Bump the actions group across 1 directory with 9 updates (#212) · Ouranosinc/miranda@8fb2ee7

Commit

Bump the actions group across 1 directory with 9 updates (#212)

Bumps the actions group with 9 updates in the /.github/workflows
directory:

| Package | From | To |
| --- | --- | --- |
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.10.1` | `2.10.2` |
| [actions/setup-python](https://github.com/actions/setup-python) |
`5.2.0` | `5.3.0` |
|
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
| `4.3.4` | `4.5.0` |
| [actions/cache](https://github.com/actions/cache) | `4.1.0` | `4.2.0`
|
|
[mamba-org/setup-micromamba](https://github.com/mamba-org/setup-micromamba)
| `2.0.0` | `2.0.3` |
|
[coverallsapp/github-action](https://github.com/coverallsapp/github-action)
| `2.3.0` | `2.3.4` |
|
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
| `1.10.3` | `1.12.3` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `4.4.0` | `4.5.0` |
|
[softprops/action-gh-release](https://github.com/softprops/action-gh-release)
| `2.0.8` | `2.2.0` |


Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.10.2</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>Fixes low-severity command injection weaknesses
The advisory is here: <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc">https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc</a></p>
</li>
<li>
<p>Bug fix to improve detection of whether Harden-Runner is running in a
container</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.10.2">https://github.com/step-security/harden-runner/compare/v2...v2.10.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/0080882f6c36860b6ba35c610c98ce87d4e2f26f"><code>0080882</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/476">#476</a>
from step-security/rc-16</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4a3a88bbf8f2e304f84e1042472c02dce37eba82"><code>4a3a88b</code></a>
Update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/556aae632a6c1f630efa52e90d706218618e5f2f"><code>556aae6</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/480">#480</a>
from h0x0er/jatin/cleanup</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6c39b8466160e86ad8606033d399fe7f4052aee1"><code>6c39b84</code></a>
chore: clean the code</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40401cf6183a0ab2dae5c7e485c1d073fe911e91"><code>40401cf</code></a>
Update for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/806ab1cccb47a439a89d5f8f85d3ea41a7fb1e4c"><code>806ab1c</code></a>
Update check for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/28468118cdb665b2214b64175253b83fcb4b25f6"><code>2846811</code></a>
update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/df8a07c1712fac199e8d6e78d64a46092afffa44"><code>df8a07c</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/475">#475</a>
from h0x0er/fix-execSync</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/30636fb583e59a926da2f17677e5cd3b63cf1be1"><code>30636fb</code></a>
bug fixes</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-python` from 5.2.0 to 5.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/941">actions/setup-python#941</a></li>
<li>Upgrade IA publish by <a
href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/943">actions/setup-python#943</a></li>
</ul>
<h3>Bug Fixes:</h3>
<ul>
<li>Normalise Line Endings to Ensure Cross-Platform Consistency by <a
href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/938">actions/setup-python#938</a></li>
<li>Revise <code>isGhes</code> logic by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/963">actions/setup-python#963</a></li>
<li>Bump pillow from 7.2 to 10.2.0 by <a
href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/956">actions/setup-python#956</a></li>
</ul>
<h3>Enhancements:</h3>
<ul>
<li>Enhance workflows and documentation updates by <a
href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/965">actions/setup-python#965</a></li>
<li>Bump default versions to latest by <a
href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/905">actions/setup-python#905</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/941">actions/setup-python#941</a></li>
<li><a href="https://github.com/jww3"><code>@jww3</code></a> made their
first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/963">actions/setup-python#963</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.3.0">https://github.com/actions/setup-python/compare/v5...v5.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/0b93645e9fea7318ecaed2b359559ac225c90a2b"><code>0b93645</code></a>
Enhance workflows: Add macOS 13 support, upgrade publish-action, and
update d...</li>
<li><a
href="https://github.com/actions/setup-python/commit/9c76e716502b18322365741b762fee22a8cffad8"><code>9c76e71</code></a>
Bump pillow from 7.2 to 10.2.0 in /<strong>tests</strong>/data (<a
href="https://redirect.github.com/actions/setup-python/issues/956">#956</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/f4c5a1183d69690d31b6304b7af403a5b56a88d6"><code>f4c5a11</code></a>
Revise <code>isGhes</code> logic (<a
href="https://redirect.github.com/actions/setup-python/issues/963">#963</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e"><code>19dfb7b</code></a>
Bump default versions to latest (<a
href="https://redirect.github.com/actions/setup-python/issues/905">#905</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/e9675cc634901ff55d92c575ecd6945e65464b00"><code>e9675cc</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-python/issues/943">#943</a>
from actions/Jcambass-patch-1</li>
<li><a
href="https://github.com/actions/setup-python/commit/3226af69c08a4851edf81cffc8849d2db148b21f"><code>3226af6</code></a>
Upgrade IA publish</li>
<li><a
href="https://github.com/actions/setup-python/commit/70dcb22d269dc9546a5d97f4b11548f130526421"><code>70dcb22</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-python/issues/941">#941</a>
from actions/Jcambass-patch-1</li>
<li><a
href="https://github.com/actions/setup-python/commit/65b48c71155ac3186106d8d8de14787f5914b8d1"><code>65b48c7</code></a>
Create publish-immutable-actions.yml</li>
<li><a
href="https://github.com/actions/setup-python/commit/29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a"><code>29a37be</code></a>
initial commit (<a
href="https://redirect.github.com/actions/setup-python/issues/938">#938</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/f677139bbe7f9c59b41e40162b753c062f5d49a3...0b93645e9fea7318ecaed2b359559ac225c90a2b">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/dependency-review-action` from 4.3.4 to 4.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump got from 14.4.2 to 14.4.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/844">actions/dependency-review-action#844</a></li>
<li>Bump nodemon from 3.1.0 to 3.1.7 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/847">actions/dependency-review-action#847</a></li>
<li>Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/849">actions/dependency-review-action#849</a></li>
<li>Overriding the cross-spawn dependency to use a safe version by <a
href="https://github.com/Ahmed3lmallah"><code>@Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/850">actions/dependency-review-action#850</a></li>
<li>fix: add summary comment on failure when warn-only: true by <a
href="https://github.com/ebickle"><code>@ebickle</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/827">actions/dependency-review-action#827</a></li>
<li>Prepare for 4.5.0 release by <a
href="https://github.com/Ahmed3lmallah"><code>@Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/851">actions/dependency-review-action#851</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ebickle"><code>@ebickle</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/827">actions/dependency-review-action#827</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4...v4.5.0">https://github.com/actions/dependency-review-action/compare/v4...v4.5.0</a></p>
<h2>v4.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix for merge_group event bug by <a
href="https://github.com/Ahmed3lmallah"><code>@Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/846">actions/dependency-review-action#846</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0">https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0</a></p>
<h2>v4.3.5</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: getRefs function to handle merge_group events by <a
href="https://github.com/louis-bompart"><code>@louis-bompart</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/766">actions/dependency-review-action#766</a></li>
<li>Create pull_request_template.md by <a
