warehouse
warehouse copied to clipboard
pypi
The Python Package Index
**Describe the bug** This JSON API reference: https://github.com/pypi/warehouse/blob/main/docs/dev/api-reference/json.rst Is missing documentation on the "dynamic" and "provides_extra" fields, added in versions 2.2 and 2.3 of the core metadata specification (https://packaging.python.org/en/latest/specifications/core-metadata/). The...
Our MVP implementation (#10753) assumes that the workflow is in the same repository, which is [not necessarily true](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows). We should support reusable workflows, specifically via the `job_workflow_ref` claim.
**What's the problem this feature will solve?** Currently, PyPI has two "collaborator" roles: - "Owners" can do anything they want to a project - "Maintainers" can only upload new releases....
**What's the problem this feature will solve?** In the newly announced organization accounts, non-profits are mentioned in the announcement. In signing up to create such an account, only "company" and...
I noticed this while working on #16260: the regex used to validate project names in some context permits trailing newlines in the project name. This is because in Python regexes...
Resolves all merge conflicts that have crept in from #8941 since the last commit to that branch. This commit does *not* attempt to resolve any comments on the original PR,...
This also resolves a TODO now that we don't have any un-rendered descriptions in the database.
This PR addresses https://github.com/pypi/warehouse/issues/15852 Notably, it prevents names from : - being in the reserved GitLab name list - ending with `.atom` or `.git` - ending with something else than...
This is extracting a (small) piece of https://github.com/pypi/warehouse/pull/14716 out into it's own PR, with the overarching goal of making the `file_upload` endpoint easier to read and reason about what's happening....
Counter-StarJacking feature POC - mention about metainformation stealing via .pypi_acknowledged file
This PR represents a poc of StarJacking protection feature. [StarJacking on Mitre](https://capec.mitre.org/data/definitions/693.html) I suggest to use a `.pypi_acknowledged` file to set that GitHub repository is acknowledged that some PyPI packages...
