</p> </li> <li> <p>Twine no longer supports <code>.tar.bz2</code> source distributions. (<code>[#1200](https://github.com/pypa/twine/issues/1200) <https://github.com/pypa/twine/pull/1200></code>_)</p> </li> </ul> <p>Misc ^^^^</p> <ul> <li> <p><code>packaging</code> is used instead of <code>pkginfo</code> for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. <code>packaging</code> version 24.0 or later is required. Support for metadata version 2.4 requires <code>packaging</code> 24.2 or later. <code>pkginfo</code> is not a dependency anymore. (<code>[#1180](https://github.com/pypa/twine/issues/1180) <https://github.com/pypa/twine/issues/1180></code>_)</p> </li> <li> <p>Use <code>"source"</code> instead of <code>None</code> as <code>pyversion</code> for <code>sdist</code> uploads. This is what PyPI (and most likely other package indexes) expects. (<code>[#1191](https://github.com/pypa/twine/issues/1191) <https://github.com/pypa/twine/issues/1191></code>_)</p> </li> </ul> <h2>Twine 6.0.1 (2024-11-30)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Fixed a regression where <code>twine check</code> would fail to expand wildcards, e.g. <code>twine check 'dist/*'</code>. (<code>[#1188](https://github.com/pypa/twine/issues/1188) <https://github.com/pypa/twine/issues/1188></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#1184](https://github.com/pypa/twine/issues/1184) <https://github.com/pypa/twine/issues/1184></code>_</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/aa3a910cdef8e0a3cb4e893f4c371b58015f52e0"><code>aa3a910</code></a> Update changelog for 6.1.0 (<a href="https://github.com/pypa/twine/issues/1214">#1214</a>)</li> <li><a href="https://github.com/pypa/twine/commit/440603423ac579946aec0c15b280c6ef44477400"><code>4406034</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1208">#1208</a> from dnicolodi/rm-setuptools</li> <li><a href="https://github.com/pypa/twine/commit/2ca55db34c537bbcb00e157e407320c1e5f8f08b"><code>2ca55db</code></a> Simplify generation of test packages used in test_check</li> <li><a href="https://github.com/pypa/twine/commit/bffd2963bbc9c321670eea659d30178000a7bae7"><code>bffd296</code></a> Move build_archive() from test_sdist to common helpers module</li> <li><a href="https://github.com/pypa/twine/commit/fd0646e12e25752d136f9520d7af0d108bc1f29e"><code>fd0646e</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1206">#1206</a> from dnicolodi/rm-binary-blobs-part1</li> <li><a href="https://github.com/pypa/twine/commit/ab4ec8cc0f926a935070731246905f3985ff735d"><code>ab4ec8c</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1211">#1211</a> from pypa/dependabot/github_actions/actions/upload-a...</li> <li><a href="https://github.com/pypa/twine/commit/b562f7422403b0cadff694d2e81b98cf2e28894f"><code>b562f74</code></a> build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0</li> <li><a href="https://github.com/pypa/twine/commit/b2832de88421edd0d11bfe2ceb53470e12f18bb2"><code>b2832de</code></a> Remove tests/fixtures/twine-1.5.0.zip</li> <li><a href="https://github.com/pypa/twine/commit/970851d9b188dc916e6d95083b1797bd6c277ce5"><code>970851d</code></a> Remove tests/alt-fixtures/twine-1.5.0-py2.py3-none-any.whl</li> <li><a href="https://github.com/pypa/twine/commit/2386ca5300cd7bde59432834d362c07de61e9a53"><code>2386ca5</code></a> build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (<a href="https://github.com/pypa/twine/issues/1205">#1205</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.3.0...6.1.0">compare view</a></li> </ul> </details> <br /> Updates `wheel` from 0.38.1 to 0.45.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/releases">wheel's releases</a>.</em></p> <blockquote> <h2>0.45.1</h2> <ul> <li>Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name</li> </ul> <h2>0.45.0</h2> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> <h2>0.44.0</h2> <ul> <li>Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)</li> <li>Deprecated the <code>bdist_wheel</code> module, as the code was migrated to <code>setuptools</code> itself</li> </ul> <h2>0.43.0</h2> <ul> <li>Dropped support for Python 3.7</li> <li>Updated vendored <code>packaging</code> to 24.0</li> </ul> <h2>0.42.0</h2> <ul> <li>Allowed removing build tag with <code>wheel tags --build ""</code></li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing updated <code>WHEEL</code> fields after a blank line, causing other tools to ignore them</li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing <code>WHEEL</code> with CRLF line endings or a mix of CRLF and LF</li> <li>Fixed <code>wheel pack --build-number ""</code> not removing build tag from <code>WHEEL</code> (above changes by Benjamin