href="https://github.com/jonjanego"><code>@jonjanego</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/794">actions/dependency-review-action#794</a></li>
<li>Update CONTRIBUTING.md by <a
href="https://github.com/jonjanego"><code>@jonjanego</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/793">actions/dependency-review-action#793</a></li>
<li>Bump <code>@types/node</code> from 20.11.28 to 20.16.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/815">actions/dependency-review-action#815</a></li>
<li>Upgrade transitive micromatch library by <a
href="https://github.com/elireisman"><code>@elireisman</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/829">actions/dependency-review-action#829</a></li>
<li>Do not list changed dependencies in summary by <a
href="https://github.com/hmaurer"><code>@hmaurer</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/828">actions/dependency-review-action#828</a></li>
<li>Update stale.yaml by <a
href="https://github.com/jonjanego"><code>@jonjanego</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/832">actions/dependency-review-action#832</a></li>
<li>Bump got from 14.4.1 to 14.4.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/822">actions/dependency-review-action#822</a></li>
<li>Bump eslint-plugin-jest and ts-jest by <a
href="https://github.com/Ahmed3lmallah"><code>@Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/840">actions/dependency-review-action#840</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/louis-bompart"><code>@louis-bompart</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/766">actions/dependency-review-action#766</a></li>
<li><a
href="https://github.com/Ahmed3lmallah"><code>@Ahmed3lmallah</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/840">actions/dependency-review-action#840</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5">https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/3b139cfc5fae8b618d3eae3675e383bb1769c019"><code>3b139cf</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/851">#851</a>
from actions/ahmed3lmallah/prepare-for-4.5.0-release</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/d6807b6643179f05418e138a25fff841c8646a2a"><code>d6807b6</code></a>
updating generated code</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/c89b41fdc6d9794d60f1090afe0dca3a28344f01"><code>c89b41f</code></a>
addressing lint issues</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/eee97d8b03930b9729cc733c2064b81da03229ec"><code>eee97d8</code></a>
incrementing project version</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9d101822a37e3a155f1fbce62bf70039ae01e834"><code>9d10182</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/827">#827</a>
from ebickle/fix/comment-warn-only</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9192be9c722c974bdd08907626f2da15cccc50d6"><code>9192be9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/850">#850</a>
from actions/ahmed3lmallah/adressing-CVE-2024-21538</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/2fc8e23b125c76dce6fd50617e881d942f205855"><code>2fc8e23</code></a>
Using cross-spawn safe version</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/fb86db204331e3278a86fde515f9a3856cdd2e61"><code>fb86db2</code></a>
fix: resolve race conditions in async core.group calls</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/0a198ab3ed7324295cb94cee2d50a07dbe3fbe20"><code>0a198ab</code></a>
fix: replace integer failureCount with boolean</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/fc499fc13affcdbaad5544148db6cef2cfd5a377"><code>fc499fc</code></a>
Merge branch 'main' into fix/comment-warn-only</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/5a2ce3f5b92ee19cbb1541a4984c76d921601d7c...3b139cfc5fae8b618d3eae3675e383bb1769c019">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/cache` from 4.1.0 to 4.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>⚠️ Important Changes</h2>
<p>The cache backend service has been rewritten from the ground up for
improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<p>Read more about the change &amp; access the migration guide: <a
href="https://github.com/actions/cache/discussions/1510">reference to
the announcement</a>.</p>
<h3>Minor changes</h3>
<p>Minor and patch version updates for these dependencies:</p>
<ul>
<li><code>@actions/core</code>: <code>1.11.1</code></li>
<li><code>@actions/io</code>: <code>1.1.3</code></li>
<li><code>@vercel/ncc</code>: <code>0.38.3</code></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.2.0">https://github.com/actions/cache/compare/v4...v4.2.0</a></p>
<h2>v4.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Bun example by <a
href="https://github.com/idleberg"><code>@idleberg</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1456">actions/cache#1456</a></li>
<li>Revise <code>isGhes</code> logic by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1474">actions/cache#1474</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1475">actions/cache#1475</a></li>
<li>Add dependabot.yml to enable automatic dependency upgrades by <a
href="https://github.com/Link"><code>@Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1476">actions/cache#1476</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1478">actions/cache#1478</a></li>
<li>Bump actions/stale from 3 to 9 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1479">actions/cache#1479</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1483">actions/cache#1483</a></li>
<li>Bump actions/setup-node from 3 to 4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1481">actions/cache#1481</a></li>
<li>Prepare <code>4.1.2</code> release by <a
href="https://github.com/Link"><code>@Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1477">actions/cache#1477</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/idleberg"><code>@idleberg</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1456">actions/cache#1456</a></li>
<li><a href="https://github.com/jww3"><code>@jww3</code></a> made their
first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1474">actions/cache#1474</a></li>
<li><a href="https://github.com/Link"><code>@Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1476">actions/cache#1476</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.1.2">https://github.com/actions/cache/compare/v4...v4.1.2</a></p>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1467">actions/cache#1467</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<h3>4.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
20</li>
</ul>
<h3>3.4.0</h3>
<ul>
<li>Integrated with the new cache service (v2) APIs</li>
</ul>
<h3>3.3.3</h3>
<ul>
<li>Updates <code>@actions/cache</code> to v3.2.3 to fix accidental
mutated path arguments to <code>getCacheVersion</code> <a
href="https://redirect.github.com/actions/toolkit/pull/1378">actions/toolkit#1378</a></li>
<li>Additional audit fixes of npm package(s)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/1bd1e32a3bdc45362d1e726936510720a7c30a57"><code>1bd1e32</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1509">#1509</a>
from actions/Link-/cache-4.2.0</li>
<li><a
href="https://github.com/actions/cache/commit/882d7ced4c9b8af53ed67bfa36ee600195e62940"><code>882d7ce</code></a>
Add 3.4.0 release notes</li>
<li><a
href="https://github.com/actions/cache/commit/f2695d7a42dd0d7ad21976ed7ab91dbdbc3c2216"><code>f2695d7</code></a>
Rerun CI</li>
<li><a
href="https://github.com/actions/cache/commit/f46ceeb60d3da27b7cbac269520a4b1bfb15f199"><code>f46ceeb</code></a>
Add licensed output</li>
<li><a
href="https://github.com/actions/cache/commit/e6f5858749f178cf4a01b0d777917ba913710560"><code>e6f5858</code></a>
Add lodash to list of reviewed licenses</li>
<li><a
href="https://github.com/actions/cache/commit/4ae6f21c0d820c73db2589af6983e001d8c19c1d"><code>4ae6f21</code></a>
Add reviewed licensed packages</li>
<li><a
href="https://github.com/actions/cache/commit/c16df86586baf94b0deaa873e22eb739c59e5b15"><code>c16df86</code></a>
Add licensed output</li>
<li><a
href="https://github.com/actions/cache/commit/b109c12f3bdd6fb6a7dd42b202df645243efbd2f"><code>b109c12</code></a>
Upgrade <code>@actions/core</code> to 1.11.1 and other deps</li>
<li><a
href="https://github.com/actions/cache/commit/b7d227d702af06e6be1fa308c014252c10bbc267"><code>b7d227d</code></a>
Upgrade <code>@vercel/ncc</code> to 0.38.3</li>
<li><a
href="https://github.com/actions/cache/commit/faf639248d95d2a6c5884b8e6588e233eb3b10a0"><code>faf6392</code></a>
Update RELEASES.md</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2...1bd1e32a3bdc45362d1e726936510720a7c30a57">compare
view</a></li>
</ul>
</details>
<br />

