Closed jmahlik closed 9 months ago
I also noticed the package is importing itself to find the version. Which makes installing from an sdist not possible (the package isn't yet installed when installing itself).
The warning at the very bottom: https://packaging.python.org/en/latest/guides/single-sourcing-package-version/
I'll adjust that in the pr as well.
Thanks a lot for opening this issue. Actually, moving to .toml for my packages has been something on my list for quite some time, but I never had the time to get to it. If you could open a PR that would be really appreciated!
Thanks a lot for opening this issue. Actually, moving to .toml for my packages has been something on my list for quite some time, but I never had the time to get to it. If you could open a PR that would be really appreciated!
Awesome! I opened a PR with the basics of specifying a build system and got the install working from an sdist for now.
I'd be willing to work on migrating the configs from the setup.py
over to the pyproject.toml
. Think it might require some work/discussion about how to handle the version. Right now it's dynamic from the module. I can start on another PR to migrate it fully.
@jmahlik I forgot to mention that I made a new PyPI release a few days ago. Thanks again for the PR restructuring this package to finally use .toml!!
Describe the bug
Setuptools is being included as a dependency.
I propose adding a minimal
pyproject.toml
to the package so that pip can pick up what build backend the project is using. Then removing it from the runtime dependencies. There are other advantages to having a pyproject.toml such as building wheels in an isolated environment.https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/
In python 3.12, it may not be safe to assume setuptools will be available. It should be., but better safe than sorry.
Including setuptools as a dependency also causes some security scanners to pick up old versions of setuptools in the dependency tree. (That's what brought me here).
I will open a PR to add one. There won't be any breaking changes.
Steps/Code to Reproduce
Expected Results
Setuptools is not installed as a transitive dependency
Actual Results
Setuptools is installed as a transitive dependency