Gilbert)</li> </ul> <h2>0.41.3</h2> <ul> <li>Updated vendored <code>packaging</code> to 23.2</li> <li>Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <p><strong>UNRELEASED</strong></p> <ul> <li>Fixed an exception when calling the <code>convert</code> command with an empty description field</li> </ul> <p><strong>0.45.1 (2024-11-23)</strong></p> <ul> <li>Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name</li> </ul> <p><strong>0.45.0 (2024-11-08)</strong></p> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> <p><strong>0.44.0 (2024-08-04)</strong></p> <ul> <li>Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)</li> <li>Deprecated the <code>bdist_wheel</code> module, as the code was migrated to <code>setuptools</code> itself</li> </ul> <p><strong>0.43.0 (2024-03-11)</strong></p> <ul> <li>Dropped support for Python 3.7</li> <li>Updated vendored <code>packaging</code> to 24.0</li> </ul> <p><strong>0.42.0 (2023-11-26)</strong></p> <ul> <li>Allowed removing build tag with <code>wheel tags --build ""</code></li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing updated <code>WHEEL</code> fields after a blank line, causing other tools to ignore them</li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing <code>WHEEL</code> with CRLF line endings or a mix of CRLF and LF</li> <li>Fixed <code>wheel pack --build-number ""</code> not removing build tag from <code>WHEEL</code> (above changes by Benjamin Gilbert)</li> </ul> <p><strong>0.41.3 (2023-10-30)</strong></p> <ul> <li>Updated vendored <code>packaging</code> to 23.2</li> <li>Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/wheel/commit/7855525de4093257e7bfb434877265e227356566"><code>7855525</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/d343391c20f8f6cc89a61a6f1573522c59d3d7a3"><code>d343391</code></a> Fixed wrong wheel file names in converted pure-Python eggs/wininsts</li> <li><a href="https://github.com/pypa/wheel/commit/d78f0e372199f8294556345d867af4d3cf118418"><code>d78f0e3</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/f064c699209e36ec2948537b7cadabf84a110c30"><code>f064c69</code></a> Added license files for vendored <code>packaging</code></li> <li><a href="https://github.com/pypa/wheel/commit/68387afcd33cb514a4da811d2fc5de73c8797e48"><code>68387af</code></a> Only configure setuptools logging if bdist_wheel is imported (<a href="https://github.com/pypa/wheel/issues/641">#641</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/c81f5c954a8ca7698e6df9de39cf0013295949fa"><code>c81f5c9</code></a> Refactored the <code>wheel convert</code> command to not require setuptools (<a href="https://github.com/pypa/wheel/issues/640">#640</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/e43464d32feaddddb235ffe21b4bf13c1193465d"><code>e43464d</code></a> Adjusted target Python versions in GitHub CI</li> <li><a href="https://github.com/pypa/wheel/commit/e9894e71bc62e5808710bc8c2c268de51aef52d4"><code>e9894e7</code></a> Tweaked pytest settings to make the tracebacks easier to read</li> <li><a href="https://github.com/pypa/wheel/commit/baf6bf89562cb42a0ca71cc1e804600b161952eb"><code>baf6bf8</code></a> Removed Cirrus CI configuration</li> <li><a href="https://github.com/pypa/wheel/commit/28c1ba1e2a6d08edc03c73e29293a571888981f9"><code>28c1ba1</code></a> Improved compatibility with future versions of <code>setuptools</code> (<a href="https://github.com/pypa/wheel/issues/638">#638</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/wheel/compare/0.38.1...0.45.1">compare view</a></li> </ul> </details> <br /> Updates `setuptools` from 70.0.0 to 75.8.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v75.8.0</h1> <h2>Features</h2> <ul> <li>Implemented <code>Dynamic</code> field for core metadata (as introduced in PEP 643). The existing implementation is currently experimental and the exact approach may change in future releases. (<a href="https://github.com/pypa/setuptools/issues/4698">#4698</a>)</li> </ul> <h1>v75.7.0</h1> <h2>Features</h2> <ul> <li><code>pypa/distutils#310</code><a href="https://github.com/pypa/setuptools/issues/4478">#4478</a>)</li> <li>Synced with pypa/distutils@ff11eed0c including bugfix for duplicate CFLAGS and adaption to support Python 3.13 is_abs in the C compiler (<a href="https://github.com/pypa/setuptools/issues/4669">#4669</a>). (<a href="https://github.com/pypa/setuptools/issues/4790">#4790</a>)</li> </ul> <h1>v75.6.0</h1> <h2>Features</h2> <ul> <li>Preserve original <code>PKG-INFO</code> into <code>METADATA</code> when creating wheel (instead of calling <code>wheel.metadata.pkginfo_to_metadata</code>). This helps to be more compliant with the flow specified in PEP 517. (<a href="https://github.com/pypa/setuptools/issues/4701">#4701</a>)</li> <li>Changed