Updates `mamba-org/setup-micromamba` from 2.0.0 to 2.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mamba-org/setup-micromamba/releases">mamba-org/setup-micromamba's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Bug fixes</h3>
<ul>
<li>Test cmd.exe for older micromamba version by <a
href="https://github.com/pavelzw"><code>@pavelzw</code></a> in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/236">mamba-org/setup-micromamba#236</a></li>
<li>Fixed regex for matching versions by <a
href="https://github.com/JohanMabille"><code>@JohanMabille</code></a>
in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/253">mamba-org/setup-micromamba#253</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>docs: Mention v2 in README.md by <a
href="https://github.com/jjerphan"><code>@jjerphan</code></a> in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/249">mamba-org/setup-micromamba#249</a></li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>Bump softprops/action-gh-release from 2.0.8 to 2.0.9 in the actions
group by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/239">mamba-org/setup-micromamba#239</a></li>
<li>Bump softprops/action-gh-release from 2.0.9 to 2.1.0 in the actions
group by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/252">mamba-org/setup-micromamba#252</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/mamba-org/setup-micromamba/compare/v2.0.2...v2.0.3">https://github.com/mamba-org/setup-micromamba/compare/v2.0.2...v2.0.3</a></p>
<h2>v2.0.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Bug fixes</h3>
<ul>
<li>fix: Do not copy old Windows activation script as of 2.0.4 by <a
href="https://github.com/jjerphan"><code>@jjerphan</code></a> in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/246">mamba-org/setup-micromamba#246</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jjerphan"><code>@jjerphan</code></a>
made their first contribution in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/246">mamba-org/setup-micromamba#246</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/mamba-org/setup-micromamba/compare/v2.0.1...v2.0.2">https://github.com/mamba-org/setup-micromamba/compare/v2.0.1...v2.0.2</a></p>
<h2>v2.0.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>New features</h3>
<ul>
<li>Propagate errors from micromamba-shell by <a
href="https://github.com/maresb"><code>@maresb</code></a> in <a
href="https://redirect.github.com/mamba-org/setup-micromamba/pull/241">mamba-org/setup-micromamba#241</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/mamba-org/setup-micromamba/compare/v2.0.0...v2.0.1">https://github.com/mamba-org/setup-micromamba/compare/v2.0.0...v2.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29"><code>068f1ab</code></a>
Fixed regex for matching versions (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/253">#253</a>)</li>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/c8d39fb8e53f777c237477c71e043b69755bec64"><code>c8d39fb</code></a>
Bump softprops/action-gh-release from 2.0.9 to 2.1.0 in the actions
group (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/252">#252</a>)</li>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/84158641b67d8cc7fbd703dbdf749078f8bddab5"><code>8415864</code></a>
Test cmd.exe for older micromamba version (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/236">#236</a>)</li>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/1d8f11622e0b2ec3a223671b748f8c40ac110351"><code>1d8f116</code></a>
docs: Mention v2 in README.md (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/249">#249</a>)</li>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/a580d2e4da4ae4a37715132b11502c6906e7ae2c"><code>a580d2e</code></a>
Bump softprops/action-gh-release from 2.0.8 to 2.0.9 in the actions
group (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/239">#239</a>)</li>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/06375d89d211a1232ef63355742e9e2e564bc7f7"><code>06375d8</code></a>
fix: Do not copy old Windows activation script as of 2.0.4 (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/246">#246</a>)</li>
<li><a
href="https://github.com/mamba-org/setup-micromamba/commit/ab6bf8bf7403e8023a094abeec19d6753bdc143e"><code>ab6bf8b</code></a>
bug: Propagate errors from micromamba-shell (<a
href="https://redirect.github.com/mamba-org/setup-micromamba/issues/241">#241</a>)</li>
<li>See full diff in <a
href="https://github.com/mamba-org/setup-micromamba/compare/617811f69075e3fd3ae68ca64220ad065877f246...068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29">compare
view</a></li>
</ul>
</details>
<br />

