The release 2026.4.6.124150327040 in pypi is perfectly safe however it was due to a build misconfiguration related to a uv update. I've since yanked the release from pypi while I figure out what went wrong and how to re-release with the proper version.
This was the "bad" release CI job: https://github.com/syrupy-project/syrupy/actions/runs/24032181546/job/70083201364. I think I'll just try migrate to #990 at this point.
Since I suspect there was a bit of a vulnerability scare with this one (it does look suspicious), once I have the release sorted out, I'll also enable immutable releases in this repo as well as trusted publishing. FWIW, my account is the only one that has write access to the syrupy pypi account and has MFA enabled -- both pypi and GitHub.
The release 2026.4.6.124150327040 in pypi is perfectly safe however it was due to a build misconfiguration related to a uv update. I've since yanked the release from pypi while I figure out what went wrong and how to re-release with the proper version.
This was the "bad" release CI job: https://github.com/syrupy-project/syrupy/actions/runs/24032181546/job/70083201364. I think I'll just try migrate to #990 at this point.
Since I suspect there was a bit of a vulnerability scare with this one (it does look suspicious), once I have the release sorted out, I'll also enable immutable releases in this repo as well as trusted publishing. FWIW, my account is the only one that has write access to the syrupy pypi account and has MFA enabled -- both pypi and GitHub.