Kyle Benesch

Updating `actions/download-artifact` without also updating `actions/upload-artifact` is likely to break the workflow. I don't imagine this CVE being triggered by a Python Flit distribution, so I'd consider this a low...

Either ignore this, or switch both `actions/upload-artifact` and `actions/download-artifact` to `@4`. I'd recommend the latter. `actions/upload-artifact@4` lets one configure the compression level which should be zero when uploading already compressed...

Should Delocate add an alternative syntax for handing `DYLD_LIBRARY_PATH`? Such as an `--extra-library-path ` argument?

It's unfortunate that the [Binary distribution format](https://packaging.python.org/en/latest/specifications/binary-distribution-format/) was vague about this.

> This breaks the wheel metadata file when delocate is run on wheels which already specify a Generator - for example they are built with scikit. All tools which make...

For now I'll wait for feedback on https://github.com/pypa/packaging.python.org/issues/1812 It's possible that reverting https://github.com/matthew-brett/delocate/pull/234/commits/a9b9d0c07a90cb2fc4553ca0c2d708288dcceba2 might be the only real solution to this depending on how things go.

> I'm not willing to remove the `repr` parameter from `typing_extensions.Sentinel` without a deprecation. However, I'm OK to re-export the builtin Sentinel class in 3.15 (if it makes it in),...

I've replaced the `__reduce__` method with a version using pickle's singleton support. This is the most conservative and inoffensive option for a new reduce function since it doesn't add a...

**Edit: all of this is no longer relevant for this PR** Note on behavior regarding the sentinel registry and imported sentinels: ```py class MISSING: pass assert Sentinel("MISSING") is MISSING #...

> Constructing a class shouldn't look around in the globals for other stuff that might be using the same name. That was necessary to handle unpickling until I finally implemented...