Updates `coverallsapp/github-action` from 2.3.0 to 2.3.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coverallsapp/github-action/releases">coverallsapp/github-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Add <code>coverage-reporter-platform</code> input option by <a
href="https://github.com/afinetooth"><code>@afinetooth</code></a> in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/233">coverallsapp/github-action#233</a>
<ul>
<li>Since we have added support for <code>coverage-reporter</code> on
<code>aarch64</code>, we need to provide users of our
<code>github-action</code> the ability to <em>select</em> this
architecture-specific version of <code>coverage-reporter</code> when
they're using an <code>aarch64</code> / <code>arm64</code> runner in
CI.</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coverallsapp/github-action/compare/v2...v2.3.4">https://github.com/coverallsapp/github-action/compare/v2...v2.3.4</a></p>
<h2>v2.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Make sure the major version tag always points to the latest release
(fixes <a
href="https://redirect.github.com/coverallsapp/github-action/issues/222">#222</a>)
by <a href="https://github.com/afinetooth"><code>@afinetooth</code></a>
in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/230">coverallsapp/github-action#230</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coverallsapp/github-action/compare/v2...v2.3.3">https://github.com/coverallsapp/github-action/compare/v2...v2.3.3</a></p>
<h2>v2.3.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Verify that <code>coverage-reporter-version</code> option is
recognized by <a
href="https://github.com/afinetooth"><code>@afinetooth</code></a> in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/229">coverallsapp/github-action#229</a></li>
<li>Add <code>build-number</code> to supported inputs options by <a
href="https://github.com/afinetooth"><code>@afinetooth</code></a> and
<a
href="https://github.com/brianatgather"><code>@brianatgather</code></a>
in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/228">coverallsapp/github-action#228</a></li>
<li>Change <code>sha256sum</code> command flag to be compatible with
<code>alpine</code> linux distros by <a
href="https://github.com/afinetooth"><code>@afinetooth</code></a> and
<a href="https://github.com/jdebbink"><code>@jdebbink</code></a> in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/227">coverallsapp/github-action#227</a></li>
<li>Docs: Fix the action version in usage example by <a
href="https://github.com/Jeff-Tian"><code>@Jeff-Tian</code></a> in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/210">coverallsapp/github-action#210</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/brianatgather"><code>@brianatgather</code></a>
made their first contribution in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/228">coverallsapp/github-action#228</a>
/ <a
href="https://redirect.github.com/coverallsapp/github-action/pull/199">coverallsapp/github-action#199</a></li>
<li><a href="https://github.com/jdebbink"><code>@jdebbink</code></a>
made their first contribution in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/227">coverallsapp/github-action#227</a>
/ <a
href="https://redirect.github.com/coverallsapp/github-action/pull/198">coverallsapp/github-action#198</a></li>
<li><a href="https://github.com/Jeff-Tian"><code>@Jeff-Tian</code></a>
made their first contribution in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/210">coverallsapp/github-action#210</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coverallsapp/github-action/compare/v2.3.1...v2.3.2">https://github.com/coverallsapp/github-action/compare/v2.3.1...v2.3.2</a></p>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<p>Extend behavior of <code>fail-on-error</code> option to setup
failures by <a
href="https://github.com/afinetooth"><code>@afinetooth</code></a> in <a
href="https://redirect.github.com/coverallsapp/github-action/pull/226">coverallsapp/github-action#226</a></p>
<ul>
<li>
<p>Technically an enhancement, these changes make the action behave as
many customers already expect by ignoring <em>any and all</em> failures
when the <code>fail-on-error</code> input is set to
<code>false</code>.</p>
</li>
<li>
<p>Adds logic to handle any failures in &quot;setup&quot; tasks,
including downloading the <code>coverage-reporter</code> binary,
verifying the binary, and finding the binary by its expected name after
extraction.</p>
</li>
<li>
<p>The new logic checks these actions and exits with code <code>1</code>
on failure, except if <code>fail-on-error</code> is set to
<code>true</code>, in which case it returns exit code
<code>0</code>.</p>
</li>
<li>
<p>Adds a matrix workflow that tests the action for each <code>os</code>
and the two key binary commands (<code>coveralls report</code> and
<code>coevralls done</code>). Each of these scenarios implicitly tests
our setup tasks since they run first in each scenario.</p>
</li>
<li>
<p>Also extends the behavior of <code>debug: true</code> to flip the
shell-specific debug flag for each <code>os</code> including <code>set
-x</code> for <code>linux</code> and <code>macos</code> and
<code>Set-PSDebug -Trace 1</code> for <code>windows</code>.</p>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coverallsapp/github-action/compare/v2.3.0...v2.3.1">https://github.com/coverallsapp/github-action/compare/v2.3.0...v2.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/coverallsapp/github-action/commit/cfd0633edbd2411b532b808ba7a8b5e04f76d2c8"><code>cfd0633</code></a>
Add <code>coverage-reporter-platform</code> input option (<a
href="https://redirect.github.com/coverallsapp/github-action/issues/233">#233</a>)</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/0db2c3cdacfee94645baa18e49ff07a7cda3b66b"><code>0db2c3c</code></a>
Update README.md</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/29d7fa20924d88c951ddd9a4391ae3d55fedaab0"><code>29d7fa2</code></a>
Add two more helpful steps to update-major-version-tag workflow (<a
href="https://redirect.github.com/coverallsapp/github-action/issues/231">#231</a>)</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/4cdef0b2dbe0c9aa26bed48edb868db738625e79"><code>4cdef0b</code></a>
Always point the major version tag to the latest release (<a
href="https://redirect.github.com/coverallsapp/github-action/issues/230">#230</a>)</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/43f11c4e058174f808ee9cd63701b6c42fe3f5e3"><code>43f11c4</code></a>
Verify that <code>coverage-reporter-version</code> option is recognized
(<a
href="https://redirect.github.com/coverallsapp/github-action/issues/229">#229</a>)</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/c25823128118109751e3ef803755f685b98531ef"><code>c258231</code></a>
Add build number to supported inputs options (<a
href="https://redirect.github.com/coverallsapp/github-action/issues/228">#228</a>)</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/0ae24004e20834b127ed812d7009d31d11fd47a4"><code>0ae2400</code></a>
Change command to to be compatible with alpine distros. (<a
href="https://redirect.github.com/coverallsapp/github-action/issues/227">#227</a>)</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/f7956979c7d9e293f310ba1e1e08845c1559f076"><code>f795697</code></a>
Update README.md</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/38d584dc0b21b823b1459f31874a5e0121c5d3a5"><code>38d584d</code></a>
Update README.md</li>
<li><a
href="https://github.com/coverallsapp/github-action/commit/9a6b4a8b366a1e0dda4bb4a0f9a592347fe98c87"><code>9a6b4a8</code></a>
docs: fix the action version (<a
href="https://redirect.github.com/coverallsapp/github-action/issues/210">#210</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/coverallsapp/github-action/compare/643bc377ffa44ace6394b2b5d0d3950076de9f63...cfd0633edbd2411b532b808ba7a8b5e04f76d2c8">compare
view</a></li>
</ul>
</details>
<br />

