tim-gromeyer / html2md

Transform your HTML into clean, easy-to-read markdown with html2md.
https://tim-gromeyer.github.io/html2md/
MIT License
24 stars 2 forks source link

Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.12 #85

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps pypa/gh-action-pypi-publish from 1.8.10 to 1.8.12.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.12

đź’… Cosmetic Output Improvements

@​woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.

đź“ť What's Documented

@​virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @​xuanzhi33💰 later corrected the markdown syntax there via #216.

🛠️ Internal Dependencies

  • pre-commit linters got autoupdated @ #204
  • Cryptography was bumped from 41.0.6 to 42.0.4 @ #210, #213 and #214

⚙️ Secret Stuff

@​woodruffw proactively updated the OIDC minting API endpoint used during the exchange via #206. Nothing you should be too concerned about, promise!

đź’Ş New Contributors

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.11...v1.8.12

:man_beard: Release Manager: @​webknjaz 🇺🇦

v1.8.11

:nail_care: Cosmetic output improvements

@​woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

:memo: What's Documented

@​di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

:hammer_and_wrench: Internal dependencies

:muscle: New Contributors

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11

Commits
  • e53eb8b Clarify the error during OIDC exchange on PRs from forks
  • edfa8f3 Merge pull request #216 from xuanzhi33/unstable/v1
  • aeff019 docs(fix): Fix a markdown alert
  • 24c5d5c Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...
  • c13b4aa build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
  • 72a79c8 Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...
  • 751e5b8 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
  • 0580fcb Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...
  • a524841 build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
  • 3f824c7 Merge pull request #204 from pypa/pre-commit-ci-update-config
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 8 months ago

Superseded by #87.