blocklib
blocklib copied to clipboard
Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.10
Bumps pypa/gh-action-pypi-publish from 1.8.7 to 1.8.10.
Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
v1.8.10
:bug: What's Fixed
@woodruffw
fixed decoding OIDC claims in debug output on failure by applying correct padding to the encoded payload via pypa/gh-action-pypi-publish#177.Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10
v1.8.9
:nail_care: Cosmetic output improvements
@woodruffw
added debug output to the trusted publishing OIDC exchange on failures in pypa/gh-action-pypi-publish#174@woodruffw
implemented Markdown semantic callouts in README via pypa/gh-action-pypi-publish#175:hammer_and_wrench: Internal dependencies
- Certifi was bumped from 2023.5.7 to 2023.7.22 @ pypa/gh-action-pypi-publish#171
- Cryptography was bumped from 41.0.2 to 41.0.3 @ pypa/gh-action-pypi-publish#172
Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9
v1.8.8
:nail_care: Cosmetic output improvements
In pypa/gh-action-pypi-publish#167,
@woodruffw
introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by@sethmlarson
in pypa/gh-action-pypi-publish#164, collaborating with@di
.:bulb: Tip: The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.
:hammer_and_wrench: Internal dependencies
@pquentin
bumped the runtime dependency pins to the recent versions @ pypa/gh-action-pypi-publish#168.:muscle: New Contributors
@pquentin
made their first contribution in pypa/gh-action-pypi-publish#168:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8
Commits
b7f401d
Merge PR #177 into unstable/v1ba3ecc9
oidc-exchange: fix paddingade57f5
Merge PRs #174 #175 and #172 into unstable/v1637917e
README: re-add "pro tip" language4864f13
README: use semantic callouts326f9ad
oidc-exchange: add-trailing-commae5f0690
oidc-exchange: ignore a nested function8bdd0cc
oidc-exchange: lintage71a0032
oidc-exchange: render claims if exchange failsadef75a
Bump cryptography from 41.0.2 to 41.0.3 in /requirements- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)