Bump setuptools-scm from 8.3.1 to 10.0.3

[dependabot]

Bumps setuptools-scm from 8.3.1 to 10.0.3.

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.0.3

Fixed

• Remove monorepo-only ../vcs-versioning/src from build-system.backend-path so sdists install under PEP 517 (paths must stay inside the source tree). (#1306)

Miscellaneous

• Add griffecli to test dependencies so the API stability check keeps working after the Griffe CLI was split into a separate package. (#1310)

setuptools-scm v10.0.2

Fixed

• Fix version file not generated for editable installs. Version files are now written to the source tree by default during inference (restoring pre-10.x behavior), and also registered as build_py outputs so strict editable installs include them in the persistent auxiliary directory. Set SETUPTOOLS_SCM_WRITE_TO_SOURCE=0 to disable source-tree writing (e.g., for read-only source directories). (#1298)

setuptools-scm v10.0.1

Miscellaneous

• Simplify release tag creation to use a single createRelease API call instead of separate createTag/createRef/createRelease calls, avoiding dangling tag objects on partial failures. (#release-pipeline)

setuptools-scm v10.0.0

Removed

• Drop Python 3.8 and 3.9 support. Minimum Python version is now 3.10. (#1228)

Added

• setuptools-scm now depends on vcs-versioning for core version inference logic. This enables other build backends to use the same version inference without setuptools dependency. (#1228)

• Version files (write_to and version_file) are now written to the build directory during build_py instead of the source tree during version inference. This enables installing packages from read-only source directories (e.g., Bazel builds).

  Path transformation is automatically applied for src/ layouts - a configured path like src/mypackage/_version.py is correctly written to mypackage/_version.py in the build directory based on the package_dir configuration.

  To restore the old behavior of writing version files at inference time (useful for development workflows), set the environment variable SETUPTOOLS_SCM_WRITE_TO_SOURCE=1. (#1252)

Fixed

• Fix issue #1231: Don't warn about tool.setuptools.dynamic.version conflict when only using file finder without version inference. (#1231)

Miscellaneous

• Refactored should_infer from method to standalone function for better code organization. (#1228)
• Updated mypy version template test to use uvx, ensuring generated version files remain compatible with Python 3.8+ consumers. (#1228)

... (truncated)

Commits

• 1009a8d Merge pull request #1311 from pypa/release/main
• bb47160 Prepare release: setuptools-scm v10.0.3
• 6650d19 Merge pull request #1310 from pypa/dependabot/uv/uv-c670ed41d5
• d49c31e build(deps-dev): bump the uv group with 5 updates
• 89bb5e4 Merge pull request #1313 from RonnyPfannschmidt/fix/ci-add-griffecli
• d3f28ff fix(ci): add griffecli for API stability check
• b7c3d7e Merge pull request #1312 from pypa/dependabot/uv/requests-2.33.0
• 505c8d4 Merge pull request #1309 from pypa/dependabot/github_actions/github-actions-6...
• c7431dc build(deps): bump requests from 2.32.5 to 2.33.0
• 28e63aa Merge pull request #1307 from RonnyPfannschmidt/fix/1306-sdist-backend-path
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #677.