Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.8.11

[dependabot[bot]]

Bumps pypa/gh-action-pypi-publish from 1.6.4 to 1.8.11.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.11

:nail_care: Cosmetic output improvements

@​woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

:memo: What's Documented

@​di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

:hammer_and_wrench: Internal dependencies

• Cryptography was bumped from 41.0.3 to 41.0.6 @ pypa/gh-action-pypi-publish#194
• Pip was bumped from 22.3.1 to 23.3 @ pypa/gh-action-pypi-publish#189
• pre-commit linters got autoupdated @ pypa/gh-action-pypi-publish#184
• Urllib3 was bumped from 2.0.3 to 2.0.7 @ pypa/gh-action-pypi-publish#183 and pypa/gh-action-pypi-publish#185

:muscle: New Contributors

• @​di made their first contribution in pypa/gh-action-pypi-publish#179

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11

v1.8.10

:bug: What's Fixed

@​woodruffw fixed decoding OIDC claims in debug output on failure by applying correct padding to the encoded payload via pypa/gh-action-pypi-publish#177.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10

v1.8.9

:nail_care: Cosmetic output improvements

• @​woodruffw added debug output to the trusted publishing OIDC exchange on failures in pypa/gh-action-pypi-publish#174
• @​woodruffw implemented Markdown semantic callouts in README via pypa/gh-action-pypi-publish#175

:hammer_and_wrench: Internal dependencies

• Certifi was bumped from 2023.5.7 to 2023.7.22 @ pypa/gh-action-pypi-publish#171
• Cryptography was bumped from 41.0.2 to 41.0.3 @ pypa/gh-action-pypi-publish#172

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9

v1.8.8

:nail_care: Cosmetic output improvements

• In pypa/gh-action-pypi-publish#167, @​woodruffw introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by [@​sethmlarson] in pypa/gh-action-pypi-publish#164, collaborating with @​di.

  :bulb: Tip: The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

:hammer_and_wrench: Internal dependencies

• [@​pquentin] bumped the runtime dependency pins to the recent versions @ pypa/gh-action-pypi-publish#168.

... (truncated)

Commits

• 2f6f737 Merge commit PR #184 into unstable/v1
• 2fa448a Merge PRs #190, #184, #185, #189 and #194 into unstable/v1
• 824ad31 Revert flake8 to v4.0.1 for WPS
• 41f3f53 Bump cryptography from 41.0.3 to 41.0.6 in /requirements
• 2319287 twine-upload: ::error, switch nudge order
• 254a0d4 twine-upload: add a nudge for password auth
• 70a33ca Bump pip from 22.3.1 to 23.3 in /requirements
• 102f507 Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
• 79739dc Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
• 9a3f9ad [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)