scikit-hep / probfit

Cost function builder. For fitting distributions.
http://probfit.readthedocs.io/
MIT License
51 stars 30 forks source link

Bump pypa/gh-action-pypi-publish from 1.4.2 to 1.6.4 #131

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 1 year ago

Bumps pypa/gh-action-pypi-publish from 1.4.2 to 1.6.4.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.6.4

oh, boi! again?

This is the last one tonight, promise! It fixes this embarrassing bug that was actually caught by the CI but got overlooked due to the lack of sleep. TL;DR GH passed $HOME from the external env into the container and that tricked the Python's site module to think that the home directory is elsewhere, adding non-existent paths to the env vars. See #115.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.3...v1.6.4

v1.6.3

Another Release!? Why?

In pypa/gh-action-pypi-publish#112, it was discovered that passing a $PATH variable even breaks the shebang. So this version adds more safeguards to make sure it keeps working with a fully broken $PATH.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.2...v1.6.3

v1.6.2

What's Fixed

  • Made the $PATH and $PYTHONPATH environment variables resilient to broken values passed from the host runner environment, which previously allowed the users to accidentally break the container's internal runtime as reported in pypa/gh-action-pypi-publish#112

Internal Maintenance Improvements

New Contributors

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.1...v1.6.2

v1.6.1

What's happened?!

There was a sneaky bug in v1.6.0 which caused Twine to be outside the import path in the Python runtime. It is fixed in v1.6.1 by updating $PYTHONPATH to point to a correct location of the user-global site-packages/ directory.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.0...v1.6.1

v1.6.0

Anything's changed?

The only update is that the Python runtime has been upgraded from 3.9 to 3.11. There are no functional changes in this release.

Full Changelog: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.2...v1.6.0

v1.5.2

What's Improved

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.1...v1.5.2

v1.5.1

What's Changed

... (truncated)

Commits
  • c7f29f7 🐛 Override $HOME in the container with /root
  • 644926c 🧪 Always run smoke testing in debug mode
  • e71a4a4 Add support for verbose bash execusion w/ $DEBUG
  • e56e821 🐛 Make id always available in twine-upload
  • c879b84 🐛 Use full path to bash in shebang
  • 57e7d53 🐛Ensure the default $PATH value is pre-loaded
  • ce291dc 🎨🐛Fix the branch @ pre-commit.ci badge links
  • 102d8ab 🐛 Rehardcode devpi port for GHA srv container
  • 3a9eaef 🐛Use different ports in/out of GHA containers
  • a01fa74 🐛 Use localhost @ GHA outside the containers
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 5 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.