the <code>WindowsSdkVersion</code>, <code>FrameworkVersion32</code> and <code>FrameworkVersion64</code> properties of <code>setuptools.msvc.PlatformInfo</code> to return an empty <code>tuple</code> instead of <code>None</code> as a fallthrough case -- by :user:<code>Avasam</code> (<a href="https://github.com/pypa/setuptools/issues/4754">#4754</a>)</li> </ul> <h1>v75.5.0</h1> <h2>Features</h2> <ul> <li>Removed support for <code>SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION</code>, as it is deemed prone to errors. (<a href="https://github.com/pypa/setuptools/issues/4746">#4746</a>)</li> </ul> <h1>v75.4.0</h1> <h2>Features</h2> <ul> <li>Added support for the environment variable</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/5c9d9809dec1b20e2a9da6b4a06355fd6f87a190"><code>5c9d980</code></a> Bump version: 75.7.0 → 75.8.0</li> <li><a href="https://github.com/pypa/setuptools/commit/72c422261b40f2b95a8be6605cc7dd93cec81794"><code>72c4222</code></a> Avoid using Any in function</li> <li><a href="https://github.com/pypa/setuptools/commit/1c61d4799438677c7cfaaccf281312bfb1aee9b3"><code>1c61d47</code></a> Add news fragments for PEP 643</li> <li><a href="https://github.com/pypa/setuptools/commit/f285d01e2661b01e4947a4dca7704790b65f2967"><code>f285d01</code></a> Implement PEP 643 (<code>Dynamic</code> field for core metadata) (<a href="https://github.com/pypa/setuptools/issues/4698">#4698</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/a50f6e2e1e8b4610adde709079bec17ad0944197"><code>a50f6e2</code></a> Fix _static.Dict.<strong>ior</strong> for Python 3.8</li> <li><a href="https://github.com/pypa/setuptools/commit/b055895fa337a6e03a29c2ea6493b6b778d2ba46"><code>b055895</code></a> Add extra tests for static/dynamic metadata</li> <li><a href="https://github.com/pypa/setuptools/commit/770b4fc8f6248d862629028f5ee4218975f9516b"><code>770b4fc</code></a> Remove test workaround for unmarked static values from pyproject.toml</li> <li><a href="https://github.com/pypa/setuptools/commit/8b22d73be5e23a9611398d81aedc5164115940ce"><code>8b22d73</code></a> Mark values from pyproject.toml as static</li> <li><a href="https://github.com/pypa/setuptools/commit/f699fd842e3ddedbe937ee33b0bd6ad28e735664"><code>f699fd8</code></a> Fix spelling error</li> <li><a href="https://github.com/pypa/setuptools/commit/8b4c8a3c95f43d771d0fa6e4ebceea3436bc70f7"><code>8b4c8a3</code></a> Add tests for static 'attr' directive</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v70.0.0...v75.8.0">compare view</a></li> </ul> </details> <br /> Updates `protobuf` from 5.27.0 to 5.29.3 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protocolbuffers/protobuf/commit/b407e8416e3893036aee5af9a12bd9b6a0e2b2e6"><code>b407e84</code></a> Updating version.json and repo version numbers to: 29.3</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/9a5d2c329c159e07f7da8ba5dfe0acc98dfb81a9"><code>9a5d2c3</code></a> Add .bazeliskrc for protobuf repo to tell bazelisk to use 7.1.2 by default. (...</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/1dc5842ebe7956e79d5dfee6d3589df02faa77fd"><code>1dc5842</code></a> Fix cmake installation location of java and go features (<a href="https://github.com/protocolbuffers/protobuf/issues/19773">#19773</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/8e7e6b026f0ef00fd0f3d3cbeb41a02f8621c785"><code>8e7e6b0</code></a> Update artifact actions to v4 (<a href="https://github.com/protocolbuffers/protobuf/issues/19703">#19703</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/cbdc8ab774aeb888f635a1f3d0bce206e173b276"><code>cbdc8ab</code></a> Merge pull request <a href="https://github.com/protocolbuffers/protobuf/issues/19719">#19719</a> from protocolbuffers/29.x-202412181411</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/5621748f97259be36587bf337aae554f6361cb22"><code>5621748</code></a> Updating version.json and repo version numbers to: 29.3-dev</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/233098326bc268fc03b28725c941519fc77703e6"><code>2330983</code></a> Updating version.json and repo version numbers to: 29.2</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/17726576c00d4509bc3552ec922de2399f6503fe"><code>1772657</code></a> Automated rollback of commit 23aada230b2478c7a07fe7612489eb8e79b9c379. (<a href="https://github.com/protocolbuffers/protobuf/issues/19692">#19692</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/8b9d76c458bee6bd9e1d8edacace5b2aa7c5a4c7"><code>8b9d76c</code></a> Export environment variables so bazelisk picks them up (<a href="https://github.com/protocolbuffers/protobuf/issues/19690">#19690</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/a1c9b6a2dbda0ab13037e60ac0d6edcef93aaab7"><code>a1c9b6a</code></a> Pin staleness check to Bazel 7 (<a href="https://github.com/protocolbuffers/protobuf/issues/19689">#19689</a>)</li> <li>Additional commits viewable in <a href="https://github.com/protocolbuffers/protobuf/compare/v5.27.0...v5.29.3">compare view</a></li> </ul> </details> <br /> Updates `jinja2` from 3.1.4 to 3.1.