Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.8.9

[dependabot]

Bumps pypa/gh-action-pypi-publish from 1.6.4 to 1.8.9.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.9

💅 Cosmetic output improvements

• @​woodruffw added debug output to the trusted publishing OIDC exchange on failures in pypa/gh-action-pypi-publish#174
• @​woodruffw implemented Markdown semantic callouts in README via pypa/gh-action-pypi-publish#175

🛠️ Internal dependencies

• Certifi was bumped from 2023.5.7 to 2023.7.22 @ pypa/gh-action-pypi-publish#171
• Cryptography was bumped from 41.0.2 to 41.0.3 @ pypa/gh-action-pypi-publish#172

Full Diff: pypa/gh-action-pypi-publish@v1.8.8...v1.8.9

v1.8.8

💅 Cosmetic output improvements

• In pypa/gh-action-pypi-publish#167, @​woodruffw introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by @​sethmlarson in pypa/gh-action-pypi-publish#164, collaborating with @​di.

  💡 Tip: The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

🛠️ Internal dependencies

• @​pquentin bumped the runtime dependency pins to the recent versions @ pypa/gh-action-pypi-publish#168.

💪 New Contributors

• @​pquentin made their first contribution in pypa/gh-action-pypi-publish#168

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.7...v1.8.8

v1.8.7

💅 Cosmetic output impovements

• @​woodruffw fixed OIDC the multiline annotations by escaping LF through urlencoding it in pypa/gh-action-pypi-publish#156.
• @​jaap3 noticed and promptly removed extraneous } from a non-OIDC log annotation in pypa/gh-action-pypi-publish#161.
• @​hugovk made pip ignore that it runs under the root user and suppress its warning output in pypa/gh-action-pypi-publish#159.

🛠️ Internal dependencies

• Cryptography was bumped from 39.0.1 to 41.0.0 @ pypa/gh-action-pypi-publish#160
• Requests was bumped from 2.28.1 to 2.31.0 @ pypa/gh-action-pypi-publish#157

💪 New Contributors

• @​jaap3 made their first contribution in pypa/gh-action-pypi-publish#161

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.6...v1.8.7

v1.8.6

What's Updated

• [@​woodruffw] dropped the references to a “private beta” from the project docs and runtime in pypa/gh-action-pypi-publish#147. He also clarified that the API tokens are still more secure than passwords in pypa/gh-action-pypi-publish#150.
• [@​asherf] noticed that the action metadata incorrectly marked the password field as required and contributed a correction in pypa/gh-action-pypi-publish#151
• [@​webknjaz] moved the Trusted Publishing example to the top of the README in hopes that new users would default to using it via pypa/gh-action-pypi-publish@f47b347

... (truncated)

Commits

• ade57f5 Merge PRs #174 #175 and #172 into unstable/v1
• 637917e README: re-add "pro tip" language
• 4864f13 README: use semantic callouts
• 326f9ad oidc-exchange: add-trailing-comma
• e5f0690 oidc-exchange: ignore a nested function
• 8bdd0cc oidc-exchange: lintage
• 71a0032 oidc-exchange: render claims if exchange fails
• adef75a Bump cryptography from 41.0.2 to 41.0.3 in /requirements
• 413a8d5 Merge pull request #171 from pypa/dependabot/pip/requirements/certifi-2023.7.22
• c185b8e Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (9a19187) 73.93% compared to head (b882472) 73.93%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #121   +/-   ##
=======================================
  Coverage   73.93%   73.93%           
=======================================
  Files           7        7           
  Lines         610      610           
  Branches       48       48           
=======================================
  Hits          451      451           
  Misses        157      157           
  Partials        2        2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

Superseded by #122.