xmlsec 1.3.13 package metadata shows version 0.0.0, causing incorrect installation

[Vojtrex]

When installing xmlsec==1.3.13 via pip, the installer warns that the requested version 1.3.13 does not match the version metadata inside the package, which is 0.0.0. As a result, pip ends up installing version 0.0.0 instead of the specified 1.3.13.

The relevant warning message is:

WARNING: Requested xmlsec==1.3.13 from https://files.pythonhosted.org/packages/.../xmlsec-1.3.13.tar.gz (from -r requirements.txt (line 7)), but installing version 0.0.0
Discarding ... (requires-python:>=3.5): Requested xmlsec==1.3.13 ... has inconsistent version: expected '1.3.13', but metadata has '0.0.0'

Steps to reproduce:

Add xmlsec==1.3.13 to requirements.txt

Run pip install -r requirements.txt or pip install xmlsec==1.3.13

Expected behavior:
xmlsec version 1.3.13 should be installed correctly, with matching version metadata.

Actual behavior:
The installation fails to recognize the correct version and installs version 0.0.0 instead, due to incorrect metadata in the source distribution.

Additional information:

This appears to be an issue with the package metadata inside the xmlsec-1.3.13.tar.gz source distribution on PyPI.

Installing from a wheel (if available) or trying earlier versions might avoid the problem.

Upgrading pip and clearing cache do not resolve the issue.

[potiuk]

This was due to setuptools-scm 9.1.0 - i reported the issue and they yanked the version now, so everything should work back.

[mxamin]

Thanks @potiuk.
@Vojtrex Can you try that again and see if you still see the same issue? Use setuptools-scm v8.3.1 or lower.

[joshsny]

Was experiencing this also, have retried the CI runs that were failing with this problem and they are now working 👍

[Vojtrex]

thank you @potiuk and @mxamin .

The issue seems resolved now. Closing this issue.