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.5</h2> <p>This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.5/">https://pypi.org/project/Jinja2/3.1.5/</a> Changes: <a href="https://jinja.palletsprojects.com/changes/#version-3-1-5">https://jinja.palletsprojects.com/changes/#version-3-1-5</a> Milestone: <a href="https://github.com/pallets/jinja/milestone/16?closed=1">https://github.com/pallets/jinja/milestone/16?closed=1</a></p> <ul> <li>The sandboxed environment handles indirect calls to <code>str.format</code>, such as by passing a stored reference to a filter that calls its argument. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h">GHSA-q2x7-8rv6-6q7h</a></li> <li>Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <a href="https://github.com/pallets/jinja/issues/1792">#1792</a>, <a href="https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699">GHSA-gmj6-6f8f-6699</a></li> <li>Sandbox does not allow <code>clear</code> and <code>pop</code> on known mutable sequence types. <a href="https://github.com/pallets/jinja/issues/2032">#2032</a></li> <li>Calling sync <code>render</code> for an async template uses <code>asyncio.run</code>. <a href="https://github.com/pallets/jinja/issues/1952">#1952</a></li> <li>Avoid unclosed <code>auto_aiter</code> warnings. <a href="https://github.com/pallets/jinja/issues/1960">#1960</a></li> <li>Return an <code>aclose</code>-able <code>AsyncGenerator</code> from <code>Template.generate_async</code>. <a href="https://github.com/pallets/jinja/issues/1960">#1960</a></li> <li>Avoid leaving <code>root_render_func()</code> unclosed in <code>Template.generate_async</code>. <a href="https://github.com/pallets/jinja/issues/1960">#1960</a></li> <li>Avoid leaving async generators unclosed in blocks, includes and extends. <a href="https://github.com/pallets/jinja/issues/1960">#1960</a></li> <li>The runtime uses the correct <code>concat</code> function for the current environment when calling block references. <a href="https://github.com/pallets/jinja/issues/1701">#1701</a></li> <li>Make <code>|unique</code> async-aware, allowing it to be used after another async-aware filter. <a href="https://github.com/pallets/jinja/issues/1781">#1781</a></li> <li><code>|int</code> filter handles <code>OverflowError</code> from scientific notation. <a href="https://github.com/pallets/jinja/issues/1921">#1921</a></li> <li>Make compiling deterministic for tuple unpacking in a <code>{% set ... %}</code> call. <a href="https://github.com/pallets/jinja/issues/2021">#2021</a></li> <li>Fix dunder protocol (<code>copy</code>/<code>pickle</code>/etc) interaction with <code>Undefined</code> objects. <a href="https://github.com/pallets/jinja/issues/2025">#2025</a></li> <li>Fix <code>copy</code>/<code>pickle</code> support for the internal <code>missing</code> object. <a href="https://github.com/pallets/jinja/issues/2027">#2027</a></li> <li><code>Environment.overlay(enable_async)</code> is applied correctly. <a href="https://github.com/pallets/jinja/issues/2061">#2061</a></li> <li>The error message from <code>FileSystemLoader</code> includes the paths that were searched. <a href="https://github.com/pallets/jinja/issues/1661">#1661</a></li> <li><code>PackageLoader</code> shows a clearer error message when the package does not contain the templates directory. <a href="https://github.com/pallets/jinja/issues/1705">#1705</a></li> <li>Improve annotations for methods returning copies. <a href="https://github.com/pallets/jinja/issues/1880">#1880</a></li> <li><code>urlize</code> does not add <code>mailto:</code> to values like <code>@a@b</code>. <a href="https://github.com/pallets/jinja/issues/1870">#1870</a></li> <li>Tests decorated with <code>@pass_context</code> can be used with the <code>|select</code> filter. <a href="https://github.com/pallets/jinja/issues/1624">#1624</a></li> <li>Using <code>set</code> for multiple assignment (<code>a, b = 1, 2</code>) does not fail when the target is a namespace attribute. <a href="https://github.com/pallets/jinja/issues/1413">#1413</a></li> <li>Using <code>set</code> in all branches of <code>{% if %}{% elif %}{% else %}</code> blocks does not cause the variable to be considered initially undefined. <a href="https://github.com/pallets/jinja/issues/1253">#1253</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.5</h2> <p>Released 