Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.12

[dependabot[bot]]

Bumps pypa/gh-action-pypi-publish from 1.8.10 to 1.8.12.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.12

💅 Cosmetic Output Improvements

@​woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.

📝 What's Documented

@​virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @​xuanzhi33💰 later corrected the markdown syntax there via #216.

🛠️ Internal Dependencies

• pre-commit linters got autoupdated @ #204
• Cryptography was bumped from 41.0.6 to 42.0.4 @ #210, #213 and #214

⚙️ Secret Stuff

@​woodruffw proactively updated the OIDC minting API endpoint used during the exchange via #206. Nothing you should be too concerned about, promise!

💪 New Contributors

• @​virtuald made their first contribution in pypa/gh-action-pypi-publish#186
• @​xuanzhi33 made their first contribution in pypa/gh-action-pypi-publish#216

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.11...v1.8.12

:man_beard: Release Manager: @​webknjaz 🇺🇦

v1.8.11

:nail_care: Cosmetic output improvements

@​woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

:memo: What's Documented

@​di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

:hammer_and_wrench: Internal dependencies

• Cryptography was bumped from 41.0.3 to 41.0.6 @ pypa/gh-action-pypi-publish#194
• Pip was bumped from 22.3.1 to 23.3 @ pypa/gh-action-pypi-publish#189
• pre-commit linters got autoupdated @ pypa/gh-action-pypi-publish#184
• Urllib3 was bumped from 2.0.3 to 2.0.7 @ pypa/gh-action-pypi-publish#183 and pypa/gh-action-pypi-publish#185

:muscle: New Contributors

• @​di made their first contribution in pypa/gh-action-pypi-publish#179

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11

Commits

• e53eb8b Clarify the error during OIDC exchange on PRs from forks
• edfa8f3 Merge pull request #216 from xuanzhi33/unstable/v1
• aeff019 docs(fix): Fix a markdown alert
• 24c5d5c Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...
• c13b4aa build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
• 72a79c8 Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...
• 751e5b8 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
• 0580fcb Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...
• a524841 build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
• 3f824c7 Merge pull request #204 from pypa/pre-commit-ci-update-config
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[calendulish]

@dependabot recreate

[dependabot[bot]]

Superseded by #93.