Skip to content

changelog.rst

Latest commit

 

History

History
795 lines (521 loc) · 28.4 KB

changelog.rst

File metadata and controls

795 lines (521 loc) · 28.4 KB

Changelog

This project follows the semantic versioning and pre-release versioning schemes recommended by the Python Packaging Authority.

twine 6.2.0 (2025-09-04)

Features

  • Automatically refresh short-lived PyPI token in long running Trusted Publishing uploads.

    In the event that a trusted publishing upload job is taking longer than the validity period of a trusted publishing token (15 minutes at the time of this writing), and we are already 10 minutes into that validity period, we will begin to attempt to replace the token on each subsequent request. (#1246)

Bugfixes

  • Fix compatibility kludge for invalid License-File metadata entries emitted by build backends to work also with packaging version 24.0. (#1217)
  • Fix a couple of incorrectly rendered error messages. (#1224)
  • twine now enforces keyring >= 21.2.0, which was previously implicitly required by API usage. (#1229)
  • twine now catches configparser.Error to prevent accidental leaks of secret tokens or passwords to the user's console. (#1240)

Deprecations and Removals

  • Remove hacks that support --skip-existing for indexes other than PyPI and TestPyPI.

    To date, these hacks continue to accrue and there have been numerous issues with them, not the least of which being that every time we update them, the paid index providers change things to break the compatibility we implement for them. Beyond that, these hacks do not work when text is internationalized in the response from the index provider.

    For a sample of past issues, see:

  • Remove support for MD5 digests during uploads.

    This support was entirely vestigial, as MD5 is not a secure hash function and is not actually required on upload by PyPI.

    Indices that cross-reference the uploaded content with a digest should use the provided SHA-256 and/or BLAKE2 digests instead. (#1262)

Misc

Twine 6.1.0 (2025-01-17)

Features

Deprecations and Removals

  • Remove support for egg and wininst distribution types. These are not accepted by PyPI and not produced by any modern build-backends. (#1195)
  • Twine no longer supports .tar.bz2 source distributions. (#1200)

Misc

  • packaging is used instead of pkginfo for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. packaging version 24.0 or later is required. Support for metadata version 2.4 requires packaging 24.2 or later. pkginfo is not a dependency anymore. (#1180)
  • Use "source" instead of None as pyversion for sdist uploads. This is what PyPI (and most likely other package indexes) expects. (#1191)

Twine 6.0.1 (2024-11-30)

Bugfixes

  • Fixed a regression where twine check would fail to expand wildcards, e.g. twine check 'dist/*'. (#1188)

Misc

Twine 6.0.0 (2024-11-29)

Bugfixes

  • Restore support for pkginfo 1.11 (#1116)

Deprecations and Removals

  • Username for PyPI and Test PyPI now defaults to __token__ but no longer overrides a username configured in the environment or supplied on the command line. Workflows still supplying anything other than __token__ for the username when uploading to PyPI or Test PyPI will now fail. Either supply __token__ or do not supply a username at all. (#1121)

Misc

Twine 5.1.1 (2024-06-26)

Bugfixes

  • Resolve DeprecationWarnings when extracting twine metadata. (#1115)
  • Fix bug for Repository URLs with auth where the port was lost. When attempting to prevent printing authentication credentials in URLs provided with username and password, we did not properly handle the case where the URL also contains a port (when reconstructing the URL). This is now handled and tested to ensure no regressions. (#fix-repo-urls-with-auth-and-port)

Twine 5.1.0 (2024-05-15)

Features

  • Add the experimental --attestations flag. (#1095)

Twine 5.1.0 (2024-05-15)

Misc

Twine 5.0.0 (2024-02-10)

Bugfixes

  • Use email.message instead of cgi as cgi has been deprecated (#969)

Features

  • Remove support for usernames other than __token__ when uploading to PyPI and TestPyPI (#1040)

Misc

Twine 4.0.2 (2022-11-30)

Bugfixes

  • Remove deprecated function to fix twine check with pkginfo 1.9.0. (#941)

Twine 4.0.1 (2022-06-01)

Bugfixes

  • Improve logging when keyring fails. (#890)
  • Reconfigure root logger to show all log messages. (#896)

Twine 4.0.0 (2022-03-31)

Features

  • Drop support for Python 3.6. (#869)
  • Use Rich to add color to upload output. (#851)
  • Use Rich to add color to check output. (#874)
  • Use Rich instead of tqdm for upload progress bar. (#877)

