build(deps-dev): bump flit from 3.11.0 to 3.12.0

[dependabot]

Bumps flit from 3.11.0 to 3.12.0.

Changelog

Sourced from flit's changelog.

Release history

Version 3.12

• Support for license expressions using the AND and OR operators (:ghpull:731).
• Recognise __version__: str = "0.1" annotated assignments when finding the version number (:ghpull:728).
• Clear error message when referring to a license file in a parent directory, which is not supported (:ghpull:725).

Version 3.11

• Support for SPDX license expressions and multiple license files, as detailed in :pep:639::

    license = "BSD-3-Clause"
    license-files = ["LICENSE"]
  

  For now, only a single license identifier is allowed. More complex expressions describing multiple licenses & expressions may be supported in a future version.

• The metadata format <https://packaging.python.org/en/latest/specifications/core-metadata/>_ in produced packages is now version 2.4, to support the expanded license information.

Version 3.10.1

• The sdist of flit_core now includes the corresponding tests (:ghpull:704). These were missing in 3.10.

Version 3.10

• flit publish can now use PyPI tokens stored in keyring (:ghpull:649), either project tokens with a 'username' like :samp:pypi_token:project:{project_name} (use the normalised form of the name <https://packaging.python.org/en/latest/specifications/name-normalization/>_) or user tokens (:samp:pypi_token:user:{username}).
• The --python option can now take the path of a virtualenv folder, as an alternative to a Python executable (:ghpull:667).
• Flit will work with current development versions of Pythona again (:ghpull:684).
• The flit command line package now requires Python 3.8 or above (:ghpulL:660). flit_core still works with Python 3.6 or above.
• The metadata in packages now has the names of optional dependency groups ("extras") normalised, complying with version 2.3 of the metadata standard (:ghpull:676, :ghpull:697).

... (truncated)

Commits

• 1c81417 Merge pull request #737 from pypa/changelog-3.12
• d9ce4c6 Bump version: 3.11.0 → 3.12.0
• 27ea098 Prepare release notes for 3.12
• 7a6e9b2 Merge pull request #731 from AA-Turner/compound-spdx
• 0b07d23 Reword error messages
• 38429c9 Add empty expression test case
• 4ab2335 Add brackets-only test case
• 78db7b5 Shorten error messages
• 20e1729 Handle mixed-case licence operators
• 9bd1477 Raise error on expressions with no operator
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)