Skip to content

Commit

Permalink
chore(deps): update workflows (#2050)
Browse files Browse the repository at this point in the history 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.24.6` -> `v2.24.7` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.12` -> `v1.8.14` |

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.14`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.14)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.13...v1.8.14)

#### 🛠️ Internal Dependencies

Nothing changed feature-wise. The only notable update is that the
underlying container runtime now uses Python 3.12 and pip has been
updated to v24.0 there.
This is should go unnoticed in terms of behavior. It's just a bit of
maintenance burden to be done occasionally by
[@&#8203;webknjaz](https://togithub.com/webknjaz)[💰](https://togithub.com/sponsors/webknjaz).
*Enjoy!*

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.8.13...v1.8.14

**🧔‍♂️ Release Manager:** [@&#8203;webknjaz
🇺🇦](https://togithub.com/sponsors/webknjaz)

###
[`v1.8.13`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.13)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.12...v1.8.13)

#### 🐛 What's Fixed

This action is now able to consume and publish distribution packages
with `Metadata-Version: 2.3` embedded.

#### 🛠️ Internal Dependencies


[@&#8203;SigureMo](https://togithub.com/SigureMo)[💰](https://togithub.com/sponsors/SigureMo)
sent us a bump of `pkginfo` version to version 1.10.0 in
[#&#8203;219](https://togithub.com/pypa/gh-action-pypi-publish/issues/219).
It's a transitive dependency for us and is not an API-level change but
upgrading it has a side effect of letting Twine recognize distribution
packages [declaring `Metadata-Version:
2.3`](https://packaging.python.org/en/latest/specifications/core-metadata/).
In particular, it is known to affect distributions built with `Maturin
>= 1.5.0`.

Following that,
[@&#8203;webknjaz](https://togithub.com/webknjaz)[💰](https://togithub.com/sponsors/webknjaz)
upgraded other transitive and direct dependency pins, including, among
others, the following notable bumps:

-   `cryptography == 42.0.5`
-   `id == 1.3.0`
-   `readme-renderer == 43.0`
-   `Twine == 5.0.0`

#### 💪 New Contributors

[@&#8203;SigureMo](https://togithub.com/SigureMo) made their first
contribution in
[https://github.com/pypa/gh-action-pypi-publish/pull/219](https://togithub.com/pypa/gh-action-pypi-publish/pull/219)

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.8.12...v1.8.13

**🧔‍♂️ Release Manager:** [@&#8203;webknjaz
🇺🇦](https://togithub.com/sponsors/webknjaz)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
  • Loading branch information
@renovate-bot
renovate-bot authored Mar 14, 2024
1 parent f532637 commit d2f4645
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/publish-to-pypi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
build
--sdist --wheel --outdir dist/ .
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06 # v1.8.12
uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
with:
password: ${{ secrets.PYPI_API_TOKEN }}
packages_dir: dist/
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@928ff8c822d966a999092a6a35e32177899afb7c # v2.24.6
uses: github/codeql-action/upload-sarif@e56cfd0877b4826be144d11aa31e6c64a55828e9 # v2.24.7
with:
sarif_file: results.sarif

0 comments on commit d2f4645

Please sign in to comment.