Updates `pypa/gh-action-pypi-publish` from 1.10.3 to 1.12.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/gh-action-pypi-publish/releases">pypa/gh-action-pypi-publish's
releases</a>.</em></p>
<blockquote>
<h2>v1.12.3</h2>
<h2>✨ What's Improved</h2>
<p>With the updates by <a
href="https://github.com/woodruffw"><code>@woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> and <a
href="https://github.com/webknjaz"><code>@webknjaz</code></a><a
href="https://github.com/sponsors/webknjaz">💰</a> via <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/309">#309</a>
and <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313">#313</a>,
it is now possible to publish <a
href="https://packaging.python.org/en/latest/glossary/#term-Distribution-Package">distribution
packages</a> that include <a
href="https://packaging.python.org/en/latest/specifications/core-metadata/#metadata-version">core
metadata v2.4</a>, like those built using <a
href="https://www.maturin.rs/tutorial">maturin</a>. This is done by
bumping <code>Twine</code> to v6.0.1 and <code>pkginfo</code> to
v1.12.0.</p>
<h2>📝 Docs</h2>
<p>We've made an attempt to clarify the runtime and workflow shape that
are expected to be supported for calling this action in: <a
href="https://github.com/marketplace/actions/pypi-publish#Non-goals">https://github.com/marketplace/actions/pypi-publish#Non-goals</a>.</p>
<blockquote>
<p>[!TIP]
Please, let us know in the <a
href="https://github.com/pypa/gh-action-pypi-publish/discussions/314">release
discussion</a> if anything still remains unclear.
<em>TL;DR</em> always call <a
href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a>
once per job; don't invoke it in reusable workflows; physically move
building the dists into separate jobs having restricted permissions and
storing the dists as GitHub Actions artifacts; when using self-hosted
runners, make sure to still use <a
href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a>
on a GitHub-provided infra with <code>runs-on: ubuntu-latest</code>,
while building and testing may remain self-hosted; don't perform any
other actions in the publishing job; don't call <a
href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a>
from composite actions.</p>
</blockquote>
<h2>🛠️ Internal Updates</h2>
<p><a
href="https://github.com/br3ndonland"><code>@br3ndonland</code></a><a
href="https://github.com/sponsors/br3ndonland">💰</a> improved the
container image generation automation to include Git SHA in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/301">#301</a>.
And <a
href="https://github.com/woodruffw"><code>@woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> added the
<code>workflow_ref</code> context to Trusted Publishing debug logging in
<a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/305">#305</a>,
helping us diagnose misconfigurations faster. <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313">#313</a>
also extends the smoke test in the CI to check against the <a
href="https://www.maturin.rs/tutorial">maturin</a>-made dists.
Additionally, <code>jeepney</code> and <code>secretstorage</code>
transitive deps have been added to the pip constraint-based lock file,
as Dependabot seems to have missed those earlier.</p>
<p><strong>🪞 Full Diff</strong>: <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3">https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3</a></p>
<p><strong>🧔‍♂️ Release Manager:</strong> <a
href="https://github.com/sponsors/webknjaz"><code>@webknjaz</code></a>
<a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p>
<p><strong>🙏 Special Thanks</strong> to <a
href="https://github.com/samuelcolvin"><code>@samuelcolvin</code></a><a
href="https://github.com/sponsors/samuelcolvin">💰</a> for nudging me to
cut this release sooner and for <a
href="https://github.com/sponsors/webknjaz">sponsoring me</a> via <a
href="https://github.com/pydantic"><code>@pydantic</code></a><a
href="https://github.com/sponsors/pydantic">💰</a>!</p>
<p><strong>🔌 Shameless Plug</strong>: The other day I've made this <a
href="https://bsky.app/starter-pack/webknjaz.me/3lbt5nu3vw22b">🦋 Bluesky
🇺🇦 FOSS Maintainers Starter Pack</a> subscribe to read news from people
like me :)</p>
<p><strong>💬 Discuss</strong> <a
href="https://bsky.app/profile/webknjaz.me/post/3lcve36mtpk22">on
Bluesky 🦋</a>, <a
href="https://mastodon.social/@webknjaz/113624274498685157">on Mastodon
🐘</a> and <a
href="https://github.com/pypa/gh-action-pypi-publish/discussions/314">on
GitHub</a>.</p>
<h2>v1.12.2</h2>
<h2>🐛 What's Fixed</h2>
<p>The fix for signing legacy zip sdists turned out to be incomplete, so
<a href="https://github.com/woodruffw"><code>@woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> promptly produced
another follow-up that updated <code>pypi-attestations</code> from
v0.0.13 to v0.0.15 in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/297">#297</a>.
This is the only change since the previous release.</p>
<p><strong>🪞 Full Diff</strong>: <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2">https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2</a></p>
<p><strong>🧔‍♂️ Release Manager:</strong> <a
href="https://github.com/sponsors/webknjaz"><code>@webknjaz</code></a>
<a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p>
<h2>v1.12.1</h2>
<h2>🐛 What's Fixed</h2>
<p>Version v1.12.0 hit several rare corner cases we never considered
fully supported, and this release fixes a few of those.
In <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/294">#294</a>,
<a href="https://github.com/webknjaz"><code>@webknjaz</code></a><a
href="https://github.com/sponsors/webknjaz">💰</a> improved the
self-hosted runner experience by pre-installing Python if it's not
there, and with <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/293">#293</a>
the ability to use the action on GitHub Enterprise instances has been
restored. The latter should've also fixed the ability to invoke <a
href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a>
from nested in-repo composite actions — another exotic use-case that was
