Skip to content

ci/security/test: automated audit fixes for QuantStrategyPlugins#35

Merged
Pigbibi merged 2 commits into
mainfrom
codex/audit-fix-20260702-0552
Jul 1, 2026
Merged

ci/security/test: automated audit fixes for QuantStrategyPlugins#35
Pigbibi merged 2 commits into
mainfrom
codex/audit-fix-20260702-0552

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • modernize project.license metadata to remove setuptools deprecation warnings during package builds

Problems found

  • python -m build emitted a setuptools deprecation warning because project.license used TOML table syntax

Fixes applied

  • changed pyproject.toml from table-form license metadata to SPDX string form: license = "MIT"

Security impact

  • none; no secrets, permissions, runtime config, or execution logic changed

Architecture impact

  • none; packaging metadata only

Tests run

  • .venv-audit/bin/ruff check .
  • .venv-audit/bin/python -m pytest -q
  • .venv-audit/bin/python -m build
  • actionlint
  • git diff --check

Failed or skipped checks with reasons

  • none

Deployment notes

  • no deployment required

Rollback plan

  • revert commit 1985a51

Manual follow-up checklist

  • confirm PR checks pass
  • merge after human review / branch protection requirements

@Pigbibi Pigbibi added codex AI Codex operations github_actions Pull requests that update GitHub Actions python Python ecosystem human-review-required Requires human review before merge labels Jul 1, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1985a51ad6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread pyproject.toml
readme = "README.md"
requires-python = ">=3.11"
license = { text = "MIT" }
license = "MIT"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Bump setuptools floor for SPDX license syntax

When an isolated PEP 517 build is resolved against a constrained index/cache with setuptools 69.x–76.x, this new string form is still allowed by [build-system].requires = ["setuptools>=69", ...] but those setuptools versions do not support PEP 639 SPDX license expressions in project.license (support starts in 77.0.0). That makes package builds fail in environments that legitimately satisfy the declared backend requirement; either keep the table form or raise the setuptools lower bound to >=77.

Useful? React with 👍 / 👎.

@Pigbibi Pigbibi enabled auto-merge (squash) July 1, 2026 21:57
@Pigbibi Pigbibi merged commit fff36ce into main Jul 1, 2026
2 checks passed
@Pigbibi Pigbibi deleted the codex/audit-fix-20260702-0552 branch July 2, 2026 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

codex AI Codex operations github_actions Pull requests that update GitHub Actions human-review-required Requires human review before merge python Python ecosystem

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant