New updates detected with Cruft

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/cthoyt/cookiecutter-snekpack",
-  "commit": "f38be0e121ffa090bae855982c1e297fc4dcfb22",
+  "commit": "5f482dacdfb5e7f8eae5fcb7b30b0db8221217a4",
   "checkout": null,
   "context": {
     "cookiecutter": {
@@ -15,6 +15,7 @@
       "command_line_interface": true,
       "gitlab": false,
       "runner": "tox",
+      "citation_file": false,
       "__not_charlie": "",
       "__runner": "tox -e",
       "__runner_uv": "--with tox-uv tox -e",
@@ -24,7 +25,7 @@
       "__runner_tests": "py",
       "__gh_slug": "y0-causal-inference/y0",
       "_template": "https://github.com/cthoyt/cookiecutter-snekpack",
-      "_commit": "f38be0e121ffa090bae855982c1e297fc4dcfb22"
+      "_commit": "5f482dacdfb5e7f8eae5fcb7b30b0db8221217a4"
     }
   },
   "directory": null

.github/workflows/cruft.yml

@@ -30,15 +30,15 @@ jobs:
             commit-message: "chore: reject new Cruft update"
             title: Reject new updates detected with Cruft
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.10"
 
       # cf. https://github.com/astral-sh/setup-uv?tab=readme-ov-file#usage
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
 
       - name: Install Cruft
         run: uv tool install cruft
@@ -69,7 +69,7 @@ jobs:
 
       - name: Create pull request
         if: steps.check.outputs.has_changes == '1'
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           add-paths: ${{ matrix.add-paths }}

.github/workflows/tests.yml

@@ -56,9 +56,9 @@ jobs:
         # a year early, which prompted re-thinking about this.
         python-version: [ "3.14" ]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: "Install uv"
-        uses: "astral-sh/setup-uv@v3"
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true
           cache-dependency-glob: "pyproject.toml"

.github/workflows/tests.yml.rej

@@ -0,0 +1,34 @@
+diff a/.github/workflows/tests.yml b/.github/workflows/tests.yml	(rejected hunks)
+@@ -28,9 +28,9 @@ jobs:
+         python-version: [ "3.14", "3.10" ]
+         tox-command: [ "lint", "pyroma", "mypy" ]
+     steps:
+-      - uses: actions/checkout@v4
++      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+       - name: "Install uv"
+-        uses: "astral-sh/setup-uv@v3"
++        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+         with:
+           enable-cache: true
+           cache-dependency-glob: "pyproject.toml"
+@@ -78,9 +78,9 @@ jobs:
+         os: [ ubuntu-latest ]
+         python-version: [ "3.14", "3.10" ]
+     steps:
+-      - uses: actions/checkout@v4
++      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+       - name: "Install uv"
+-        uses: "astral-sh/setup-uv@v3"
++        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+         with:
+           enable-cache: true
+           cache-dependency-glob: "pyproject.toml"
+@@ -91,7 +91,7 @@ jobs:
+         run:
+           uvx -p ${{ matrix.python-version }} --with tox-uv tox -e doctests
+       - name: Upload coverage report to codecov
+-        uses: codecov/codecov-action@v4
++        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+         if: success()
+         with:
+           file: coverage.xml

README.md

@@ -377,9 +377,8 @@ $ tox -e finish
 This script does the following:
 
 1. Uses [bump-my-version](https://github.com/callowayproject/bump-my-version) to
-   switch the version number in the `pyproject.toml`, `CITATION.cff`,
-   `src/y0/version.py`, and [`docs/source/conf.py`](docs/source/conf.py) to not
-   have the `-dev` suffix
+   switch the version number in the `pyproject.toml`, `src/y0/version.py`, and
+   [`docs/source/conf.py`](docs/source/conf.py) to not have the `-dev` suffix
 2. Packages the code in both a tar archive and a wheel using
    [`uv build`](https://docs.astral.sh/uv/guides/publish/#building-your-package)
 3. Uploads to PyPI using

README.md.rej

@@ -0,0 +1,12 @@
+diff a/README.md b/README.md	(rejected hunks)
+@@ -28,8 +28,8 @@
+     <a href="https://github.com/y0-causal-inference/y0/blob/main/.github/CODE_OF_CONDUCT.md">
+         <img src="https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg" alt="Contributor Covenant"/></a>
+     <!-- uncomment if you archive on zenodo
+-    <a href="https://zenodo.org/badge/latestdoi/XXXXXX">
+-        <img src="https://zenodo.org/badge/XXXXXX.svg" alt="DOI"></a>
++    <a href="https://doi.org/10.5281/zenodo.XXXXXX">
++        <img src="https://zenodo.org/badge/DOI/10.5281/zenodo.XXXXXX.svg" alt="DOI"></a>
+     -->
+ </p>
+

justfile

@@ -0,0 +1,167 @@
+[doc("run unit and integration tests")]
+test:
+    # See the [dependency-groups] entry in pyproject.toml for "tests"
+    just coverage erase
+    uv run --group tests --all-extras -m coverage run -p -m pytest
+    just coverage combine
+    just coverage report
+    just coverage html
+
+[doc("remove testing coverage artifacts")]
+coverage-clean:
+    just coverage erase
+
+coverage-report:
+    just coverage report
+
+[doc("run `coverage` with a given subcommand")]
+@coverage command:
+    uvx --from coverage[toml] coverage {{command}}
+
+# Note that the package name is required for discovery
+[doc("test that documentation examples run properly")]
+doctests:
+    uv run --group doctests --all-extras xdoctest -m src/y0
+
+[doc("test that notebooks can be run to completion")]
+treon:
+    uv run treon
+
+[doc("format code")]
+format:
+    # Note that ruff check should come before ruff format when using --fix (ref: https://github.com/astral-sh/ruff-pre-commit/blob/main/README.md)
+    uvx ruff check --fix
+    uvx ruff format
+
+[doc("format documentation")]
+format-docs:
+    # note that this doesn't work with sphinx-click
+    # or any other extension that adds extra directives
+    # See the [dependency-groups] entry in pyproject.toml for "rstfmt"
+    uv run --group format-docs docstrfmt src/ tests/ docs/ --no-docstring-trailing-line
+
+[doc("format documentation")]
+format-markdown:
+    npx --yes prettier --write --prose-wrap always "**/*.md"
+
+[doc("check code quality")]
+lint:
+    uvx ruff check
+    uvx ruff format --check
+
+[doc("check markdown is properly formatted")]
+lint-markdown:
+    # inspired by https://github.com/astral-sh/uv/blob/98523e2014e9a5c69706623344026d76296e178f/.github/workflows/ci.yml#L67C1-L70C61
+    npx --yes prettier --check --prose-wrap always "**/*.md"
+
+[doc("run the pyroma tool to check the package friendliness of the project")]
+pyroma:
+    uv run --group pyroma pyroma --min=10 .
+
+[doc("run static type checking with mypy")]
+mypy:
+    uv run --group typing --all-extras mypy --ignore-missing-imports --strict src/ tests/
+
+[doc("run static type checking with ty")]
+ty:
+    uv run --group typing --all-extras ty check src/ tests/
+
+[doc("run the doc8 tool to check the style of the RST files in the project docs")]
+docs-lint:
+    uv run --group docs-lint doc8 docs/source/
+
+[doc("run the docstr-coverage tool to check documentation coverage")]
+docstr-coverage:
+    uvx docstr-coverage src/ tests/ --skip-private --skip-magic
+
+[doc("build the documentation locally")]
+docs:
+    uv run --group docs --all-extras -m sphinx -b html -d docs/build/doctrees docs/source docs/build/html
+
+[doc("test building the documentation locally. warnings are considered as errors via -W")]
+docs-test:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    tmpdir=$(mktemp -d)
+    cp -r docs/source "$tmpdir/source"
+    uv run --group docs --all-extras -m sphinx -W -b html -d "$tmpdir/build/doctrees" "$tmpdir/source" "$tmpdir/build/html"
+    rm -rf "$tmpdir"
+
+####################
+# Deployment tools #
+####################
+
+[doc("run `bumpversion` with a given subcommand")]
+@bumpversion command:
+    uvx bump-my-version bump {{command}}
+
+[doc("make a release")]
+bumpversion-release:
+    uvx bump-my-version bump release --tag
+
+[doc("build an sdist and wheel")]
+build:
+    uv build --sdist --wheel --clear
+
+############
+# Releases #
+############
+
+# In order to make a release to PyPI, you'll need to take the following steps:
+#
+# 1. Navigate to https://pypi.org/account/register/ to register for Test PyPI
+# 2. Navigate to https://pypi.org/manage/account/ and request to re-send a verification email.
+#    This is not sent by default, and is required to set up 2-Factor Authentication.
+# 3. Get account recovery codes
+# 4. Set up 2-Factor Authentication
+# 5. Get an API token from https://pypi.org/manage/account/token/
+# 6. Install keyring with `uv tool install keyring`
+# 7. Add your token to keyring with `keyring set https://upload.pypi.org/legacy/ __token__`
+
+[doc("Release the code to PyPI so users can pip install it, using credentials from keyring")]
+release:
+    just build
+    uv tool install --quiet keyring
+    uv publish --username __token__ --keyring-provider subprocess --publish-url https://upload.pypi.org/legacy/
+
+[doc("Release the code to PyPI so users can pip install it, using credentials from the environment.")]
+release-via-env:
+    just build
+    uv publish --publish-url https://upload.pypi.org/legacy/
+
+[doc("Run a workflow that removes -dev from the version, creates a tagged release on GitHub, creates a release on PyPI, and bumps the version again.")]
+finish:
+    just bumpversion-release
+    just release
+    git push --tags
+    uvx bump-my-version bump patch
+    git push
+
+#################
+# Test Releases #
+#################
+
+# In order to test making a release to Test PyPI, you'll need to take the following steps:
+#
+# 1. Navigate to https://test.pypi.org/account/register/ to register for Test PyPI
+# 2. Navigate to https://test.pypi.org/manage/account/ and request to re-send a verification email.
+#    This is not sent by default, and is required to set up 2-Factor Authentication.
+# 3. Get account recovery codes
+# 4. Set up 2-Factor Authentication
+# 5. Get an API token from https://test.pypi.org/manage/account/token/
+# 6. Install keyring with `uv tool install keyring`
+# 7. Add your token to keyring with `keyring set https://test.pypi.org/legacy/ __token__`
+
+[doc("Release the code to the test PyPI site")]
+test-release:
+    just build
+    uv tool install --quiet keyring
+    uv publish --username __token__ --keyring-provider subprocess --publish-url https://test.pypi.org/legacy/
+
+[doc("Run a workflow that removes -dev from the version, creates a tagged release on GitHub, creates a release on Test PyPI, and bumps the version again.")]
+test-finish:
+    just bumpversion-release
+    just test-release
+    git push --tags
+    uvx bump-my-version bump patch
+    git push

