flit publish can now use PyPI tokens stored in keyring (:ghpull:649),
either project tokens with a 'username' like
:samp:pypi_token:project:{project_name} (use the normalised form of the name <https://packaging.python.org/en/latest/specifications/name-normalization/>_)
or user tokens (:samp:pypi_token:user:{username}).
The --python option can now take the path of a virtualenv folder, as an
alternative to a Python executable (:ghpull:667).
Flit will work with current development versions of Pythona again (:ghpull:684).
The flit command line package now requires Python 3.8 or above (:ghpulL:660).
flit_core still works with Python 3.6 or above.
The metadata in packages now has the names of optional dependency groups
("extras") normalised, complying with version 2.3 of the metadata standard
(:ghpull:676, :ghpull:697).
The flit command line package now depends on pip (:ghpull:647).
Fix potential substitution of environment variables into passwords read from
.pypirc files (:ghpull:652).
A warning is now shown when building packages which specify the old
flit.buildapi backend, which should be replaced by flit_core.buildapi
(:ghpull:674). It's a good idea to always set a maximum version for the
build requirement, to protect against changes in future major versions of Flit.
Avoid using the deprecated datetime.utcfromtimestamp() (:ghpull:682).
Flit now has a SECURITY.md file in the Github repository (:ghpull:665).
The tests for flit_core are no longer part of the installed package,
reducing the size of the wheels (:ghpull:691).
Version 3.9
New options :option:flit build --use-vcs and :option:flit build --no-use-vcs
to enable & disable including all committed files in the sdist. For now
--use-vcs is the default, but this is likely to change in a future
version, to bring flit build in line with standard build frontends like
python -m build (:ghpull:625).
Sdist file names, and the name of the top-level folder in an sdist, are now
normalised, in accordance with :pep:625 (:ghpull:628).
A statically defined version number can now be parsed from files called
version.py, _version.py or __version__.py inside a package, as well
as from __init__.py, so executing code is required in fewer cases
(:ghpull:630).
Fix setting the flag for regular files in zip metadata (:ghpull:639).
The timestamp embedded in the gzip wrapper for sdists now defaults to a fixed
date, so building an sdist twice on the same machine should produce identical
results, even without any special steps (:ghpull:635). Setting
:envvar:SOURCE_DATE_EPOCH is still recommended for properly
... (truncated)
Commits
8066677 Merge pull request #700 from pypa/win-py3.13-tests
34445e9 Better test for absolute Python exe path on Windows
d340f1c Fix checks for absolute paths in config on Python 3.13 & Windows
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 day ago
Bumps flit from 3.9.0 to 3.10.0.
Changelog
Sourced from flit's changelog.
... (truncated)
Commits
8066677Merge pull request #700 from pypa/win-py3.13-tests34445e9Better test for absolute Python exe path on Windowsd340f1cFix checks for absolute paths in config on Python 3.13 & Windowsc57b101Ensure CI also runs on tag pushes5c416e5Simpler way to ensure dependencies are installed in CI74ab93bExtend CI to Python 3.13ba39a3fBuilding Flit may require a not-yet-released version of flit_core; build with...1195f41Bump version: 3.9.0 → 3.10.029cf661Merge pull request #695 from pypa/changelog-3.10e99f760Mention extra name normalisation in changelogDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show