Jason R. Coombs
Jason R. Coombs
@pradyunsg or @takluyver ^
To be sure, the long-term strategy is to eliminate reliance on pkg_resources, remove it from this package, and then move setuptools' own tests into `./tests` such that they are only...
I'd rather not add artifacts to the source code that this project doesn't care about, as it could get removed incidentally and also could linger long after it's needed. It...
Another option I'd prefer instead of adding a license would be to define this fixture in code and build it dynamically at runtime rather than store it as source in...
> I like the runtime generation idea. Before we go down that route, I'd hope that Trivy could be updated or configured to avoid this false positive.
Thanks for the report. Without looking at the code, I agree the API should provide a documented expectation for erroneous inputs, especially if callers are relying on that interface to...
Looking at this again, I see notice that the `assert match is not None` was probably put there to satisfy linters (and also to assert a match is always expected).
> May I suggest that either `.extras` or `.__init__` raises a specific exception when this happens? I've also observed that the issue affects `.module` and `.attr` and `.load`. I'm trying...
Let's proceed with this change.
I'm working on twine again and this issue is once again affecting me and still attempting to leak my secrets.