2024-12-21</p> <ul> <li>The sandboxed environment handles indirect calls to <code>str.format</code>, such as by passing a stored reference to a filter that calls its argument. :ghsa:<code>q2x7-8rv6-6q7h</code></li> <li>Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:<code>1792</code>, :ghsa:<code>gmj6-6f8f-6699</code></li> <li>Sandbox does not allow <code>clear</code> and <code>pop</code> on known mutable sequence types. :issue:<code>2032</code></li> <li>Calling sync <code>render</code> for an async template uses <code>asyncio.run</code>. :pr:<code>1952</code></li> <li>Avoid unclosed <code>auto_aiter</code> warnings. :pr:<code>1960</code></li> <li>Return an <code>aclose</code>-able <code>AsyncGenerator</code> from <code>Template.generate_async</code>. :pr:<code>1960</code></li> <li>Avoid leaving <code>root_render_func()</code> unclosed in <code>Template.generate_async</code>. :pr:<code>1960</code></li> <li>Avoid leaving async generators unclosed in blocks, includes and extends. :pr:<code>1960</code></li> <li>The runtime uses the correct <code>concat</code> function for the current environment when calling block references. :issue:<code>1701</code></li> <li>Make <code>|unique</code> async-aware, allowing it to be used after another async-aware filter. :issue:<code>1781</code></li> <li><code>|int</code> filter handles <code>OverflowError</code> from scientific notation. :issue:<code>1921</code></li> <li>Make compiling deterministic for tuple unpacking in a <code>{% set ... %}</code> call. :issue:<code>2021</code></li> <li>Fix dunder protocol (<code>copy</code>/<code>pickle</code>/etc) interaction with <code>Undefined</code> objects. :issue:<code>2025</code></li> <li>Fix <code>copy</code>/<code>pickle</code> support for the internal <code>missing</code> object. :issue:<code>2027</code></li> <li><code>Environment.overlay(enable_async)</code> is applied correctly. :pr:<code>2061</code></li> <li>The error message from <code>FileSystemLoader</code> includes the paths that were searched. :issue:<code>1661</code></li> <li><code>PackageLoader</code> shows a clearer error message when the package does not contain the templates directory. :issue:<code>1705</code></li> <li>Improve annotations for methods returning copies. :pr:<code>1880</code></li> <li><code>urlize</code> does not add <code>mailto:</code> to values like <code>@a@b</code>. :pr:<code>1870</code></li> <li>Tests decorated with <code>@pass_context`` can be used with the ``|select`` filter. :issue:</code>1624`</li> <li>Using <code>set</code> for multiple assignment (<code>a, b = 1, 2</code>) does not fail when the target is a namespace attribute. :issue:<code>1413</code></li> <li>Using <code>set</code> in all branches of <code>{% if %}{% elif %}{% else %}</code> blocks does not cause the variable to be considered initially undefined. :issue:<code>1253</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1"><code>877f6e5</code></a> release version 3.1.5</li> <li><a href="https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f"><code>8d58859</code></a> remove test pypi</li> <li><a href="https://github.com/pallets/jinja/commit/eda8fe86fd716dfce24910294e9f1fc81fbc740c"><code>eda8fe8</code></a> update dev dependencies</li> <li><a href="https://github.com/pallets/jinja/commit/c8fdce1e0333f1122b244b03a48535fdd7b03d91"><code>c8fdce1</code></a> Fix bug involving calling set on a template parameter within all branches of ...</li> <li><a href="https://github.com/pallets/jinja/commit/66587ce989e5a478e0bb165371fa2b9d42b7040f"><code>66587ce</code></a> Fix bug where set would sometimes fail within if</li> <li><a href="https://github.com/pallets/jinja/commit/fbc3a696c729d177340cc089531de7e2e5b6f065"><code>fbc3a69</code></a> Add support for namespaces in tuple parsing (<a href="https://github.com/pallets/jinja/issues/1664">#1664</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/b8f4831d41e6a7cb5c40d42f074ffd92d2daccfc"><code>b8f4831</code></a> more comments about nsref assignment</li> <li><a href="https://github.com/pallets/jinja/commit/ee832194cd9f55f75e5a51359b709d535efe957f"><code>ee83219</code></a> Add support for namespaces in tuple assignment</li> <li><a href="https://github.com/pallets/jinja/commit/1d55cddbb28e433779511f28f13a2d8c4ec45826"><code>1d55cdd</code></a> Triple quotes in docs (<a href="https://github.com/pallets/jinja/issues/2064">#2064</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/8a8eafc6b992ba177f1d3dd483f8465f18a11116"><code>8a8eafc</code></a> edit block assignment section</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/3.1.4...3.1.5">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

