Add a `pyproject.toml`

[jmahlik]

Describe the bug

Setuptools is being included as a dependency.

I propose adding a minimal pyproject.toml to the package so that pip can pick up what build backend the project is using. Then removing it from the runtime dependencies. There are other advantages to having a pyproject.toml such as building wheels in an isolated environment.

https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/

In python 3.12, it may not be safe to assume setuptools will be available. It should be., but better safe than sorry.

Including setuptools as a dependency also causes some security scanners to pick up old versions of setuptools in the dependency tree. (That's what brought me here).

I will open a PR to add one. There won't be any breaking changes.

Steps/Code to Reproduce

python -m pip install mlxtend
...

python -m pip show mlxtend
Name: mlxtend
Version: 0.23.0.dev0
Summary: Machine Learning Library Extensions
Home-page: https://github.com/rasbt/mlxtend
Author: Sebastian Raschka
Author-email: mail@sebastianraschka.com
License: BSD 3-Clause
Location: c:\users\rm13\python\python310\lib\site-packages
Editable project location: C:\Users\rm13\Documents\ProjectsLocal\forks\mlxtend
Requires: joblib, matplotlib, numpy, pandas, scikit-learn, scipy, setuptools
Required-by:

Expected Results

Setuptools is not installed as a transitive dependency

python -m pip show mlxtend
Name: mlxtend
Version: 0.23.0.dev0
Summary: Machine Learning Library Extensions
Home-page: https://github.com/rasbt/mlxtend
Author: Sebastian Raschka
Author-email: mail@sebastianraschka.com
License: BSD 3-Clause
Location: c:\users\rm13\python\python310\lib\site-packages
Editable project location: C:\Users\rm13\Documents\ProjectsLocal\forks\mlxtend
Requires: joblib, matplotlib, numpy, pandas, scikit-learn, scipy
Required-by:

Actual Results

Setuptools is installed as a transitive dependency

python -m pip show mlxtend
Name: mlxtend
Version: 0.23.0.dev0
Summary: Machine Learning Library Extensions
Home-page: https://github.com/rasbt/mlxtend
Author: Sebastian Raschka
Author-email: mail@sebastianraschka.com
License: BSD 3-Clause
Location: c:\users\rm13\python\python310\lib\site-packages
Editable project location: C:\Users\rm13\Documents\ProjectsLocal\forks\mlxtend
Requires: joblib, matplotlib, numpy, pandas, scikit-learn, scipy, setuptools
Required-by:

#### Versions
0.23.0.dev0

<!-- Thanks for contributing! -->

[jmahlik]

I also noticed the package is importing itself to find the version. Which makes installing from an sdist not possible (the package isn't yet installed when installing itself).

The warning at the very bottom: https://packaging.python.org/en/latest/guides/single-sourcing-package-version/

I'll adjust that in the pr as well.

[rasbt]

Thanks a lot for opening this issue. Actually, moving to .toml for my packages has been something on my list for quite some time, but I never had the time to get to it. If you could open a PR that would be really appreciated!

[jmahlik]

Thanks a lot for opening this issue. Actually, moving to .toml for my packages has been something on my list for quite some time, but I never had the time to get to it. If you could open a PR that would be really appreciated!

Awesome! I opened a PR with the basics of specifying a build system and got the install working from an sdist for now.

I'd be willing to work on migrating the configs from the setup.py over to the pyproject.toml. Think it might require some work/discussion about how to handle the version. Right now it's dynamic from the module. I can start on another PR to migrate it fully.

[rasbt]

@jmahlik I forgot to mention that I made a new PyPI release a few days ago. Thanks again for the PR restructuring this package to finally use .toml!!