From 576aae3934b120d7d574caf5719073307484ac6c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Apr 2024 04:51:56 +0000
Subject: [PATCH 1/3] build(deps): bump idna from 3.6 to 3.7 in /requirements

Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements/runtime.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index cdeaa1d..40837e2 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -18,7 +18,7 @@ docutils==0.20.1
     # via readme-renderer
 id==1.3.0
     # via -r runtime.in
-idna==3.6
+idna==3.7
     # via requests
 importlib-metadata==7.0.2
     # via twine

From 04f4e64de3e0b0a29f25df2bf968d464e819f2f5 Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
Date: Thu, 16 May 2024 16:29:54 +0200
Subject: [PATCH 2/3] Set Python 3.11 for the `flake8-commas` linter

It doesn't yet support 3.12 and is an unconditional dependency of WPS.
---
 .pre-commit-config.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6c264cd..8f8974f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -128,6 +128,7 @@ repos:
     - WPS
     additional_dependencies:
     - wemake-python-styleguide ~= 0.17.0
+    language_version: python3.11  # flake8-commas doesn't work w/ Python 3.12
 
 - repo: https://github.com/PyCQA/pylint.git
   rev: v3.0.3

From 771d60f44b703a646dc514cf960c7f0bd670131e Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Thu, 16 May 2024 11:07:28 -0400
Subject: [PATCH 3/3] Eliminate future tense in the password nudge in
 `twine-upload`

Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.

Signed-off-by: William Woodruff <william@trailofbits.com>

PR #234
Fixes #233
---
 twine-upload.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/twine-upload.sh b/twine-upload.sh
index 62de5d5..592a366 100755
--- a/twine-upload.sh
+++ b/twine-upload.sh
@@ -40,9 +40,9 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
 INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
 INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
 
-PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads deprecated::\
-Starting in 2024, PyPI will require all users to enable Two-Factor \
-Authentication. This will consequently require all users to switch \
+PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads disabled::\
+As of 2024, PyPI requires all users to enable Two-Factor \
+Authentication. This consequently requires all users to switch \
 to either Trusted Publishers (preferred) or API tokens for package \
 uploads. Read more: \
 https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
@@ -74,6 +74,7 @@ else
     if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
         echo "${PASSWORD_DEPRECATION_NUDGE}"
         echo "${TRUSTED_PUBLISHING_NUDGE}"
+        exit 1
     fi
 fi