@woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.
📝 What's Documented
@virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @xuanzhi33💰 later corrected the markdown syntax there via #216.
@woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps pypa/gh-action-pypi-publish from 1.8.10 to 1.8.12.
Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
Commits
e53eb8b
Clarify the error during OIDC exchange on PRs from forksedfa8f3
Merge pull request #216 from xuanzhi33/unstable/v1aeff019
docs(fix): Fix a markdown alert24c5d5c
Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...c13b4aa
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements72a79c8
Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...751e5b8
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements0580fcb
Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...a524841
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements3f824c7
Merge pull request #204 from pypa/pre-commit-ci-update-configDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show