Bump setuptools-scm from 10.0.5 to 10.2.0

[dependabot]

Bumps setuptools-scm from 10.0.5 to 10.2.0.

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.2.0

Added

• Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions. (#1445)

Miscellaneous

• Move PKG-INFO discovery tests from vcs-versioning to setuptools-scm where the entry points are registered. (#1446)

setuptools-scm v10.1.2

Fixed

• Fix DeprecationWarning leak by threading VcsEnvironment through VersionInferenceConfig and using env.make_reader() in _should_write_to_source. (#1424)

setuptools-scm v10.1.1

Fixed

• Update CI to use PyPy 3.11 as cryptography has no PyPy 3.10 build available (#1421)

setuptools-scm v10.1.0

Added

• Add backward-compatible shims in setuptools_scm.git, setuptools_scm.hg, setuptools_scm.hg_git, and setuptools_scm.scm_workdir so that external code calling get_scm_version(config) or run_describe(config) with an explicit Configuration continues to work. The shim automatically wires _config and VcsEnvironment onto the workdir. (#compat-shims)
• Write scm_version.json and scm_file_list.json into egg-info directories during egg_info, enabling sdist fallback version inference when no VCS is present. Add ScmEggInfoMixin for workdir-based file finding in find_sources(). (#egg-info-metadata)
• Add write_to_source pyproject.toml option to control whether version files are written to the source tree. When unset, a deprecation warning advises setting it explicitly before the default changes in a future major release. The SETUPTOOLS_SCM_WRITE_TO_SOURCE environment variable overrides this setting. (#1301)
• Adopt the workdir-centric pipeline from vcs-versioning: version discovery now follows an explicit env → config → workdir → version chain instead of relying on ambient globals and parse entry points. The egg_info command writes scm_version.json and scm_file_list.json metadata so sdists can infer versions without a VCS checkout. Requires vcs-versioning >= 2.0.0.dev0. (#1378)

Fixed

• Fix worktree file listing test to expect relative paths from the file finder. The test now passes on Linux; Windows remains xfail due to a subprocess limitation with worktree directories. (#620)
• Remove the _warn_on_old_setuptools() check that incorrectly warned when a custom build-backend caused setuptools.__version__ to return the project version instead of setuptools' version. The minimum setuptools version is now enforced via build-system requirements. (#1192)
• Wrap version in setuptools.sic() when normalize = false to prevent setuptools from re-normalizing the version after our hook returns. This preserves CalVer zero-padding (e.g. 2024.01.05) and other non-canonical version strings in dist.metadata.version. (#1354)
• Skip writing non-package version files to build_lib, fixing incorrect inclusion of root-level version files in wheels. (#1364)

Documentation

• Rewrite the GitHub Actions CI/CD example to use a dedicated build job (via build-and-inspect-python-package) and OIDC Trusted Publishers instead of building in publishing jobs with long-lived API tokens. (#1215)

Commits

• a705891 Merge pull request #1448 from pypa/release/main
• 630448e Prepare release: setuptools-scm v10.2.0, vcs-versioning v2.2.0
• aaf4950 Merge pull request #1445 from RonnyPfannschmidt/python-legacy
• dd60bf9 Merge pull request #1447 from RonnyPfannschmidt/fix/1446-move-pkginfo-tests
• 535f5ff fix: move PKG-INFO discovery tests to setuptools-scm (#1446)
• 3546a0e feat: restore Python 3.8 and 3.9 support
• 0cde123 Merge pull request #1443 from pypa/release/main
• 51bc391 Prepare release: vcs-versioning v2.1.2
• 310f3c3 Merge pull request #1442 from RonnyPfannschmidt/fix/1439-metadata-workdir-cus...
• b7b70a8 fix: don't re-parse stored tags through tag_regex in MetadataWorkdir (#1439)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)