Join by graceboniface · Pull Request #1 · Ayumihellena/packaging.python.org · GitHub
Skip to content

Join#1

Open
graceboniface wants to merge 2186 commits into
Ayumihellena:carljm-VERSION-hintfrom
graceboniface:main
Open

Join#1
graceboniface wants to merge 2186 commits into
Ayumihellena:carljm-VERSION-hintfrom
graceboniface:main

Conversation

@graceboniface

Copy link
Copy Markdown

No description provided.

chrysle and others added 30 commits August 23, 2024 13:16
Add discussion page that links to pypackaging-native.github.io
…lnerability

Versions of actions/download-artifact before 4.1.7 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames.

Fore more details see: GHSA-6q32-hq47-5qq3
Update download-artifact plugin in publish-to-test-pypi.yml to fix vulnerability
PEP 639: Add documentation for Metadata 2.4, License-Expression and License-Field
Fix conflicting classification of install
Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Paul Moore <p.f.moore@gmail.com>
Signed-off-by: William Woodruff <william@yossarian.net>
This reverts commit 5a6c37d.
Signed-off-by: William Woodruff <william@yossarian.net>
Also redirects the obsolete single-source version guide to the
updated single-source version discussion.

Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: wim glenn <hey@wimglenn.com>
Co-authored-by: Carol Willing <carolcode@willingconsulting.com>
…ash-merge

Add notes on runtime version access
…ersion

Point at dev dependency, which should always stay up to date
updates:
- [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](pre-commit/pre-commit-hooks@v4.6.0...v5.0.0)
- [github.com/astral-sh/ruff-pre-commit: v0.4.10 → v0.7.0](astral-sh/ruff-pre-commit@v0.4.10...v0.7.0)
Update contribute.rst reference to out of date django documentation version
brettcannon and others added 27 commits April 15, 2025 12:46
Co-authored-by: Filipe Laíns 🇵🇸 <filipe.lains@gmail.com>
Co-authored-by: Filipe Laíns 🇵🇸 <filipe.lains@gmail.com>
Co-authored-by: Filipe Laíns 🇵🇸 <filipe.lains@gmail.com>
Along the way, ignore a troublesome URL that's slowing down link checking significantly.
we're going to be migrating to self-hosted plausbile entirely now.

drop plausible.io script, and enable outbound links
docs: update installing-packages.rst
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Clarify that dev releases are considered pre-releases when handling them
These steps are superfluous now that gh-action-pypi-publish
generates and uploads PEP 740-compatible attestations by default
on its own.

(They also served a slightly different purpose than PEP 740
attestations, since they were never uploaded to PyPI and used
a different format.)

Closes pypa#1788.

Signed-off-by: William Woodruff <william@yossarian.net>
guides: remove manual Sigstore steps from publishing guide
@graceboniface graceboniface changed the base branch from master to ncoghlan-tweak-landing-page-layout May 13, 2025 22:51
@graceboniface graceboniface changed the base branch from ncoghlan-tweak-landing-page-layout to master May 14, 2025 18:22
@graceboniface graceboniface changed the base branch from master to carljm-VERSION-hint May 19, 2025 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.