Remove deprecated setup_requires

[zupo]

pytest-runner is used in a deprecated way: from setup_requires.

Most of the time this is not an issue, but sometimes it is: when installing the package using pip, setup_requires step tries to get pytest-runner. And that's the problem: the way setup_requires tries to get the missing package is not honoring pip configuration, such as different index, certificates, proxies, etc.

Which means the installation of this package can fail in environments where pip needs to be correctly configured to use proxies for Internet access.

Additionally, pytest-runner itself says that it is not recommended anymore:

pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.

[alexchen8]

Can we get this pull request merged? This is causing some issue when SSL chain is broken in corp/VPN network (--trusted-host does not propagate in this case). While adding pytest-runner to the requirements explicitly solves the issue but it's really not ideal.

[JBKahn]

I'll take a look at this.

[JBKahn]

Should have been fixed by the move back to Poetry now that they fixed their issues.

[zupo]

Is the "move back to Poetry" included in the latest release on PyPI?

[JBKahn]

Should be

[zupo]

Yep, fixed in master! Thanks a ton!