diff --git a/requirements/runtime-constraints.in b/requirements/runtime-constraints.in new file mode 100644 index 0000000..a934c36 --- /dev/null +++ b/requirements/runtime-constraints.in @@ -0,0 +1,20 @@ +############################################################################### +# # +# This file is only meant to exclude broken dependency versions, not feature # +# dependencies. # +# # +# GUIDELINES: # +# 1. Only list PyPI project versions that need to be excluded using `!=` # +# and `<`. # +# 2. It is allowed to have transitive dependency limitations in this file. # +# 3. Apply bare minimum constraints under narrow conditions, use # +# environment markers if possible. E.g. `; python_version < "3.12"`. # +# 4. Whenever there are no constraints, let the file and this header # +# remain in Git. # +# # +############################################################################### + +# NOTE: 1.12.0 and later enable support for metadata 2.4 +# NOTE: This can be dropped once twine stops using pkginfo +# Ref: https://github.com/pypa/twine/pull/1180 +pkginfo ~= 1.12.0 diff --git a/requirements/runtime.in b/requirements/runtime.in index 63d2a7d..c2060b7 100644 --- a/requirements/runtime.in +++ b/requirements/runtime.in @@ -1,9 +1,6 @@ -twine ~= 6.0 +-c runtime-constraints.in # limits known broken versions -# NOTE: 1.12.0 and later enable support for metadata 2.4 -# NOTE: This can be dropped once twine stops using pkginfo -# Ref: https://github.com/pypa/twine/pull/1180 -pkginfo ~= 1.12.0 +twine ~= 6.0 # NOTE: Used to detect an ambient OIDC credential for OIDC publishing, # NOTE: as well as PEP 740 attestations. diff --git a/requirements/runtime.txt b/requirements/runtime.txt index 638b3cf..98bbda9 100644 --- a/requirements/runtime.txt +++ b/requirements/runtime.txt @@ -68,7 +68,7 @@ packaging==24.1 # twine pkginfo==1.12.0 # via - # -r runtime.in + # -c runtime-constraints.in # twine platformdirs==4.2.2 # via sigstore