pyproject.toml

@@ -295,8 +295,3 @@ replace = "release = \"{new_version}\""
 filename = "src/y0/version.py"
 search = "VERSION = \"{current_version}\""
 replace = "VERSION = \"{new_version}\""
-
-[[tool.bumpversion.files]]
-filename = "CITATION.cff"
-search = "version: {current_version}"
-replace = "version: {new_version}"

pyproject.toml.rej

@@ -0,0 +1,56 @@
+diff a/pyproject.toml b/pyproject.toml	(rejected hunks)
+@@ -50,10 +50,10 @@ license-files = [
+
+ requires-python = ">=3.10"
+ dependencies = [
+-    "more_itertools", # missing from itertools in stdlib
++    "more-itertools", # missing from itertools in stdlib
+     "tqdm", # progress bars
+     "click",
+-    "more_click",
++    "more-click",
+     "typing-extensions",
+ ]
+
+@@ -64,7 +64,7 @@ tests = [
+     "coverage[toml]",
+ ]
+ docs = [
+-    "sphinx>=8",
++    "sphinx>=8,<9",
+     "sphinx-rtd-theme>=3.0","sphinx-click", 
+     "sphinx_automodapi",
+     # Include if your project uses Pydantic:
+@@ -80,7 +80,7 @@ typing = [
+     { include-group = "tests" },
+     "mypy",
+     "pydantic",
+-    "click-types",
++    "types-click",
+     # You will probably have to add additional type stubs here, especially if you're using tox-uv
+ ]
+ docs-lint = [
+@@ -99,22 +99,9 @@ pyroma = [
+     "pyroma",
+     "pygments",
+ ]
+-# follow https://github.com/astral-sh/uv/issues/6298 for switching to a uv-based version bump workflow
+-bump = [
+-    "bump-my-version",
+-]
+-build = [
+-    "uv>=0.9.6",
+-    "uv-build>=0.9.6",
+-]
+-release = [
+-    { include-group = "build" },
+-    "uv",
+-    "keyring",
+-]
+
+ # see https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#dependencies-optional-dependencies
+-# [project.optional-dependencies]
++[project.optional-dependencies]
+
+
+ # See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#urls