takluyver mentioned this pull request Dec 4, 2024

Support the "Trusted Publishing" flow directly in twine #999

Closed

takluyver force-pushed the oidc branch from b5ebf12 to f5db5d4 Compare December 4, 2024 11:02

sigmavirus24 reviewed Dec 4, 2024

View reviewed changes

twine/settings.py Outdated Show resolved Hide resolved

sigmavirus24 reviewed Dec 4, 2024

View reviewed changes

twine/settings.py Outdated Show resolved Hide resolved

woodruffw reviewed Dec 4, 2024

View reviewed changes

pyproject.toml Outdated Show resolved Hide resolved

woodruffw mentioned this pull request Dec 4, 2024

Remove pydantic dep di/id#319

Closed

sigmavirus24 reviewed Dec 6, 2024

View reviewed changes

twine/cli.py Show resolved Hide resolved

tox.ini Outdated Show resolved Hide resolved

takluyver added 9 commits December 7, 2024 09:54

Initial implementation of uploading with trusted publishing authentic…

018f8ff

…ation

Autoformat

5ffbfa0

Satisfy the type checks

9384354

Rename oidc -> trusted_publishing

eb0faf4

Try trusted publishing on upload to PyPI with no token

09198e0

Make id a full dependency

ea78045

Try trusted publishing at lower priority than keyring & .pypirc files

2a8a126

Add id to requirements shown with --version

d166096

id no longer needs to be listed in twine

60b3327

takluyver force-pushed the oidc branch from 3b880a5 to 60b3327 Compare December 7, 2024 08:54

