Bump flit from 3.8.0 to 3.9.0

[dependabot]

Bumps flit from 3.8.0 to 3.9.0.

Changelog

Sourced from flit's changelog.

Release history

Version 3.9

• New options :option:flit build --use-vcs and :option:flit build --no-use-vcs to enable & disable including all committed files in the sdist. For now --use-vcs is the default, but this is likely to change in a future version, to bring flit build in line with standard build frontends like python -m build (:ghpull:625).
• Sdist file names, and the name of the top-level folder in an sdist, are now normalised, in accordance with :pep:625 (:ghpull:628).
• A statically defined version number can now be parsed from files called version.py, _version.py or __version__.py inside a package, as well as from __init__.py, so executing code is required in fewer cases (:ghpull:630).
• Fix setting the flag for regular files in zip metadata (:ghpull:639).
• The timestamp embedded in the gzip wrapper for sdists now defaults to a fixed date, so building an sdist twice on the same machine should produce identical results, even without any special steps (:ghpull:635). Setting :envvar:SOURCE_DATE_EPOCH is still recommended for properly :doc:reproducible builds <reproducible>.

Version 3.8

• A project name containing hyphens is now automatically translated to use underscores for the import name (:ghpull:566).
• New option :option:flit install --only-deps to install the dependencies of the package, but not the package itself.
• Add support for recursive globbing (**) in sdist includes and excludes (:ghpull:550).
• Python's bytecode cache files (__pycache__ folders and .pyc files) are now always excluded from sdists (:ghpull:581).
• Use tomllib in Python 3.11, rather than tomli (:ghpull:573, :ghpull:604).
• Fix crash when unable to get a password from keyring (:ghpull:567).
• Fix including modified files in sdist when using Mercurial (:ghpull:541).
• Fix for some cases of determining whether a package supports Python 2 or not (:ghpull:593).
• Fix parsing version number from code using multiple assignments (:ghpull:474).
• Document how to use a PyPI token with :envvar:FLIT_PASSWORD (:ghpull:602).
• Fix link to information about environment variables for pip (:ghpull:576).
• Link to the docs for the latest stable version in package metadata (:ghpull:589).
• Remove a mention of the toml package, which is no longer needed, from the :doc:development page (:ghpull:601).
• The :doc:bootstrap <bootstrap> install script for flit_core accepts a new --install-root option.
• Ensure the license file is included in packages on PyPI (:ghpull:603).

... (truncated)

Commits

• c8ae08d Bump version: 3.8.0 → 3.9.0
• 1043d79 Merge pull request #642 from pypa/relnotes-3.9
• 73a0b1b Try adding RTD config file
• a19b966 Add release notes for 3.9
• d7c8cc0 Merge pull request #628 from mgorny/normalize-sdist
• 070be04 Merge pull request #635 from pypa/sdist-timestamp-2016
• 43604be Merge pull request #639 from henryiii/henryiii/fix/zipinfo
• 9fc3ba0 fix: regular file flag was not set
• 0c6608f Merge pull request #630 from amyreese/version-file
• 9be0c3e Fix indentation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)