never tested in our CI.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/67339c736fd9354cd4f8cb0b744f2b82a74b5c70"><code>67339c7</code></a>
📦 Only keep lower bounds @ input requirements</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/cbd6d01d855e02aab0908c7709d5c0ddc88c617a"><code>cbd6d01</code></a>
📝Fix a typo in &quot;privileges&quot; @ README</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/7252a9a09cc96cd5a356936f3d7570445b30bd8d"><code>7252a9a</code></a>
📝 Outline unsupported scenarios in README</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/a536fa950501c91689aa954f1d7b15c0503b6fc6"><code>a536fa9</code></a>
📌📦 Include jeepney &amp; secretstorage pins</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/43caae4bb174f4ce5ae7e6d8bb85eb54f0fd9e80"><code>43caae4</code></a>
💅📦 Split transitive dep constraints</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/f371c3d5667fcc0531a2b48ebe2d44d3c314f905"><code>f371c3d</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313">#313</a>
from webknjaz/maintenance/metadata-2.4</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/138a1215a3f0562a56c666c244d8f25a8e874e5b"><code>138a121</code></a>
📌📦 Pin <code>pkginfo</code> to v1.12 @ runtime deps</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/ff2b051b0afcb29a320583463b190216bbf80be4"><code>ff2b051</code></a>
🧪 Add a Maturin-based package to CI</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/0a0a6ae824040d7349dd2b2471a7907b86b45074"><code>0a0a6ae</code></a>
🧪 Allow CI to register multiple distributions</li>
<li><a
href="https://github.com/pypa/gh-action-pypi-publish/commit/e7723a410eb01c55f02a75cf26a230ed14f1b19e"><code>e7723a4</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/309">#309</a>
from trail-of-forks/ww/bumptwine</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/f7600683efdcb7656dec5b29656edb7bc586e597...67339c736fd9354cd4f8cb0b744f2b82a74b5c70">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 4.4.0 to 4.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: deprecated <code>Node.js</code> version in action by <a
href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li>
<li>Add new <code>artifact-digest</code> output by <a
href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li>
<li><a href="https://github.com/bdehamer"><code>@bdehamer</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0">https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0</a></p>
<h2>v4.4.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Undo indirect dependency updates from <a
href="https://redirect.github.com/actions/upload-artifact/issues/627">#627</a>
by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/632">actions/upload-artifact#632</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3">https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3</a></p>
<h2>v4.4.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@actions/artifact</code> to 2.1.11 by <a
href="https://github.com/robherley"><code>@robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/627">actions/upload-artifact#627</a>
<ul>
<li>Includes fix for relative symlinks not resolving properly</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2">https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2</a></p>
<h2>v4.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add a section about hidden files by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/607">actions/upload-artifact#607</a></li>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/621">actions/upload-artifact#621</a></li>
<li>Update <code>@actions/artifact</code> to latest version, includes
symlink and timeout fixes by <a
href="https://github.com/robherley"><code>@robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/625">actions/upload-artifact#625</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/621">actions/upload-artifact#621</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1">https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/6f51ac03b9356f520e9adb1b1b7802705f340c2b"><code>6f51ac0</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/656">#656</a>
from bdehamer/bdehamer/artifact-digest</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/c40c16d999899d3642ba1597014ba7ef8ff611e7"><code>c40c16d</code></a>
add new artifact-digest output</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/735efb4a0a50bb1a533b000483f2d0a23effbd26"><code>735efb4</code></a>
bump <code>@actions/artifact</code> from 2.1.11 to 2.2.0</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/184d73b71b93c222403b2e7f1ffebe4508014249"><code>184d73b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/578">#578</a>
from hamirmahal/fix/deprecated-nodejs-usage-in-action</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b4a0a984a056f94abb1db07895e844b9422e1e41"><code>b4a0a98</code></a>
Merge branch 'main' into fix/deprecated-nodejs-usage-in-action</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882"><code>b4b15b8</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/632">#632</a>
from actions/joshmgross/undo-dependency-changes</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/92b01ebffaf2e2520c64ab2845d3f9bd5c06941a"><code>92b01eb</code></a>
Undo indirect dependency updates from <a
href="https://redirect.github.com/actions/upload-artifact/issues/627">#627</a></li>
<li><a
href="https://github.com/actions/upload-artifact/commit/84480863f228bb9747b473957fcc9e309aa96097"><code>8448086</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/627">#627</a>
from actions/robherley/v4.4.2</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b1d4642b699cfe7e338a864cc36849b29ad04a75"><code>b1d4642</code></a>
add explicit relative and absolute symlinks to workflow</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/d50e66084c4d29dc5d3326b7a0e67bed9ef4bb1e"><code>d50e660</code></a>
bump version</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/50769540e7f4bd5e21e526ee35c689e35e0d6874...6f51ac03b9356f520e9adb1b1b7802705f340c2b">compare
view</a></li>
</ul>
</details>
<br />