takluyver mentioned this pull request Dec 7, 2024

Rename wheel filetype back to bdist_wheel #1198

Merged

takluyver marked this pull request as ready for review December 7, 2024 20:59

sigmavirus24 approved these changes Dec 7, 2024

View reviewed changes

Smaller message when keyring installed but finds no backend

7eb4947

Merge branch 'main' into oidc

9c4506c

woodruffw approved these changes Dec 9, 2024

View reviewed changes

di approved these changes Dec 9, 2024

View reviewed changes

twine/auth.py Show resolved Hide resolved

twine/auth.py Outdated Show resolved Hide resolved

Set user-agent & retries for OIDC requests

ec859fb

sigmavirus24 approved these changes Dec 11, 2024

View reviewed changes

sigmavirus24 merged commit 28e60bb into pypa:main Dec 11, 2024
26 checks passed

takluyver deleted the oidc branch December 11, 2024 09:09

dnicolodi mentioned this pull request Jan 17, 2025

Update changelog for 6.1.0 #1214

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initial implementation of uploading with trusted publishing authentication #1194

Initial implementation of uploading with trusted publishing authentication #1194

takluyver commented Dec 4, 2024

sigmavirus24 left a comment

sigmavirus24 Dec 4, 2024

sigmavirus24 Dec 4, 2024

takluyver Dec 4, 2024

sigmavirus24 Dec 4, 2024

takluyver commented Dec 4, 2024

takluyver commented Dec 4, 2024

webknjaz commented Dec 5, 2024

woodruffw commented Dec 6, 2024

sigmavirus24 commented Dec 6, 2024

sigmavirus24 left a comment

takluyver commented Dec 7, 2024

takluyver commented Dec 7, 2024

takluyver commented Dec 7, 2024

sigmavirus24 left a comment

woodruffw commented Dec 7, 2024

di commented Dec 7, 2024

takluyver commented Dec 8, 2024

woodruffw commented Dec 9, 2024

woodruffw commented Dec 9, 2024 •

edited

Loading

takluyver commented Dec 9, 2024

woodruffw commented Dec 9, 2024

woodruffw commented Dec 9, 2024

woodruffw left a comment

di left a comment

sigmavirus24 commented Dec 11, 2024

takluyver commented Dec 11, 2024


		token_exchange_url = f"https://{repository_domain}/_/oidc/mint-token"

		mint_token_resp = requests.post(

Initial implementation of uploading with trusted publishing authentication #1194

Initial implementation of uploading with trusted publishing authentication #1194

Conversation

takluyver commented Dec 4, 2024

sigmavirus24 left a comment

Choose a reason for hiding this comment

sigmavirus24 Dec 4, 2024

Choose a reason for hiding this comment

sigmavirus24 Dec 4, 2024

Choose a reason for hiding this comment

takluyver Dec 4, 2024

Choose a reason for hiding this comment

sigmavirus24 Dec 4, 2024

Choose a reason for hiding this comment

takluyver commented Dec 4, 2024

takluyver commented Dec 4, 2024

webknjaz commented Dec 5, 2024

woodruffw commented Dec 6, 2024

sigmavirus24 commented Dec 6, 2024

sigmavirus24 left a comment

Choose a reason for hiding this comment

takluyver commented Dec 7, 2024

takluyver commented Dec 7, 2024

takluyver commented Dec 7, 2024

sigmavirus24 left a comment

Choose a reason for hiding this comment

woodruffw commented Dec 7, 2024

di commented Dec 7, 2024

takluyver commented Dec 8, 2024

woodruffw commented Dec 9, 2024

woodruffw commented Dec 9, 2024 • edited Loading

takluyver commented Dec 9, 2024

woodruffw commented Dec 9, 2024

woodruffw commented Dec 9, 2024

woodruffw left a comment

Choose a reason for hiding this comment

di left a comment

Choose a reason for hiding this comment

sigmavirus24 commented Dec 11, 2024

takluyver commented Dec 11, 2024

woodruffw commented Dec 9, 2024 •

edited

Loading