Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump the actions group in /.github/workflows with 6 updates (#197)
Bumps the actions group in /.github/workflows with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.9.1` | `2.10.1` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.1` | `5.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.0` | | [mamba-org/setup-micromamba](https://github.com/mamba-org/setup-micromamba) | `1.9.0` | `2.0.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.10.1` | `1.10.3` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` | Updates `step-security/harden-runner` from 2.9.1 to 2.10.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.10.1</h2> <h2>What's Changed</h2> <p>Release v2.10.1 by <a href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/463">step-security/harden-runner#463</a> Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.10.1">https://github.com/step-security/harden-runner/compare/v2...v2.10.1</a></p> <h2>v2.10.0</h2> <h2>What's Changed</h2> <p>Release v2.10.0 by <a href="https://github.com/h0x0er"><code>@h0x0er</code></a> and <a href="https://github.com/varunsh-coder"><code>@varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/455">step-security/harden-runner#455</a></p> <p><strong>ARM Support</strong>: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.10.0">https://github.com/step-security/harden-runner/compare/v2...v2.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/91182cccc01eb5e619899d80e4e971d6181294a7"><code>91182cc</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/463">#463</a> from step-security/rc-14</li> <li><a href="https://github.com/step-security/harden-runner/commit/59ec1c63417a5941b4c199e9e522f0756d2ab11b"><code>59ec1c6</code></a> Update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/1d2370362ea3d554c02ef9fa23b17f4a84d7949b"><code>1d23703</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/461">#461</a> from step-security/varunsh-coder-patch-1</li> <li><a href="https://github.com/step-security/harden-runner/commit/b03bddaa058e19a340af7befb2de4ddd76e4a7d7"><code>b03bdda</code></a> Update README.md</li> <li><a href="https://github.com/step-security/harden-runner/commit/3d8dd68e5758262d38de5cca3cbdc85addbbc28d"><code>3d8dd68</code></a> Update README.md</li> <li><a href="https://github.com/step-security/harden-runner/commit/446798f8213ac2e75931c1b0769676d927801858"><code>446798f</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/455">#455</a> from step-security/rc-12</li> <li><a href="https://github.com/step-security/harden-runner/commit/f0d3b1eb1ba908b9f69f8af7b0ab2ab59e2bfc1c"><code>f0d3b1e</code></a> Update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/b7880a2f96f65eea5c1b21cd4cef1a91b6c32471"><code>b7880a2</code></a> update dist</li> <li><a href="https://github.com/step-security/harden-runner/commit/dade49eade63e2277d55bb16749465b195246a6f"><code>dade49e</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/456">#456</a> from h0x0er/arm-support</li> <li><a href="https://github.com/step-security/harden-runner/commit/d6248bed80ff04443fd77c64092e77520ceed2c9"><code>d6248be</code></a> bump enterprise agent version</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde...91182cccc01eb5e619899d80e4e971d6181294a7">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-python` from 5.1.1 to 5.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>What's Changed</h2> <h3>Bug fixes:</h3> <ul> <li>Add <code>.zip</code> extension to Windows package downloads for <code>Expand-Archive</code> Compatibility by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/916">actions/setup-python#916</a> This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly.</li> <li>Add arch to cache key by <a href="https://github.com/Zxilly"><code>@Zxilly</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/896">actions/setup-python#896</a> This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.</li> </ul> <h3>Documentation changes:</h3> <ul> <li>Fix display of emojis in contributors doc by <a href="https://github.com/sciencewhiz"><code>@sciencewhiz</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/899">actions/setup-python#899</a></li> <li>Documentation update for caching poetry dependencies by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/908">actions/setup-python#908</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Bump <code>@iarna/toml</code> version from 2.2.5 to 3.0.0 by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/912">actions/setup-python#912</a></li> <li>Bump pyinstaller from 3.6 to 5.13.1 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/923">actions/setup-python#923</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sciencewhiz"><code>@sciencewhiz</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/899">actions/setup-python#899</a></li> <li><a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/916">actions/setup-python#916</a></li> <li><a href="https://github.com/Zxilly"><code>@Zxilly</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/896">actions/setup-python#896</a></li> <li><a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/923">actions/setup-python#923</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v5.2.0">https://github.com/actions/setup-python/compare/v5...v5.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/f677139bbe7f9c59b41e40162b753c062f5d49a3"><code>f677139</code></a> Bump pyinstaller from 3.6 to 5.13.1 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/923">#923</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/2bd53f9a4d1dd1cd21eaffcc01a7b91a8e73ea4c"><code>2bd53f9</code></a> Documentation update for caching poetry dependencies (<a href="https://redirect.github.com/actions/setup-python/issues/908">#908</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/80b49d3ed89312896dbdcbefc2ddb159c7f8ca43"><code>80b49d3</code></a> fix: add arch to cache key (<a href="https://redirect.github.com/actions/setup-python/issues/896">#896</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/036a5236741fd24c89eea80d1b76179e8e5f9214"><code>036a523</code></a> Fix: Add <code>.zip</code> extension to Windows package downloads for <code>Expand-Archive</code> C...</li> <li><a href="https://github.com/actions/setup-python/commit/04c1311429f7be71707d8ab66c7af8a14e54b938"><code>04c1311</code></a> Fix display of emojis in contributors doc (<a href="https://redirect.github.com/actions/setup-python/issues/899">#899</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/cb6845644151e35f879e10f2f0896c3c8bee372c"><code>cb68456</code></a> Updated <code>@iarna/toml</code> version to 3.0.0 (<a href="https://redirect.github.com/actions/setup-python/issues/912">#912</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/v5.1.1...f677139bbe7f9c59b41e40162b753c062f5d49a3">compare view</a></li> </ul> </details> <br /> Updates `actions/cache` from 4.0.2 to 4.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Fix cache-hit output when cache missed by <a href="https://github.com/fchimpan"><code>@fchimpan</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li> <li>Deprecate <code>save-always</code> input by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1452">actions/cache#1452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ottlinger"><code>@ottlinger</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1437">actions/cache#1437</a></li> <li><a href="https://github.com/Olegt0rr"><code>@Olegt0rr</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1377">actions/cache#1377</a></li> <li><a href="https://github.com/fchimpan"><code>@fchimpan</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li> <li><a href="https://github.com/x612skm"><code>@x612skm</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1434">actions/cache#1434</a></li> <li><a href="https://github.com/todgru"><code>@todgru</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1311">actions/cache#1311</a></li> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1463">actions/cache#1463</a></li> <li><a href="https://github.com/mackey0225"><code>@mackey0225</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1462">actions/cache#1462</a></li> <li><a href="https://github.com/quatquatt"><code>@quatquatt</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1445">actions/cache#1445</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.0.2...v4.1.0">https://github.com/actions/cache/compare/v4.0.2...v4.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>4.1.0</h3> <ul> <li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li> <li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li> </ul> <h3>4.0.2</h3> <ul> <li>Fixed restore <code>fail-on-cache-miss</code> not working.</li> </ul> <h3>4.0.1</h3> <ul> <li>Updated <code>isGhes</code> check</li> </ul> <h3>4.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 20</li> </ul> <h3>3.3.3</h3> <ul> <li>Updates <code>@actions/cache</code> to v3.2.3 to fix accidental mutated path arguments to <code>getCacheVersion</code> <a href="https://redirect.github.com/actions/toolkit/pull/1378">actions/toolkit#1378</a></li> <li>Additional audit fixes of npm package(s)</li> </ul> <h3>3.3.2</h3> <ul> <li>Fixes bug with Azure SDK causing blob downloads to get stuck.</li> </ul> <h3>3.3.1</h3> <ul> <li>Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.</li> </ul> <h3>3.3.0</h3> <ul> <li>Added option to lookup cache without downloading it.</li> </ul> <h3>3.2.6</h3> <ul> <li>Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.</li> </ul> <h3>3.2.5</h3> <ul> <li>Added fix to prevent from setting MYSYS environment variable globally.</li> </ul> <h3>3.2.4</h3> <ul> <li>Added option to fail job on cache miss.</li> </ul> <h3>3.2.3</h3> <ul> <li>Support cross os caching on Windows as an opt-in feature.