pypi-publish

mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-09-19 11:07:09 -04:00

Author	SHA1	Message	Date
dependabot[bot]	c13b4aa8c5	build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.2 to 42.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-02-21 20:44:40 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)	72a79c870c	Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42.0.2 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements	2024-02-17 03:24:59 +01:00
dependabot[bot]	751e5b80a4	build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.0 to 42.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-02-17 00:58:14 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)	0580fcbb84	Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42.0.0 build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements	2024-02-08 05:04:39 +01:00
dependabot[bot]	a524841e7b	build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6 to 42.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-02-06 03:03:07 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)	3f824c73d9	Merge pull request #204 from pypa/pre-commit-ci-update-config [pre-commit.ci] pre-commit autoupdate	2024-02-05 18:14:39 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	013c017b41	Revert flake8 to v4.0.1 for WPS	2024-02-05 18:13:32 +01:00
pre-commit-ci[bot]	a0620a4177	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/PyCQA/isort.git: 5.12.0 → 5.13.2](https://github.com/PyCQA/isort.git/compare/5.12.0...5.13.2) - [github.com/python-jsonschema/check-jsonschema.git: 0.27.0 → 0.27.3](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.0...0.27.3) - [github.com/pre-commit/pre-commit-hooks.git: v4.4.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.4.0...v4.5.0) - [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0) - [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0) - [github.com/PyCQA/pylint.git: v3.0.0 → v3.0.3](https://github.com/PyCQA/pylint.git/compare/v3.0.0...v3.0.3)	2024-02-05 18:12:44 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	e82f99a47c	Merge pull request #186 from virtuald/virtuald-patch-1 Mention in the docs that reusable workflows aren't supported right now	2024-02-05 18:12:13 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	e080e0073c	Merge pull request #206 from trail-of-forks/ww/update-oidc-endpoint This patch updates the PyPI API minting endpoint used uding the OIDC exchange process.	2024-02-05 17:59:15 +01:00
William Woodruff	cd96453c9d	oidc-exchange: update OIDC minting endpoint Signed-off-by: William Woodruff <william@trailofbits.com>	2024-01-10 16:05:30 -05:00
Dustin Spicuzza	415d7a6bec	Update README.md Add suggested changes.	2023-12-20 15:11:12 +01:00
Dustin Spicuzza	dea1d707f3	Update oidc-exchange.py Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>	2023-12-20 15:11:12 +01:00
Dustin Spicuzza	a1a49954d3	Give more information to users Reusable workflows don't work, and it's challenging to know that. Help the user out.	2023-12-20 15:11:12 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	c12cc61414	Merge pull request #196 from woodruffw-forks/ww/notice-to-debug This replaces the use of `::notice` in each authentication case with `::debug`, reducing the user confusion caused by the these messages. It also simplifies the message in the Trusted Publishing case to make it less ambiguous. Closes #192.	2023-12-20 12:12:06 +01:00
William Woodruff	674fb78567	twine-upload: replace notice with debug, simplify msgs	2023-12-04 20:27:16 -05:00
Sviatoslav Sydorenko	2f6f737ca5	Merge commit PR #184 into unstable/v1	2023-11-29 03:25:52 +01:00
Sviatoslav Sydorenko	2fa448ab0c	Merge PRs #190 , #184 , #185 , #189 and #194 into unstable/v1	2023-11-29 03:23:56 +01:00
Sviatoslav Sydorenko	824ad31786	Revert flake8 to v4.0.1 for WPS	2023-11-29 03:23:18 +01:00
dependabot[bot]	41f3f53c75	Bump cryptography from 41.0.3 to 41.0.6 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-11-28 23:56:20 +00:00
William Woodruff	2319287e0a	twine-upload: ::error, switch nudge order Signed-off-by: William Woodruff <william@trailofbits.com>	2023-11-22 17:28:02 -05:00
William Woodruff	254a0d4ec4	twine-upload: add a nudge for password auth Closes #187.	2023-11-05 23:53:52 -05:00
dependabot[bot]	70a33caeb9	Bump pip from 22.3.1 to 23.3 in /requirements Bumps [pip](https://github.com/pypa/pip) from 22.3.1 to 23.3. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/pip/compare/22.3.1...23.3) --- updated-dependencies: - dependency-name: pip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-11-02 21:42:46 +00:00
dependabot[bot]	102f507b75	Bump urllib3 from 2.0.6 to 2.0.7 in /requirements Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-17 21:02:57 +00:00
Sviatoslav Sydorenko	79739dc2f2	Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6 Bump urllib3 from 2.0.3 to 2.0.6 in /requirements	2023-10-02 23:46:28 -04:00
pre-commit-ci[bot]	9a3f9ad5bc	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/asottile/add-trailing-comma.git: v3.0.0 → v3.1.0](https://github.com/asottile/add-trailing-comma.git/compare/v3.0.0...v3.1.0) - [github.com/Lucas-C/pre-commit-hooks.git: v1.5.1 → v1.5.4](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.1...v1.5.4) - [github.com/python-jsonschema/check-jsonschema.git: 0.23.2 → 0.27.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.23.2...0.27.0) - [github.com/codespell-project/codespell: v2.2.5 → v2.2.6](https://github.com/codespell-project/codespell/compare/v2.2.5...v2.2.6) - [github.com/PyCQA/flake8.git: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/6.0.0...6.1.0) - [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0) - [github.com/PyCQA/pylint.git: v3.0.0a6 → v3.0.0](https://github.com/PyCQA/pylint.git/compare/v3.0.0a6...v3.0.0)	2023-10-03 00:40:18 +00:00
dependabot[bot]	75ca4c1f12	Bump urllib3 from 2.0.3 to 2.0.6 in /requirements Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.6. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-02 23:58:34 +00:00
Sviatoslav Sydorenko	a712d989cc	Make the vulnerability report URL direct	2023-09-11 16:40:56 +02:00
Sviatoslav Sydorenko	bbf06d8ae3	Migrate security doc from RST to Markdown RST files are no longer correctly recognized by GitHub.	2023-09-11 16:38:50 +02:00
Sviatoslav Sydorenko	8cdc2ab67c	Merge pull request #179 from pypa/di-patch-1	2023-08-11 17:31:18 +02:00
Dustin Ingram	41c10ee223	Add link to configuration docs for Trusted Publishing	2023-08-11 11:23:40 -04:00
Sviatoslav Sydorenko	b7f401de30	Merge PR #177 into unstable/v1	2023-08-10 22:58:37 +02:00
William Woodruff	ba3ecc9355	oidc-exchange: fix padding Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-10 16:08:35 -04:00
Sviatoslav Sydorenko	ade57f54dc	Merge PRs #174 #175 and #172 into unstable/v1	2023-08-10 18:57:00 +02:00
William Woodruff	637917e5f2	README: re-add "pro tip" language Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-09 18:01:51 -04:00
William Woodruff	4864f13c38	README: use semantic callouts See: https://github.com/orgs/community/discussions/16925 Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-09 17:58:56 -04:00
William Woodruff	326f9ad1e1	oidc-exchange: add-trailing-comma Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-09 15:17:18 -04:00
William Woodruff	e5f0690e91	oidc-exchange: ignore a nested function Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-09 15:12:44 -04:00
William Woodruff	8bdd0cc2a0	oidc-exchange: lintage Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-09 15:10:56 -04:00
William Woodruff	71a0032909	oidc-exchange: render claims if exchange fails Signed-off-by: William Woodruff <william@trailofbits.com>	2023-08-09 15:08:47 -04:00
dependabot[bot]	adef75a5a6	Bump cryptography from 41.0.2 to 41.0.3 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-08-02 02:15:59 +00:00
Sviatoslav Sydorenko	413a8d5d62	Merge pull request #171 from pypa/dependabot/pip/requirements/certifi-2023.7.22 Bump certifi from 2023.5.7 to 2023.7.22 in /requirements	2023-07-26 11:43:53 +02:00
dependabot[bot]	c185b8ee4e	Bump certifi from 2023.5.7 to 2023.7.22 in /requirements Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22. - [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-25 23:36:57 +00:00
Sviatoslav Sydorenko	2a939dd49b	🎨📝 Link SHA pinning encouragement @ README This article [[1]] describes security flows of using branches and tags as an end-user. The commit is intended to educate them but not force doing so if they don't want to. [1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/	2023-07-13 16:44:47 +02:00
Sviatoslav Sydorenko	f8c70e705f	Merge pull request #168 from pquentin/bump-dependencies	2023-07-12 02:46:40 +02:00
Sviatoslav Sydorenko	68276eb3e4	Merge pull request #167 from trail-of-forks/tob-nudge	2023-07-12 02:43:50 +02:00
Quentin Pradet	a5d57af63c	Bump runtime dependencies	2023-07-11 09:31:13 +04:00
William Woodruff	e90e853e89	twine-upload: only nudge on PyPI-looking domains Signed-off-by: William Woodruff <william@trailofbits.com>	2023-07-10 12:11:56 -04:00
William Woodruff	be695966b0	twine-upload: add a nudge for trusted publishing Closes #164. Signed-off-by: William Woodruff <william@trailofbits.com>	2023-07-10 11:44:56 -04:00
Sviatoslav Sydorenko	54d67ed3c5	Merge pull request #165 from pypa/pre-commit-ci-update-config	2023-07-09 14:55:23 +02:00

1 2 3 4 5

249 commits