Bump flit from 3.9.0 to 3.11.0

[dependabot]

Bumps flit from 3.9.0 to 3.11.0.

Changelog

Sourced from flit's changelog.

Release history

Version 3.11

• Support for SPDX license expressions and multiple license files, as detailed in :pep:639::

    license = "BSD-3-Clause"
    license-files = ["LICENSE"]
  

  For now, only a single license identifier is allowed. More complex expressions describing multiple licenses & expressions may be supported in a future version.

• The metadata format <https://packaging.python.org/en/latest/specifications/core-metadata/>_ in produced packages is now version 2.4, to support the expanded license information.

Version 3.10.1

• The sdist of flit_core now includes the corresponding tests (:ghpull:704). These were missing in 3.10.

Version 3.10

• flit publish can now use PyPI tokens stored in keyring (:ghpull:649), either project tokens with a 'username' like :samp:pypi_token:project:{project_name} (use the normalised form of the name <https://packaging.python.org/en/latest/specifications/name-normalization/>_) or user tokens (:samp:pypi_token:user:{username}).
• The --python option can now take the path of a virtualenv folder, as an alternative to a Python executable (:ghpull:667).
• Flit will work with current development versions of Pythona again (:ghpull:684).
• The flit command line package now requires Python 3.8 or above (:ghpulL:660). flit_core still works with Python 3.6 or above.
• The metadata in packages now has the names of optional dependency groups ("extras") normalised, complying with version 2.3 of the metadata standard (:ghpull:676, :ghpull:697).
• The flit command line package now depends on pip (:ghpull:647).
• Fix potential substitution of environment variables into passwords read from .pypirc files (:ghpull:652).
• A warning is now shown when building packages which specify the old flit.buildapi backend, which should be replaced by flit_core.buildapi (:ghpull:674). It's a good idea to always set a maximum version for the build requirement, to protect against changes in future major versions of Flit.
• Avoid using the deprecated datetime.utcfromtimestamp() (:ghpull:682).
• Flit now has a SECURITY.md file in the Github repository (:ghpull:665).

... (truncated)

Commits

• 5f8c75f Merge pull request #722 from pypa/changelog-3.11
• 389c23c Bump version: 3.10.1 → 3.11.0
• d2137f3 Prepare release notes for 3.11
• e7c4239 Merge pull request #715 from pypa/metadata-2.4
• 48d9a3c Merge pull request #719 from pypa/init-license-expr
• 30bf6b6 Fix failing test for flit init
• 1ddd569 Simplify some code using pathlib read_text & write_text methods
• dd49ea6 Create new style license metadata with flit init
• 17f9142 Merge pull request #717 from cdce8p/update-doc-license
• e29cefc Update pyproject example in docs with license expression
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #89.