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2"><code>2cdf405</code></a> Prepare <code>4.1.0</code> release (<a href="https://redirect.github.com/actions/cache/issues/1464">#1464</a>)</li> <li><a href="https://github.com/actions/cache/commit/a11fb02296c06498a496a240dc672c5bdf85c574"><code>a11fb02</code></a> restore action's README now references v4 instead of v3 (<a href="https://redirect.github.com/actions/cache/issues/1445">#1445</a>)</li> <li><a href="https://github.com/actions/cache/commit/cf7a75e7b9330700f4a055e401fe624394469d0f"><code>cf7a75e</code></a> Fix typo: depening -> depending (<a href="https://redirect.github.com/actions/cache/issues/1462">#1462</a>)</li> <li><a href="https://github.com/actions/cache/commit/c74ca4022c9c3055a63985d9a25f9a7cc1ffc5d2"><code>c74ca40</code></a> Deprecate <code>save-always</code> input (<a href="https://redirect.github.com/actions/cache/issues/1452">#1452</a>)</li> <li><a href="https://github.com/actions/cache/commit/f8a7ab490b91e20065f92e4ff28bc4b9474b83ca"><code>f8a7ab4</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1463">#1463</a> from actions/Jcambass-patch-1</li> <li><a href="https://github.com/actions/cache/commit/45b7be0774ee094895ecce56182ca96e60b360c9"><code>45b7be0</code></a> Add workflow file for publishing releases to immutable action package</li> <li><a href="https://github.com/actions/cache/commit/81382a721fc89d96eca335d0c3ba33144b2baa9d"><code>81382a7</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1311">#1311</a> from todgru/todgru/v4-documentation-update</li> <li><a href="https://github.com/actions/cache/commit/c4ee99a3bdb9b3eeaeccc57bffd49a5641203371"><code>c4ee99a</code></a> Merge branch 'main' into todgru/v4-documentation-update</li> <li><a href="https://github.com/actions/cache/commit/57b8e405f0f6efe89131ba09709ce4bc33291a51"><code>57b8e40</code></a> Clarify that the <code>restore-keys</code> input is a string in the docs (<a href="https://redirect.github.com/actions/cache/issues/1434">#1434</a>)</li> <li><a href="https://github.com/actions/cache/commit/40c3b67b2955d93d83b27ed164edd0756bc24049"><code>40c3b67</code></a> Fix cache-hit output when cache missed (<a href="https://redirect.github.com/actions/cache/issues/1404">#1404</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2">compare view</a></li> </ul> </details> <br /> Updates `mamba-org/setup-micromamba` from 1.9.0 to 2.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mamba-org/setup-micromamba/releases">mamba-org/setup-micromamba's releases</a>.</em></p> <blockquote> <h2>v2.0.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Bug fixes</h3> <ul> <li>Copy generated mamba.bat to micromamba.bat to workaround cmd.exe Auto… by <a href="https://github.com/JohanMabille"><code>@JohanMabille</code></a> in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/234">mamba-org/setup-micromamba#234</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/JohanMabille"><code>@JohanMabille</code></a> made their first contribution in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/234">mamba-org/setup-micromamba#234</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mamba-org/setup-micromamba/compare/v1...v2.0.0">https://github.com/mamba-org/setup-micromamba/compare/v1...v2.0.0</a></p> <h2>v1.11.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New features</h3> <ul> <li>pin micromamba default version to 1.* by <a href="https://github.com/pavelzw"><code>@pavelzw</code></a> in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/232">mamba-org/setup-micromamba#232</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mamba-org/setup-micromamba/compare/v1.10.0...v1.11.0">https://github.com/mamba-org/setup-micromamba/compare/v1.10.0...v1.11.0</a></p> <h2>v1.10.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New features</h3> <ul> <li>Include bin hash in cache key by <a href="https://github.com/bhperry"><code>@bhperry</code></a> in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/228">mamba-org/setup-micromamba#228</a></li> </ul> <h3>Dependency updates</h3> <ul> <li>Bump the actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/215">mamba-org/setup-micromamba#215</a></li> <li>Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/218">mamba-org/setup-micromamba#218</a></li> <li>Bump softprops/action-gh-release from 2.0.6 to 2.0.8 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/220">mamba-org/setup-micromamba#220</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bhperry"><code>@bhperry</code></a> made their first contribution in <a href="https://redirect.github.com/mamba-org/setup-micromamba/pull/228">mamba-org/setup-micromamba#228</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mamba-org/setup-micromamba/compare/v1.9.0...v1.10.0">https://github.com/mamba-org/setup-micromamba/compare/v1.9.0...v1.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mamba-org/setup-micromamba/commit/617811f69075e3fd3ae68ca64220ad065877f246"><code>617811f</code></a> Copy generated mamba.bat to micromamba.bat to workaround cmd.exe Auto… (<a href="https://redirect.github.com/mamba-org/setup-micromamba/issues/234">#234</a>)</li> <li><a href="https://github.com/mamba-org/setup-micromamba/commit/4b9113af4fba0e9e1124b252dd6497a419e7396d"><code>4b9113a</code></a> pin micromamba default version to 1.