There are some other simple and useful pre-commit hooks that are being used, for example, in TeoZosa's cookiecutter/cruft template and that we can add too:

• debug-statements
• check-added-large-files
• check-ast

CI/CD currently takes too long, perhaps use a finer grained selection of which nox sessions to run in which event.

Include hypothesis as part of the project.

Find a way to distinguish when to publish to PyPI vs TestPyPI.

Find a way to easily indicate that the project is stable can have its documentation at ReadTheDocs.

Check hadolint since the project now includes a Dockerfile.

Use Renovate to check dependencies and bill of materials.

Ideally, we should be able to add it as a service in the current docker-compose.yml.

Check whether the setup will allow us to move to other style of docstring and decide which.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

Include interrogate as part of the project.

Consider the pre-commit hook as well.

Add structlog-sentry-logger for logging but with pure structlog.

The current renovate configuration on docker-compose.yml is not correct.
Check the official example to set it up properly.

Ruff is missing some rules regarding imports and then pylint complains about import order.

Also, I would suggest combining the ability of ruff sorting imports into the black session (consider renaming it as well).

We should migrate the CI configuration to v1.0.
Also, now that renovate is set up, we should replace the "latest" flag for the version.
Now, for instance, the configuration for woodpecker would break the CI/CD due to breaking changes from 0.15 to 1.0.

Include MutMut for mutation tests.

Currently the project is strictly supporting 3.9, but it should be possible to support newer versions as well.

The following warning is given when building the docs:

template_sandbox.greeter.message_to_shout:7: WARNING: Field list ends without a blank line; unexpected unindent

It seems that detect-secrets has better performance and a more compatible license than trufflehog, while providing essentially the same functionality.

The changelog should only be compiled at release, while the rest of the documentation should be built "per contribution".
Hence, it would make more sense to add --draft to the call to towncrier in the docs session and document the updating the changelog in the release procedure (which should appear in the contributor's guide see #20).

Since a Dockerfile is being provided, it makes sense to add a task to the CI to ensure that the image is built properly.

Towncrier adds the content of the news pieces to the resulting changelog.

This means that all the SPDX headers added by reuse end in the changelog.

One alternative is to bulk license the markdown files in there via the .reuse/dep5 file.

Current the session calls towncrier without --yes and prompts the user for every piece of news.

Tag the minimal set of nox sessions needed to ensure a good release candidate version (see https://nox.thea.codes/en/stable/tutorial.html).

It seems that ruff still does not implement important rules from pylint (astral-sh/ruff#970).

Thus, it is reasonable to add pylint by itself.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: renovate.json
Error type: Invalid JSON (parsing failed)
Message: Syntax error: expecting String near base"], }

Commit 3f4654122dbf51569b04260cda3c8008764565ddv excluded the tests tasks from pull request trigger, but it was a false problem. It is still relevant to run the CI pipeline when a pull request is created. Moreover, it surely does make sense to keep the clone task by itself.

Vulnerabilities found in requests version 2.29.0 and in cryptography version 40.0.2

The links for versions and issues generated by towncrier are broken (pointing to another project).