Bugfixes

  • Remove Twine's dependencies from the User-Agent header when uploading. (#871)
  • Improve detection of disabled BLAKE2 hashing due to FIPS mode. (#879)
  • Restore warning for missing long_description. (#887)

Twine 3.8.0 (2022-02-02)

Features

  • Add --verbose logging for querying keyring credentials. (#849)
  • Log all upload responses with --verbose. (#859)
  • Show more helpful error message for invalid metadata. (#861)

Bugfixes

  • Require a recent version of urllib3. (#858)

Twine 3.7.1 (2021-12-07)

Improved Documentation

  • Fix broken link to packaging tutorial. (#844)

Twine 3.7.0 (2021-12-01)

Features

  • Add support for core metadata version 2.2, defined in PEP 643. (#833)

Twine 3.6.0 (2021-11-10)

Features

  • Add support for Python 3.10. (#827)

Twine 3.5.0 (2021-11-02)

Features

  • Show more helpful messages for invalid passwords. (#815)
  • Allow the --skip-existing option to work with GCP Artifact Registry. (#823)

Bugfixes

  • Add a helpful error message when an upload fails due to missing a trailing slash in the URL. (#812)
  • Generalize --verbose suggestion when an upload fails. (#817)

Twine 3.4.2 (2021-07-20)

Bugfixes

  • Improve error message for unsupported metadata. (#755)
  • Improve error message for a missing config file. (#770)
  • Do not include md5_digest or blake2_256_digest if FIPS mode is enabled on the host. This removes those fields from the metadata before sending the metadata to the repository. (#776)

Twine 3.4.1 (2021-03-16)

Bugfixes

  • Fix a regression that was causing some namespace packages with dots in them fail to upload to PyPI. (#745)

Twine 3.4.0 (2021-03-15)

Features

  • Prefer importlib.metadata for entry point handling. (#728)
  • Rely on importlib_metadata 3.6 for nicer entry point processing. (#732)
  • Eliminate dependency on setuptools/pkg_resources and replace with packaging and importlib_metadata. (#736)

Twine 3.3.0 (2020-12-23)

Features

  • Print files to be uploaded using upload --verbose (#670)
  • Print configuration file location when using upload --verbose (#675)
  • Print source and values of credentials when using upload --verbose (#685)
  • Add support for Python 3.9 (#708)
  • Turn warnings into errors when using check --strict (#715)

Bugfixes

  • Make password optional when using upload --client-cert (#678)
  • Support more Nexus versions with upload --skip-existing (#693)
  • Support Gitlab Enterprise with upload --skip-existing (#698)
  • Show a better error message for malformed files (#714)

Improved Documentation

  • Adopt PSF code of conduct (#680)
  • Adopt towncrier for the changleog (#718)

Twine 3.2.0 (2020-06-24)

Features

  • Improve display of HTTP errors during upload (#666)
  • Print packages and signatures to be uploaded when using --verbose option (#652)
  • Use red text when printing errors on the command line (#649)
  • Require repository URL scheme to be http or https (#602)
  • Add type annotations, checked with mypy, with PEP 561 support for users of Twine's API (#231)

Bugfixes

  • Update URL to .pypirc specification (#655)
  • Don't raise an exception when Python version can't be parsed from filename (#612)
  • Fix inaccurate retry message during upload (#611)
  • Clarify error messages for archive format (#601)

Twine 3.1.1 (2019-11-27)

Bugfixes

  • Restore --non-interactive as a flag not expecting an argument. (#548)

Twine 3.1.0 (2019-11-23)

Features

  • Add support for specifying --non-interactive as an environment variable. (#547)

Twine 3.0.0 (2019-11-18)

Features

  • When a client certificate is indicated, all password processing is disabled. (#336)
  • Add --non-interactive flag to abort upload rather than interactively prompt if credentials are missing. (#489)
  • Twine now unconditionally requires the keyring library and no longer supports uninstalling keyring as a means to disable that functionality. Instead, use keyring --disable keyring functionality if necessary. (#524)
  • Add Python 3.8 to classifiers. (#518)

Bugfixes

  • More robust handling of server response in --skip-existing (#332)

Twine 2.0.0 (2019-09-24)

Features

  • Twine now requires Python 3.6 or later. Use pip 9 or pin to "twine<2" to install twine on older Python versions. (#437)

Bugfixes

  • Require requests 2.20 or later to avoid reported security vulnerabilities in earlier releases. (#491)