* (<a href="https://redirect.github.com/mamba-org/setup-micromamba/issues/232">#232</a>)</li> <li><a href="https://github.com/mamba-org/setup-micromamba/commit/59b11321ffd9186cd5165633a02c5bba47de6d13"><code>59b1132</code></a> Include bin hash in cache key (<a href="https://redirect.github.com/mamba-org/setup-micromamba/issues/228">#228</a>)</li> <li><a href="https://github.com/mamba-org/setup-micromamba/commit/e751044b66e0d9c3dba6dc11a5570116f612e775"><code>e751044</code></a> Bump softprops/action-gh-release from 2.0.6 to 2.0.8 in the actions group (<a href="https://redirect.github.com/mamba-org/setup-micromamba/issues/220">#220</a>)</li> <li><a href="https://github.com/mamba-org/setup-micromamba/commit/29a3fc9f48101d260688faca38eab87c0e0964df"><code>29a3fc9</code></a> Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the actions group (<a href="https://redirect.github.com/mamba-org/setup-micromamba/issues/218">#218</a>)</li> <li><a href="https://github.com/mamba-org/setup-micromamba/commit/a1ad40c22e5377cab6624ae0863a34f7d3e78671"><code>a1ad40c</code></a> Bump the actions group with 2 updates (<a href="https://redirect.github.com/mamba-org/setup-micromamba/issues/215">#215</a>)</li> <li>See full diff in <a href="https://github.com/mamba-org/setup-micromamba/compare/f8b8a1e23a26f60a44c853292711bacfd3eac822...617811f69075e3fd3ae68ca64220ad065877f246">compare view</a></li> </ul> </details> <br /> Updates `pypa/gh-action-pypi-publish` from 1.10.1 to 1.10.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/gh-action-pypi-publish/releases">pypa/gh-action-pypi-publish's releases</a>.</em></p> <blockquote> <h2>v1.10.3</h2> <h2>💅 Cosmetic Output Improvements</h2> <p>In <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/270">#270</a>, <a href="https://github.com/facutuesca"><code>@facutuesca</code></a><a href="https://github.com/sponsors/facutuesca">💰</a> made a follow-up to their previous PR <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/250">#250</a>, making the hints show up more granularly. This effectively makes sure that the suggestion to enable Trusted Publishing does not get displayed when it's already in use. It also makes the message nicer in a few places on the UI.</p> <h2>🛠️ Internal Dependencies</h2> <p><a href="https://github.com/mosfet80"><code>@mosfet80</code></a><a href="https://github.com/sponsors/mosfet80">💰</a> updated a few internal linter versions in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/266">#266</a>, <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/267">#267</a>, and <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/271">#271</a>, no user impact. This is usually automated otherwise.</p> <h2>💪 New Contributors</h2> <ul> <li><a href="https://github.com/mosfet80"><code>@mosfet80</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/pull/266">pypa/gh-action-pypi-publish#266</a></li> </ul> <p><strong>🪞 Full Diff</strong>: <a href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.2...v1.10.3">https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.2...v1.10.3</a></p> <p><strong>🧔♂️ Release Manager:</strong> <a href="https://github.com/sponsors/webknjaz"><code>@webknjaz 🇺🇦</code></a></p> <h2>v1.10.2</h2> <h2>💅 Cosmetic Output Improvements</h2> <p>In <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/250">#250</a> and <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/258">#258</a>, <a href="https://github.com/facutuesca"><code>@facutuesca</code></a><a href="https://github.com/sponsors/facutuesca">💰</a> added a nudge message with a magic link to pre-fill the creation of new Trusted Publishers configurations on PyPI. The users are now suggested to configure tokenless publishing by clicking a link printed in the job summary when it's detected that they publish to PyPI or TestPyPI. Just like magic! 🦄</p> <h2>🛠️ Internal Dependencies</h2> <p><a href="https://github.com/woodruffw"><code>@woodruffw</code></a><a href="https://github.com/sponsors/woodruffw">💰</a> bumped <code>pypi-attestations</code> to v0.0.12 in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/262">#262</a>, <del>hopefully fixing <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/263">#263</a>. 🤞</del> Nah.. that wasn't it.</p> <blockquote> <p>[!TIP] Please keep in mind that reusable workflows are not yet supported, even though they sometimes work, mostly by accident.</p> </blockquote> <h2>💪 New Contributors</h2> <p><a href="https://github.com/facutuesca"><code>@facutuesca</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/pull/258">pypa/gh-action-pypi-publish#258</a></p> <p><strong>🪞 Full Diff</strong>: <a href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2">https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2</a></p> <p><strong>🧔♂️ Release Manager:</strong> <a href="https://github.com/sponsors/webknjaz"><code>@webknjaz 🇺🇦</code></a></p> <p><strong>🙏 Special Thanks</strong> to <a href="https://github.com/henryiii"><code>@henryiii</code></a><a href="https://github.com/sponsors/henryiii">💰</a> for promptly pointing up possible fixes for <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/263">#263</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/f7600683efdcb7656dec5b29656edb7bc586e597"><code>f760068</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/271">#271</a> from mosfet80/patch-3</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/6edc29448558443d6ab3041af8e0140a58f96fba"><code>6edc294</code></a> Fix