Combine all relevant settings, parameters and config files into pyproject.toml. This would not only include ruff.toml and requirements.txt, but also setuptools (which has deprecated the use of setup.py via CLI) and setting the package version (which should come from the tag).
Why
bandit.yml is now vestigial and other config files do rather clutter the repo. Having everything in the core pyproject.toml would be a more modern version of the package. Further, we could lean into defining dependencies in the project metadata, which can be installed directly. A quick count suggests that this would replace 7 top-directory level files with 1.
PEP 621 suggests that use of pyproject is recommended now. Tools seem to all be adopting it (reference).
What
Combine all relevant settings, parameters and config files into
pyproject.toml. This would not only includeruff.tomlandrequirements.txt, but also setuptools (which has deprecated the use of setup.py via CLI) and setting the package version (which should come from the tag).Why
bandit.ymlis now vestigial and other config files do rather clutter the repo. Having everything in the corepyproject.tomlwould be a more modern version of the package. Further, we could lean into defining dependencies in the project metadata, which can be installed directly. A quick count suggests that this would replace 7 top-directory level files with 1.PEP 621 suggests that use of pyproject is recommended now. Tools seem to all be adopting it (reference).
How
pyproject.toml-- You'll likely need to replace the build package stage with something likepip wheel --no-deps -w dist .pyproject.tomlrequirements.txt)requirements.txt)References:
awesome-pyproject