Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update workflows #2552

Merged
merged 1 commit into from
Sep 5, 2024

Conversation

renovate-bot
Copy link
Collaborator

This PR contains the following updates:

Package Type Update Change
actions/setup-python action minor v5.1.1 -> v5.2.0
actions/upload-artifact action minor v3.1.3 -> v3.2.1
github/codeql-action action minor v2.25.12 -> v2.26.6
ossf/scorecard-action action minor v2.3.3 -> v2.4.0
pypa/gh-action-pypi-publish action minor v1.9.0 -> v1.10.1

Release Notes

actions/setup-python (actions/setup-python)

v5.2.0

Compare Source

actions/upload-artifact (actions/upload-artifact)

v3.2.1

Compare Source

What's Changed

This fixes the include-hidden-files input introduced in https://github.com/actions/upload-artifact/releases/tag/v3.2.0

Full Changelog: actions/upload-artifact@v3.2.0...v3.2.1

v3.2.0

Compare Source

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Full Changelog: actions/upload-artifact@v3.1.3...v3.2.0

github/codeql-action (github/codeql-action)

v2.26.6

Compare Source

v2.26.5

Compare Source

v2.26.4

Compare Source

v2.26.3

Compare Source

v2.26.2

Compare Source

v2.26.1

Compare Source

v2.26.0

Compare Source

v2.25.15

Compare Source

v2.25.14

Compare Source

v2.25.13

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

v1.10.1

Compare Source

🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day

The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via pypa/gh-action-pypi-publish@0ab0b79, though. So everything's good!

-- @​webknjaz💰

[!IMPORTANT]
✨ Despite this minor hiccup, we invite you to still opt into trying this feature out early. It can be enabled like this:

  with:
    attestations: true

Leave feedback in the v1.10.0 release discussion or the PR.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.10.0...v1.10.1

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​hugovk💰 for promptly validating the bug fix, mere minutes after I pushed it — I even haven't finished writing this text by then!

v1.10.0

Compare Source

🔏 Anything fancy, eh?

This time, @​woodruffw💰 implemented support for PEP 740 attestations functionality in #​236 and #​245. This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way.

[!IMPORTANT]
✨ Please, do opt into trying this feature out early. It can be enabled as follows:

  with:
    attestations: true

Leave any feedback on this in this release discussion or the PR.

🙏 And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @&#https://github.com/pypi/warehouse/issues/15871/15871, by the way.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.9.0...v1.10.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦


Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Sep 3, 2024
@hogo6002 hogo6002 merged commit bc7ae31 into google:master Sep 5, 2024
12 checks passed
@renovate-bot renovate-bot deleted the renovate/workflows branch September 5, 2024 05:58
hogo6002 added a commit that referenced this pull request Sep 5, 2024
hogo6002 added a commit that referenced this pull request Sep 6, 2024
Reverts #2552
This commit causes [scorecards github action
failure](https://github.com/google/osv.dev/actions/runs/10714700617/job/29708828829).
Reverts this PR first to do some investigation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants