Merge PRs #190, #184, #185, #189 and #194 into unstable/v1

.pre-commit-config.yaml

@@ -5,7 +5,7 @@ ci:
 
 repos:
 - repo: https://github.com/asottile/add-trailing-comma.git
-  rev: v3.0.0
+  rev: v3.1.0
   hooks:
   - id: add-trailing-comma
 
@@ -17,12 +17,12 @@ repos:
     - --honor-noqa
 
 - repo: https://github.com/Lucas-C/pre-commit-hooks.git
-  rev: v1.5.1
+  rev: v1.5.4
   hooks:
   - id: remove-tabs
 
 - repo: https://github.com/python-jsonschema/check-jsonschema.git
-  rev: 0.23.2
+  rev: 0.27.0
   hooks:
   - id: check-github-actions
   - id: check-github-workflows
@@ -62,7 +62,7 @@ repos:
     language_version: python3
 
 - repo: https://github.com/codespell-project/codespell
-  rev: v2.2.5
+  rev: v2.2.6
   hooks:
   - id: codespell
 
@@ -78,7 +78,7 @@ repos:
     - --strict
 
 - repo: https://github.com/PyCQA/flake8.git
-  rev: 6.0.0
+  rev: 6.1.0
   hooks:
   - id: flake8
     alias: flake8-no-wps
@@ -98,7 +98,7 @@ repos:
 
 - repo: https://github.com/PyCQA/flake8.git
   # NOTE: This is kept at v4 for until WPS starts supporting flake v5.
-  rev: 4.0.1  # enforce-version: 4.0.1
+  rev: 6.1.0  # enforce-version: 4.0.1
   hooks:
   - id: flake8
     alias: flake8-only-wps
@@ -130,7 +130,7 @@ repos:
     - wemake-python-styleguide ~= 0.17.0
 
 - repo: https://github.com/PyCQA/pylint.git
-  rev: v3.0.0a6
+  rev: v3.0.0
   hooks:
   - id: pylint
     args:

requirements/runtime-prerequisites.txt

@@ -5,8 +5,8 @@
 #    pip-compile --allow-unsafe --output-file=requirements/runtime-prerequisites.txt --resolver=backtracking --strip-extras requirements/runtime-prerequisites.in
 #
 pip-with-requires-python==1.0.1
-    # via -r requirements/runtime-prerequisites.in
+    # via -r runtime-prerequisites.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==22.3.1
+pip==23.3
     # via pip-with-requires-python

requirements/runtime.txt

@@ -14,7 +14,7 @@ cffi==1.15.1
     # via cryptography
 charset-normalizer==3.2.0
     # via requests
-cryptography==41.0.3
+cryptography==41.0.6
     # via secretstorage
 docutils==0.20.1
     # via readme-renderer
@@ -76,7 +76,7 @@ typing-extensions==4.7.1
     # via
     #   pydantic
     #   pydantic-core
-urllib3==2.0.6
+urllib3==2.0.7
     # via
     #   requests
     #   twine

twine-upload.sh

@@ -40,6 +40,13 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
 INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
 INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
 
+PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads deprecated::\
+Starting in 2024, PyPI will require all users to enable Two-Factor \
+Authentication. This will consequently require all users to switch \
+to either Trusted Publishers (preferred) or API tokens for package \
+uploads. Read more: \
+https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
+
 TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
 Trusted Publishers allows publishing packages to PyPI from automated \
 environments like GitHub Actions without needing to use username/password \
@@ -69,6 +76,7 @@ else
         "against ${INPUT_REPOSITORY_URL}"
 
     if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
+        echo "${PASSWORD_DEPRECATION_NUDGE}"
         echo "${TRUSTED_PUBLISHING_NUDGE}"
     fi
 fi