node.js v16 deprecation self-smoke-test-action.yml</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/85a5a80b227b7ecb3fba463426f5b44b740af0eb"><code>85a5a80</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/270">#270</a> from trail-of-forks/fix-magic-link-summary</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/954318b48e9277a4936210348432eca1e4ad7736"><code>954318b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/267">#267</a> from mosfet80/patch-2</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/24791c77746ff1a11a591daa38b6a610bab3e306"><code>24791c7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/266">#266</a> from mosfet80/patch-1</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/d8c894824be9b682f2c96437e9f8002633580706"><code>d8c8948</code></a> Fix magic link nudge formatting in job summary</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/a1ce3844ac33bd8deec3df588c16ea681915ab7e"><code>a1ce384</code></a> Check for Trusted Publishing in magic link logic</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/00b87c80e8474c1b36b186257e09785ce3a5c288"><code>00b87c8</code></a> Update check-jsonschema and pre-commit libs</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/a571f1e128eabff306fc741c1250b824d8931a41"><code>a571f1e</code></a> Update pylint lib</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/897895f1e160c830e369f9779632ebc134688e1b"><code>897895f</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/262">#262</a> from trail-of-forks/ww/bump-attestations-req</li> <li>Additional commits viewable in <a href="https://github.com/pypa/gh-action-pypi-publish/compare/0ab0b79471669eb3a4d647e625009c62f9f3b241...f7600683efdcb7656dec5b29656edb7bc586e597">compare view</a></li> </ul> </details> <br /> Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.0</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the <a href="https://github.com/ossf/scorecard/releases/tag/v5.0.0">v5.0.0 release notes</a>. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.</p> <ul> <li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by <a href="https://github.com/spencerschrock"><code>@spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1410">ossf/scorecard-action#1410</a></li> <li>:bug: lower license sarif alert threshold to 9 by <a href="https://github.com/spencerschrock"><code>@spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1411">ossf/scorecard-action#1411</a></li> </ul> <h3>Documentation</h3> <ul> <li>docs: dogfooding badge by <a href="https://github.com/jkowalleck"><code>@jkowalleck</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1399">ossf/scorecard-action#1399</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jkowalleck"><code>@jkowalleck</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1399">ossf/scorecard-action#1399</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0">https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/62b2cac7ed8198b15735ed49ab1e5cf35480ba46"><code>62b2cac</code></a> bump docker tag to v2.4.0 for release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1414">#1414</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/c09630c42e97d04c7cd8f69735ddf0ec53f0e189"><code>c09630c</code></a> lower license score alert threshold to 9 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1411">#1411</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/cf8594c5485256008de4ec57c936bd4a1a381a0b"><code>cf8594c</code></a> :seedling: Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1413">#1413</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/de5fcb95b9d8f899bc5dc11b4e202eb6a2fd67e9"><code>de5fcb9</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1412">#1412</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/a46b90b4caca61e2298cc4a9bd4c90d3dfe7f09d"><code>a46b90b</code></a> bump scorecard to v5.0.0 release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1410">#1410</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9fc518d5249b2564cbeb11d029b87d7d1ba55396"><code>9fc518d</code></a> :seedling: Bump golang in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1407">#1407</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/a8eaa1b46e3fd7e003f79fd39dff99ca53bbe732"><code>a8eaa1b</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1408">#1408</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/873d5fdf63bc863d140f57ed481e6a297324030b"><code>873d5fd</code></a> :seedling: Bump the github-actions group across 1 directory with 2 updates (#...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/54cc1fe4e2c7bc69051a267c8e183497ca7d8da7"><code>54cc1fe</code></a> :seedling: Bump the docker-images group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1401">#1401</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/82bcb91c5d3f72aaf692a0d3e399c425a29ac512"><code>82bcb91</code></a> :seedling: Bump golang.org/x/net from 0.26.0 to 0.27.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1400">#1400</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @Zeitsperre. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
- Loading branch information
