ci/security/test: automated audit fixes for QuantStrategyPlugins#35
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1985a51ad6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| readme = "README.md" | ||
| requires-python = ">=3.11" | ||
| license = { text = "MIT" } | ||
| license = "MIT" |
There was a problem hiding this comment.
Bump setuptools floor for SPDX license syntax
When an isolated PEP 517 build is resolved against a constrained index/cache with setuptools 69.x–76.x, this new string form is still allowed by [build-system].requires = ["setuptools>=69", ...] but those setuptools versions do not support PEP 639 SPDX license expressions in project.license (support starts in 77.0.0). That makes package builds fail in environments that legitimately satisfy the declared backend requirement; either keep the table form or raise the setuptools lower bound to >=77.
Useful? React with 👍 / 👎.
Summary
project.licensemetadata to remove setuptools deprecation warnings during package buildsProblems found
python -m buildemitted a setuptools deprecation warning becauseproject.licenseused TOML table syntaxFixes applied
pyproject.tomlfrom table-form license metadata to SPDX string form:license = "MIT"Security impact
Architecture impact
Tests run
.venv-audit/bin/ruff check ..venv-audit/bin/python -m pytest -q.venv-audit/bin/python -m buildactionlintgit diff --checkFailed or skipped checks with reasons
Deployment notes
Rollback plan
1985a51Manual follow-up checklist