Move the testing extras from the setup.py to their own requirements_test.txt file.
Please let me know if I'm missing some details; I've put this together rather quickly.
The rationale here is that the extras list was showing up in a poetry.lock file for a project at my company. This was because pytest-cov was part of the dev-dependencies in a pyproject.toml file.
Our vulnerability scanning tool is designed to skip development dependencies. However, it doesn't skip a development dependency if it appears in the extras list in the poetry.lock file. Edit: the previous line appears to be inaccurate - it is skipped if there are only dev dependencies in pyproject.toml.
This is not a problem with pytest-cov per-se but perhaps the change is acceptable in any case and helps others potentially. Maybe this PR makes sense from the perspective that the test extras would never be used by downstream users, but otherwise please feel free to close it😅
Move the
testing
extras from the setup.py to their own requirements_test.txt file.Please let me know if I'm missing some details; I've put this together rather quickly.
The rationale here is that the
extras
list was showing up in a poetry.lock file for a project at my company. This was because pytest-cov was part of the dev-dependencies in a pyproject.toml file. Our vulnerability scanning tool is designed to skip development dependencies. However, it doesn't skip a development dependency if it appears in the extras list in the poetry.lock file. Edit: the previous line appears to be inaccurate - it is skipped if there are only dev dependencies in pyproject.toml.This is not a problem with pytest-cov per-se but perhaps the change is acceptable in any case and helps others potentially. Maybe this PR makes sense from the perspective that the test extras would never be used by downstream users, but otherwise please feel free to close it😅
Thanks for your time!