Twine 1.15.0 (2019-09-17)

Features

  • Improved output on check command: Prints a message when there are no distributions given to check. Improved handling of errors in a distribution's markup, avoiding messages flowing through to the next distribution's errors. (#488)

Twine 1.14.0 (2019-09-06)

Features

  • Show Warehouse URL after uploading a package (#459)
  • Better error handling and gpg2 fallback if gpg not available. (#456)
  • Now provide a more meaningful error on redirect during upload. (#310)

Bugfixes

  • Fail more gracefully when encountering bad metadata (#341)

Twine 1.13.0 (2019-02-13)

Features

  • Add disable_progress_bar option to disable tqdm. (#427)
  • Allow defining an empty username and password in .pypirc. (#426)
  • Support keyring.get_credential. (#419)
  • Support keyring.get_username_and_password. (#418)
  • Add Python 3.7 to classifiers. (#416)

Bugfixes

  • Restore prompts while retaining support for suppressing prompts. (#452)
  • Avoid requests-toolbelt to 0.9.0 to prevent attempting to use openssl when it isn't available. (#447)
  • Use io.StringIO instead of StringIO. (#444)
  • Only install pyblake2 if needed. (#441)
  • Use modern Python language features. (#436)
  • Specify python_requires in setup.py (#435)
  • Use https URLs everywhere. (#432)
  • Fix --skip-existing for Nexus Repos. (#428)
  • Remove unnecessary usage of readme_render.markdown. (#421)
  • Don't crash if there's no package description. (#412)
  • Fix keyring support. (#408)

Misc

  • Refactor tox env and travis config. (#439)

Twine 1.12.1 (2018-09-24)

Bugfixes

  • Fix regression with upload exit code (#404)

Twine 1.12.0 (2018-09-24)

Features

  • Add twine check command to check long description (#395)
  • Drop support for Python 3.3 (#392)
  • Empower --skip-existing for Artifactory repositories (#363)

Bugfixes

  • Avoid MD5 when Python is compiled in FIPS mode (#367)

Twine 1.11.0 (2018-03-19)

Features

  • Remove PyPI as default register package index. (#320)
  • Support Metadata 2.1 (PEP 566), including Markdown for description fields. (#319)

Bugfixes

  • Raise exception if attempting upload to deprecated legacy PyPI URLs. (#322)
  • Avoid uploading to PyPI when given alternate repository URL, and require http:// or https:// in repository_url. (#269)

Misc

Twine 1.10.0 (2018-03-07)

Features

  • Link to changelog from README (#46)
  • Reorganize & improve user & developer documentation. (#304)
  • Revise docs predicting future of twine (#303)
  • Add architecture overview to docs (#296)
  • Add doc building instructions (#295)
  • Declare support for Python 3.6 (#257)
  • Improve progressbar (#256)

Bugfixes

  • Degrade gracefully when keyring is unavailable (#315)
  • Fix changelog formatting (#299)
  • Fix syntax highlighting in README (#298)
  • Fix Read the Docs, tox, Travis configuration (#297)
  • Fix Travis CI and test configuration (#286)
  • Print progress to stdout, not stderr (#268)
  • Fix --repository[-url] help text (#265)
  • Remove obsolete registration guidance (#200)

Twine 1.9.1 (2017-05-27)

Bugfixes

  • Blacklist known bad versions of Requests. (#253)

Twine 1.9.0 (2017-05-22)

Bugfixes

  • Twine sends less information about the user's system in the User-Agent string. (#229)
  • Fix --skip-existing when used to upload a package for the first time. (#220)
  • Fix precedence of --repository-url over --repository. (#206)

Misc

  • Twine will now resolve passwords using the keyring if available. Module can be required with the keyring extra.
  • Twine will use hashlib.blake2b on Python 3.6+ instead of pyblake2

Twine 1.8.1 (2016-08-09)

Misc

  • Check if a package exists if the URL is one of:

    • https://pypi.python.org/pypi/
    • https://upload.pypi.org/
    • https://upload.pypi.io/

    This helps people with https://upload.pypi.io still in their :file:`.pypirc` file.