Updates `softprops/action-gh-release` from 2.0.8 to 2.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: read the release assets asynchronously by <a
href="https://github.com/xen0n"><code>@xen0n</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/552">softprops/action-gh-release#552</a></li>
</ul>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix(docs): clarify the default for tag_name by <a
href="https://github.com/alexeagle"><code>@alexeagle</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/544">softprops/action-gh-release#544</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump typescript from 5.6.3 to 5.7.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/548">softprops/action-gh-release#548</a></li>
<li>chore(deps): bump <code>@types/node</code> from 22.9.0 to 22.9.4 by
<a href="https://github.com/dependabot"><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/softprops/action-gh-release/pull/547">softprops/action-gh-release#547</a></li>
<li>chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/545">softprops/action-gh-release#545</a></li>
<li>chore(deps): bump <code>@vercel/ncc</code> from 0.38.2 to 0.38.3 by
<a href="https://github.com/dependabot"><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/softprops/action-gh-release/pull/543">softprops/action-gh-release#543</a></li>
<li>chore(deps): bump prettier from 3.3.3 to 3.4.1 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/550">softprops/action-gh-release#550</a></li>
<li>chore(deps): bump <code>@types/node</code> from 22.9.4 to 22.10.1
by <a href="https://github.com/dependabot"><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/551">softprops/action-gh-release#551</a></li>
<li>chore(deps): bump prettier from 3.4.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/554">softprops/action-gh-release#554</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/alexeagle"><code>@alexeagle</code></a>
made their first contribution in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/544">softprops/action-gh-release#544</a></li>
<li><a href="https://github.com/xen0n"><code>@xen0n</code></a> made
their first contribution in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/552">softprops/action-gh-release#552</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/softprops/action-gh-release/compare/v2.1.0...v2.2.0">https://github.com/softprops/action-gh-release/compare/v2.1.0...v2.2.0</a></p>
<h2>v2.1.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: add support for release assets with multiple spaces within the
name by <a href="https://github.com/dukhine"><code>@dukhine</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/518">softprops/action-gh-release#518</a></li>
<li>feat: preserve upload order by <a
href="https://github.com/richarddd"><code>@richarddd</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/500">softprops/action-gh-release#500</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump <code>@types/node</code> from 22.8.2 to 22.8.7 by
<a href="https://github.com/dependabot"><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/softprops/action-gh-release/pull/539">softprops/action-gh-release#539</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dukhine"><code>@dukhine</code></a> made
their first contribution in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/518">softprops/action-gh-release#518</a></li>
<li><a href="https://github.com/richarddd"><code>@richarddd</code></a>
made their first contribution in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/500">softprops/action-gh-release#500</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/softprops/action-gh-release/compare/v2...v2.1.0">https://github.com/softprops/action-gh-release/compare/v2...v2.1.0</a></p>
<h2>v2.0.9</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>maintenance release with updated dependencies</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kbakdev"><code>@kbakdev</code></a> made
their first contribution in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/521">softprops/action-gh-release#521</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/softprops/action-gh-release/compare/v2...v2.0.9">https://github.com/softprops/action-gh-release/compare/v2...v2.0.9</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's
changelog</a>.</em></p>
<blockquote>
<h2>2.2.0</h2>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: read the release assets asynchronously by <a
href="https://github.com/xen0n"><code>@xen0n</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/552">softprops/action-gh-release#552</a></li>
</ul>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix(docs): clarify the default for tag_name by <a
href="https://github.com/alexeagle"><code>@alexeagle</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/544">softprops/action-gh-release#544</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump typescript from 5.6.3 to 5.7.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/548">softprops/action-gh-release#548</a></li>
<li>chore(deps): bump <code>@types/node</code> from 22.9.0 to 22.9.4 by
<a href="https://github.com/dependabot"><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/softprops/action-gh-release/pull/547">softprops/action-gh-release#547</a></li>
<li>chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/545">softprops/action-gh-release#545</a></li>
<li>chore(deps): bump <code>@vercel/ncc</code> from 0.38.2 to 0.38.3 by
<a href="https://github.com/dependabot"><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/softprops/action-gh-release/pull/543">softprops/action-gh-release#543</a></li>
<li>chore(deps): bump prettier from 3.3.3 to 3.4.1 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/550">softprops/action-gh-release#550</a></li>
<li>chore(deps): bump <code>@types/node</code> from 22.9.4 to 22.10.1
by <a href="https://github.com/dependabot"><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/551">softprops/action-gh-release#551</a></li>
<li>chore(deps): bump prettier from 3.4.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/554">softprops/action-gh-release#554</a></li>
</ul>
<h2>2.1.0</h2>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: add support for release assets with multiple spaces within the
name by <a href="https://github.com/dukhine"><code>@dukhine</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/518">softprops/action-gh-release#518</a></li>
<li>feat: preserve upload order by <a
href="https://github.com/richarddd"><code>@richarddd</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/500">softprops/action-gh-release#500</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump <code>@types/node</code> from 22.8.2 to 22.8.7 by
<a href="https://github.com/dependabot"><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/softprops/action-gh-release/pull/539">softprops/action-gh-release#539</a></li>
</ul>
<h2>2.0.9</h2>
<ul>
<li>maintenance release with updated dependencies</li>
</ul>
<h2>2.0.8</h2>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump prettier from 2.8.0 to 3.3.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/480">softprops/action-gh-release#480</a></li>
<li>chore(deps): bump <code>@types/node</code> from 20.14.9 to 20.14.11
by <a href="https://github.com/dependabot"><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/483">softprops/action-gh-release#483</a></li>
<li>chore(deps): bump <code>@octokit/plugin-throttling</code> from
9.3.0 to 9.3.1 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/484">softprops/action-gh-release#484</a></li>
<li>chore(deps): bump glob from 10.4.2 to 11.0.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href…

Loading branch information

Zeitsperre authored Jan 3, 2025

2 parents b190d08 + 6c5cfed commit 8fb2ee7

.github/workflows/bump-version.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -47,7 +47,7 @@ jobs:
  
          contents: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

    @@ -61,7 +61,7 @@ jobs:
  
              persist-credentials: false

              fetch-depth: 0

          - name: Set up Python3

            uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0

            uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0

            with:

              python-version: "3.x"

          - name: Config Commit Bot

.github/workflows/cache-cleaner.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -16,7 +16,7 @@ jobs:
  
          actions: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

.github/workflows/dependency-review.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -18,7 +18,7 @@ jobs:
  
        runs-on: ubuntu-latest

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

    @@ -31,4 +31,4 @@ jobs:
  
            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Dependency Review

            uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4

            uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/first-pull-request.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -16,7 +16,7 @@ jobs:
  
          pull-requests: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

.github/workflows/label.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -23,7 +23,7 @@ jobs:
  
          pull-requests: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

.github/workflows/main.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -34,13 +34,13 @@ jobs:
  
              - "3.x"

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              egress-policy: audit

          - name: Checkout Repository

            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Set up Python${{ matrix.python-version }}

            uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0

            uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0

            with:

              python-version: ${{ matrix.python-version }}

              cache: pip

    @@ -63,13 +63,13 @@ jobs:
  
            python-version: [ "3.9", "3.10", "3.11", "3.12" ] # "3.13"

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              egress-policy: audit

          - name: Checkout Repository

            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Set up Python ${{ matrix.python-version }}

            uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0

            uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0

            with:

              python-version: ${{ matrix.python-version }}

              cache: pip

    @@ -82,7 +82,7 @@ jobs:
  
            run: |

              python -m pip install --require-hashes -r CI/requirements_ci.txt

          - name: Environment Caching

            uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0

            uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0

            with:

              path: .tox

              key: ${{ matrix.os }}-Python${{ matrix.python-version }}-${{ hashFiles('pyproject.toml', 'tox.ini') }}

    @@ -108,13 +108,13 @@ jobs:
  
            shell: bash -l {0}

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              egress-policy: audit

          - name: Checkout Repository

            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}

            uses: mamba-org/setup-micromamba@617811f69075e3fd3ae68ca64220ad065877f246 # v2.0.0

            uses: mamba-org/setup-micromamba@068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29 # v2.0.3

            with:

              cache-downloads: true

              environment-file: environment-dev.yml

    @@ -147,11 +147,11 @@ jobs:
  
        runs-on: ubuntu-latest

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: audit

          - name: Coveralls Finished

            uses: coverallsapp/github-action@643bc377ffa44ace6394b2b5d0d3950076de9f63 # v2.3.0

            uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 # v2.3.4

            with:

              parallel-finished: true

.github/workflows/publish-pypi.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -18,7 +18,7 @@ jobs:
  
          id-token: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

    @@ -30,7 +30,7 @@ jobs:
  
          - name: Checkout Repository

            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Set up Python3

            uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0

            uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0

            with:

              python-version: "3.x"

          - name: Install CI libraries

    @@ -40,4 +40,4 @@ jobs:
  
            run: |

              python -m flit build

          - name: Publish distribution 📦 to PyPI

            uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3

            uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3

.github/workflows/scorecard.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -29,7 +29,7 @@ jobs:
  
          id-token: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

    @@ -72,7 +72,7 @@ jobs:
  
          # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF

          # format to the repository Actions tab.

          - name: Upload Artifact

            uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0

            uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0

            with:

              name: SARIF file

              path: results.sarif

.github/workflows/tag-testpypi.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -17,13 +17,13 @@ jobs:
  
          contents: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              egress-policy: audit

          - name: Checkout Repository

            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Create Release

            uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # 2.0.8

            uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # 2.2.0

            env:

              # This token is provided by Actions, you do not need to create your own token

              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    @@ -42,7 +42,7 @@ jobs:
  
          id-token: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

    @@ -54,7 +54,7 @@ jobs:
  
          - name: Checkout Repository

            uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

          - name: Set up Python3

            uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0

            uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0

            with:

              python-version: "3.x"

          - name: Install CI libraries

    @@ -64,7 +64,7 @@ jobs:
  
            run: |

              python -m flit build

          - name: Publish distribution 📦 to Test PyPI

            uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3

            uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3

            with:

              repository-url: https://test.pypi.org/legacy/

              skip-existing: true

.github/workflows/workflow-warning.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -25,7 +25,7 @@ jobs:
  
          pull-requests: write

        steps:

          - name: Harden Runner

            uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1

            uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

            with:

              disable-sudo: true

              egress-policy: block

0 comments on commit `8fb2ee7`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `8fb2ee7`

Commit

There are no files selected for viewing

0 comments on commit 8fb2ee7

0 comments on commit `8fb2ee7`