Python pip setup.cfg #562
Comments
|
We’re currently overhauling how |
|
To add a bit more information, I need to leave a minimal setup(
name="Flask",
install_requires=[
"Werkzeug>=0.15",
"Jinja2>=2.10.1",
"itsdangerous>=0.24",
"click>=5.1",
],
extras_require={"dotenv": ["python-dotenv"]},
)The equivalent sections in [metadata]
name = Flask
[options]
install_requires =
Werkzeug>=0.15
Jinja2>=2.10.1
itsdangerous>=0.24
click>=5.1
[options.extras_require]
dotenv =
python-dotenvThe dependency graph doesn't understand |
jdufresne
added a commit
to jdufresne/asgiref
that referenced
this issue
May 30, 2020
Use a declarative syntax to avoid mixing code and configuration. Simplifies handling of long description and version by reducing some boilerplate. For details on this setuptools feature, see: https://setuptools.readthedocs.io/en/latest/setuptools.html#configuring-setup-using-setup-cfg-files Django made the same move to setup.cfg in: django/django@85efc14 The name argument remains in setup.py for compatibility with GitHub's dependency/security features. See: github/semantic#562 Additionally: - Add 'Programming Language :: Python :: 3 :: Only' trove classifier. - Remove unnecessary long_description_content_type from setup as reStructuredText is the default. - Use HTTPs for GitHub URL in setup. - Add project URLs to setup.
jdufresne
added a commit
to jdufresne/asgiref
that referenced
this issue
May 30, 2020
Use a declarative syntax to avoid mixing code and configuration. Simplifies handling of long description and version by reducing some boilerplate. For details on this setuptools feature, see: https://setuptools.readthedocs.io/en/latest/setuptools.html#configuring-setup-using-setup-cfg-files Django made the same move to setup.cfg in: django/django@85efc14 The name argument remains in setup.py for compatibility with GitHub's dependency/security features. See: github/semantic#562 Additionally: - Add 'Programming Language :: Python :: 3 :: Only' trove classifier. - Remove unnecessary long_description_content_type from setup as reStructuredText is the default. - Use HTTPs for GitHub URL in setup. - Add project URLs to setup.
andrewgodwin
pushed a commit
to django/asgiref
that referenced
this issue
May 30, 2020
Use a declarative syntax to avoid mixing code and configuration. Simplifies handling of long description and version by reducing some boilerplate. For details on this setuptools feature, see: https://setuptools.readthedocs.io/en/latest/setuptools.html#configuring-setup-using-setup-cfg-files Django made the same move to setup.cfg in: django/django@85efc14 The name argument remains in setup.py for compatibility with GitHub's dependency/security features. See: github/semantic#562 Additionally: - Add 'Programming Language :: Python :: 3 :: Only' trove classifier. - Remove unnecessary long_description_content_type from setup as reStructuredText is the default. - Use HTTPs for GitHub URL in setup. - Add project URLs to setup.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm not sure this is exactly the right place to report, but it seems logical.
Python's packaging ecosystem has long used a
setup.pyfile for package metadata. However, since 2016, it has been possible to place all the metadata instead in thesetup.cfgfile, avoiding the need for executable Python code. (docs).Although metadata has been supported since 2016, it has seen slow adoption. For example, Django has moved to it recently in 3.1 (still in alpha): django/django@85efc14 .
It seems at the moment, semantic only attempts to parse metadata from
setup.pyfiles:semantic/src/Semantic/Graph.hs
Line 331 in 46d8201
This is where I'm not so sure if this is the origin for the actual observed issue. The problem I'm chasing is that GitHub security alerts don't propagate from source repos using
setup.cfgfor their metadata, only those usingsetup.py. I'm guessing this is because they're parsed with semantic.As reported to me by @davidism, maintainer of some popular Python projects: django/asgiref#161 (comment)
The text was updated successfully, but these errors were encountered: