Issue during our dependency-check analysis because of tests/pyproject.toml file

[LvffY]

Hello

I have been using your package for a while now and because I love living on the edge, I always used your latest releases.

Lately, we had an issue with another tool dependency-check which pointed some pyproject.toml file in your repository :

We solved our problem by enforcing the 7.x releases of your package with zest.releaser[recommended]<8.

I'm not sure if this is intended or not, but I'm a bit concerned about the path where this pyproject.toml is found. Is this expected that we also install the tests directory when installing the library ? I look into the the library in 7.x, and the tests directory is also included in the library

N.B: We could have a workaround by excluding this kind of file of our analysis to use the latest releases of zest.releaser.

[mauritsvanrees]

As Plone release manager I maintain hundreds of packages, and when they have a tests directory, I include it in the distribution. This is needed if you want to be able to run the tests for a PyPI distribution instead of a development checkout. It may be not really needed for zest.releaser, but I see nothing wrong with it.

And indeed we do not have a poetry.lock or requirements.txt in there, and that is fine.