Twine 1.8.0 (2016-08-08)

Features

  • Switch from upload.pypi.io to upload.pypi.org. (#201)

  • Retrieve configuration from the environment as a default. (#144)

    • Repository URL will default to TWINE_REPOSITORY
    • Username will default to TWINE_USERNAME
    • Password will default to TWINE_PASSWORD

  • Allow the Repository URL to be provided on the command-line (--repository-url) or via an environment variable (TWINE_REPOSITORY_URL). (#166)

  • Generate Blake2b 256 digests for packages if pyblake2 is installed. Users can use python -m pip install twine[with-blake2] to have pyblake2 installed with Twine. (#171)

Misc

  • Generate SHA256 digest for all packages by default.
  • Stop testing on Python 2.6.
  • Warn users if they receive a 500 error when uploading to *pypi.python.org (#199)

Twine 1.7.4 (2016-07-09)

Bugfixes

  • Correct a packaging error.

Twine 1.7.3 (2016-07-08)

Bugfixes

  • Fix uploads to instances of pypiserver using --skip-existing. We were not properly checking the return status code on the response after attempting an upload. (#195)

Misc

  • Avoid attempts to upload a package if we can find it on Legacy PyPI.

Twine 1.7.2 (2016-07-05)

Bugfixes

  • Fix issue where we were checking the existence of packages even if the user didn't specify --skip-existing. (#189) (#191)

Twine 1.7.1 (2016-07-05)

Bugfixes

  • Clint was not specified in the wheel metadata as a dependency. (#187)

Twine 1.7.0 (2016-07-04)

Features

  • Support --cert and --client-cert command-line flags and config file options for feature parity with pip. This allows users to verify connections to servers other than PyPI (e.g., local package repositories) with different certificates. (#142)
  • Add progress bar to uploads. (#152)
  • Allow --skip-existing to work for 409 status codes. (#162)
  • Implement retries when the CDN in front of PyPI gives us a 5xx error. (#167)
  • Switch Twine to upload to pypi.io instead of pypi.python.org. (#177)

Bugfixes

  • Allow passwords to have %s in them. (#186)

Twine 1.6.5 (2015-12-16)

Bugfixes

  • Bump requests-toolbelt version to ensure we avoid ConnectionErrors (#155)

Twine 1.6.4 (2015-10-27)

Bugfixes

  • Paths with hyphens in them break the Wheel regular expression. (#145)
  • Exception while accessing the repository key (sic) when raising a redirect exception. (#146)

Twine 1.6.3 (2015-10-05)

Bugfixes

  • Fix uploading signatures causing a 500 error after large file support was added. (#137, #140)

Twine 1.6.2 (2015-09-28)

Bugfixes

  • Upload signatures with packages appropriately (#132)

    As part of the refactor for the 1.6.0 release, we were using the wrong name to find the signature file.

    This also uncovered a bug where if you're using twine in a situation where * is not expanded by your shell, we might also miss uploading signatures to PyPI. Both were fixed as part of this.

Twine 1.6.1 (2015-09-18)

Bugfixes

  • Fix signing support for uploads (#130)

Twine 1.6.0 (2015-09-14)

Features

  • Allow the user to specify the location of their :file:`.pypirc` (#97)
  • Support registering new packages with twine register (#8)
  • Add the --skip-existing flag to twine upload to allow users to skip releases that already exist on PyPI. (#115)
  • Upload wheels first to PyPI (#106)
  • Large file support via the requests-toolbelt (#104)

Bugfixes

  • Raise an exception on redirects (#92)
  • Work around problems with Windows when using getpass.getpass (#116)
  • Warnings triggered by pkginfo searching for PKG-INFO files should no longer be user visible. (#114)
  • Provide more helpful messages if :file:`.pypirc` is out of date. (#111)

Twine 1.5.0 (2015-03-10)

Features

  • Support commands not named "gpg" for signing (#29)

Bugfixes

  • Display information about the version of setuptools installed (#85)
  • Support deprecated pypirc file format (#61)

Misc

  • Add lower-limit to requests dependency

Twine 1.4.0 (2014-12-12)

Features

  • Switch to a git style dispatching for the commands to enable simpler commands and programmatic invocation. (#6)
  • Parse :file:`~/.pypirc` ourselves and use subprocess instead of the distutils.spawn module. (#13)

Bugfixes

  • Expand globs and check for existence of dists to upload (#65)
  • Fix issue uploading packages with _s in the name (#47)
  • List registered commands in help text (#34)
  • Use pkg_resources to load registered commands (#32)
  • Prevent ResourceWarning from being shown (#28)
  • Add support for uploading Windows installers (#26)

Twine 1.3.0 (2014-03-31)

Features

  • Additional functionality.

Twine 1.2.2 (2013-10-03)

Features

  • Basic functionality.