Cannot upload from Jazzband to PyPI due to outdated dependencies #360
Description
Short version: Update Metadata package to 2.3+ on https://github.com/jazzband/website to fix PyPI releasing
Describe the bug
I've made a release from GitHub Actions to the Jazzband staging area, but I can't release from there to PyPI because https://github.com/jazzband/website has outdated dependencies.
To Reproduce
Steps to reproduce the behavior:
- Go to https://jazzband.co/projects/prettytable/upload/1195/release
- Enter "prettytable" in the project name box
- Click Release
- See error:
Release of prettytable-3.10.1.tar.gz failed.
Standard outputUploading distributions to https://upload.pypi.org/legacy/ �[31mERROR �[0m InvalidDistribution: Metadata is missing required fields: Name, Version. Make sure the distribution includes the files where those fields are specified, and is using a supported Metadata-Version: 1.0, 1.1, 1.2, 2.0, 2.1, 2.2.
Expected behavior
Package uploaded to PyPI.
Additional context
Metadata 2.3 has been released, so dependencies need updating on the Jazzband website.
GitHub Actions -> PyPI worked because they have the latest tools, like twine==5.0.0 and pkginfo==1.10.0:
However, the Jazzband website has pinned dependencies, like twine==4.0.2 and pkginfo==1.9.6:
- https://github.com/jazzband/website/blob/693860ef2ec8e86345df53f5814d9d4a9e172e8f/requirements.txt#L717
- https://github.com/jazzband/website/blob/693860ef2ec8e86345df53f5814d9d4a9e172e8f/requirements.txt#L1027
That repo does use Dependabot, but there's some unmerged PRs like jazzband/website#1148 which have this banner at the top:
Dependabot updates are paused
We noticed you haven't used Dependabot in a while, so we've paused automated Dependabot updates for this repository. To resume, simply interact with Dependabot.
For example, merge a Dependabot pull request or use @dependabot rebase. See open Dependabot pull requests or learn more about pausing of activity.
- Please could you re-enable Dependabot and update those dependencies?
- I have a 10-month-old request to transfer out this project, please could you check this too? Transfer Out: PrettyTable #340
- For other Jazzband projects, we should look into using the new Trusted Publishers to skip the staging area.
Thank you!