Bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.8

[dependabot[bot]]

Bumps pypa/gh-action-pypi-publish from 1.8.6 to 1.8.8.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.8

:nail_care: Cosmetic output improvements

• In pypa/gh-action-pypi-publish#167, @​woodruffw introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by @​sethmlarson in pypa/gh-action-pypi-publish#164, collaborating with @​di.

  :bulb: Tip: The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

:hammer_and_wrench: Internal dependencies

• @​pquentin bumped the runtime dependency pins to the recent versions @ pypa/gh-action-pypi-publish#168.

:muscle: New Contributors

• @​pquentin made their first contribution in pypa/gh-action-pypi-publish#168

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8

v1.8.7

:nail_care: Cosmetic output impovements

• @​woodruffw fixed OIDC the multiline annotations by escaping LF through urlencoding it in pypa/gh-action-pypi-publish#156.
• @​jaap3 noticed and promptly removed extraneous } from a non-OIDC log annotation in pypa/gh-action-pypi-publish#161.
• @​hugovk made pip ignore that it runs under the root user and suppress its warning output in pypa/gh-action-pypi-publish#159.

:hammer_and_wrench: Internal dependencies

• Cryptography was bumped from 39.0.1 to 41.0.0 @ pypa/gh-action-pypi-publish#160
• Requests was bumped from 2.28.1 to 2.31.0 @ pypa/gh-action-pypi-publish#157

:muscle: New Contributors

• @​jaap3 made their first contribution in pypa/gh-action-pypi-publish#161

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.6...v1.8.7

Commits

• f8c70e7 Merge pull request #168 from pquentin/bump-dependencies
• 68276eb Merge pull request #167 from trail-of-forks/tob-nudge
• a5d57af Bump runtime dependencies
• e90e853 twine-upload: only nudge on PyPI-looking domains
• be69596 twine-upload: add a nudge for trusted publishing
• 54d67ed Merge pull request #165 from pypa/pre-commit-ci-update-config
• d32e2fa Revert flake8 to v4.0.1
• a8d92e9 [pre-commit.ci] pre-commit autoupdate
• f5622bd Merge PRs #159 and #160 into unstable/v1
• 3be882c Merge pull request #161 from jaap3/jaap3-patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

coverage: 84.428%. remained the same when pulling 4bebfe21bd2b52b92b1b14f9b9bfd0d74f290d38 on dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.8 into 6fe6686de3c17fb5a6207b24221b415ed6f4c4c6 on main.