Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update pypa/gh-action-pypi-publish action to v1.8.8 (#1518)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.7` -> `v1.8.8` | --- ### Release Notes <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.8.8`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.8) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8) #### π Cosmetic output improvements - In [https://github.com/pypa/gh-action-pypi-publish/pull/167](https://togithub.com/pypa/gh-action-pypi-publish/pull/167), [@​woodruffw](https://togithub.com/woodruffw) introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by [@​sethmlarson] in [https://github.com/pypa/gh-action-pypi-publish/issues/164](https://togithub.com/pypa/gh-action-pypi-publish/issues/164), collaborating with [@​di](https://togithub.com/di). *:bulb: Tip:* The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/. #### π οΈ Internal dependencies - [@​pquentin] bumped the runtime dependency pins to the recent versions @&#[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168)ll/168. #### πͺ New Contributors - [@​pquentin](https://togithub.com/pquentin) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168) **:mirror: Full Diff**: pypa/gh-action-pypi-publish@v1.8.7...v1.8.8 [@​pquentin]: https://togithub.com/sponsors/pquentin [@​sethmlarson]: https://togithub.com/sponsors/sethmlarson </details> --- ### Configuration π **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). π¦ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. β» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. π **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNy4xIiwidXBkYXRlZEluVmVyIjoiMzYuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
- Loading branch information