pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684.
It is recommended that you:
Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.
Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.
Select a tool to bootstrap and then run tests such as tox.
This came up in a review of a proposed python-rfc3339-validator package for Fedora Linux.
This PR follows pytest-runner upstream’s advice (leaving the already-empty setup_requires for now). It removes support for python setup.py test, but testing via tox or direct use of pytest still work.
The
pytest-runner
package is deprecated upstream. Its README now advises:This came up in a review of a proposed
python-rfc3339-validator
package for Fedora Linux.This PR follows
pytest-runner
upstream’s advice (leaving the already-emptysetup_requires
for now). It removes support forpython setup.py test
, but testing viatox
or direct use ofpytest
still work.Fixes #6.