diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index de2c13a..096fad8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,7 +5,7 @@ ci: repos: - repo: https://github.com/asottile/add-trailing-comma.git - rev: v3.0.0 + rev: v3.1.0 hooks: - id: add-trailing-comma @@ -17,12 +17,12 @@ repos: - --honor-noqa - repo: https://github.com/Lucas-C/pre-commit-hooks.git - rev: v1.5.1 + rev: v1.5.4 hooks: - id: remove-tabs - repo: https://github.com/python-jsonschema/check-jsonschema.git - rev: 0.23.2 + rev: 0.27.0 hooks: - id: check-github-actions - id: check-github-workflows @@ -62,7 +62,7 @@ repos: language_version: python3 - repo: https://github.com/codespell-project/codespell - rev: v2.2.5 + rev: v2.2.6 hooks: - id: codespell @@ -78,7 +78,7 @@ repos: - --strict - repo: https://github.com/PyCQA/flake8.git - rev: 6.0.0 + rev: 6.1.0 hooks: - id: flake8 alias: flake8-no-wps @@ -98,7 +98,7 @@ repos: - repo: https://github.com/PyCQA/flake8.git # NOTE: This is kept at v4 for until WPS starts supporting flake v5. - rev: 4.0.1 # enforce-version: 4.0.1 + rev: 6.1.0 # enforce-version: 4.0.1 hooks: - id: flake8 alias: flake8-only-wps @@ -130,7 +130,7 @@ repos: - wemake-python-styleguide ~= 0.17.0 - repo: https://github.com/PyCQA/pylint.git - rev: v3.0.0a6 + rev: v3.0.0 hooks: - id: pylint args: diff --git a/requirements/runtime-prerequisites.txt b/requirements/runtime-prerequisites.txt index 8cad830..ab411a2 100644 --- a/requirements/runtime-prerequisites.txt +++ b/requirements/runtime-prerequisites.txt @@ -5,8 +5,8 @@ # pip-compile --allow-unsafe --output-file=requirements/runtime-prerequisites.txt --resolver=backtracking --strip-extras requirements/runtime-prerequisites.in # pip-with-requires-python==1.0.1 - # via -r requirements/runtime-prerequisites.in + # via -r runtime-prerequisites.in # The following packages are considered to be unsafe in a requirements file: -pip==22.3.1 +pip==23.3 # via pip-with-requires-python diff --git a/requirements/runtime.txt b/requirements/runtime.txt index dc497f2..9c81529 100644 --- a/requirements/runtime.txt +++ b/requirements/runtime.txt @@ -14,7 +14,7 @@ cffi==1.15.1 # via cryptography charset-normalizer==3.2.0 # via requests -cryptography==41.0.3 +cryptography==41.0.6 # via secretstorage docutils==0.20.1 # via readme-renderer @@ -76,7 +76,7 @@ typing-extensions==4.7.1 # via # pydantic # pydantic-core -urllib3==2.0.6 +urllib3==2.0.7 # via # requests # twine diff --git a/twine-upload.sh b/twine-upload.sh index e11c559..e4d5149 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -40,6 +40,13 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')" INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')" INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')" +PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads deprecated::\ +Starting in 2024, PyPI will require all users to enable Two-Factor \ +Authentication. This will consequently require all users to switch \ +to either Trusted Publishers (preferred) or API tokens for package \ +uploads. Read more: \ +https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/" + TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\ Trusted Publishers allows publishing packages to PyPI from automated \ environments like GitHub Actions without needing to use username/password \ @@ -69,6 +76,7 @@ else "against ${INPUT_REPOSITORY_URL}" if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then + echo "${PASSWORD_DEPRECATION_NUDGE}" echo "${TRUSTED_PUBLISHING_NUDGE}" fi fi