{{ message }}
Join#1
Open
graceboniface wants to merge 2186 commits into
Open
Conversation
Add discussion page that links to pypackaging-native.github.io
…urce Simplify single source
…lnerability Versions of actions/download-artifact before 4.1.7 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Fore more details see: GHSA-6q32-hq47-5qq3
Update download-artifact plugin in publish-to-test-pypi.yml to fix vulnerability
PEP 639: Add documentation for Metadata 2.4, License-Expression and License-Field
Fix conflicting classification of install
Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Paul Moore <p.f.moore@gmail.com>
Signed-off-by: William Woodruff <william@yossarian.net>
This reverts commit 5a6c37d.
Signed-off-by: William Woodruff <william@yossarian.net>
Also redirects the obsolete single-source version guide to the updated single-source version discussion. Co-authored-by: Éric <merwok@netwok.org> Co-authored-by: wim glenn <hey@wimglenn.com>
Co-authored-by: Carol Willing <carolcode@willingconsulting.com>
…ash-merge Add notes on runtime version access
…ersion Point at dev dependency, which should always stay up to date
updates: - [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](pre-commit/pre-commit-hooks@v4.6.0...v5.0.0) - [github.com/astral-sh/ruff-pre-commit: v0.4.10 → v0.7.0](astral-sh/ruff-pre-commit@v0.4.10...v0.7.0)
[pre-commit.ci] pre-commit autoupdate
Update contribute.rst reference to out of date django documentation version
Co-authored-by: Filipe Laíns 🇵🇸 <filipe.lains@gmail.com>
Co-authored-by: Filipe Laíns 🇵🇸 <filipe.lains@gmail.com>
Co-authored-by: Filipe Laíns 🇵🇸 <filipe.lains@gmail.com>
Along the way, ignore a troublesome URL that's slowing down link checking significantly.
we're going to be migrating to self-hosted plausbile entirely now. drop plausible.io script, and enable outbound links
remove plausible.io
for more information, see https://pre-commit.ci
docs: update installing-packages.rst
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Add PEP 770 to specifications
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Add PEP 751
Clarify that dev releases are considered pre-releases when handling them
These steps are superfluous now that gh-action-pypi-publish generates and uploads PEP 740-compatible attestations by default on its own. (They also served a slightly different purpose than PEP 740 attestations, since they were never uploaded to PyPI and used a different format.) Closes pypa#1788. Signed-off-by: William Woodruff <william@yossarian.net>
guides: remove manual Sigstore steps from publishing guide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

No description provided.