chore(deps): update workflows #2050
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate-bot
force-pushed
the
renovate/workflows
branch
from
c5c74a8 to
3ba1610
Compare
forking-renovate
bot
added
the
dependencies
renovate-bot
changed the title
renovate-bot
force-pushed
the
renovate/workflows
branch
from
3ba1610 to
a2766dc
Compare
another-rex
approved these changes
Mar 14, 2024
CharlyReux
pushed a commit
to CharlyReux/osv.dev
that referenced
this pull request
May 1, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.24.6` -> `v2.24.7` | | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.12` -> `v1.8.14` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.8.14`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.14) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.13...v1.8.14) #### 🛠️ Internal Dependencies Nothing changed feature-wise. The only notable update is that the underlying container runtime now uses Python 3.12 and pip has been updated to v24.0 there. This is should go unnoticed in terms of behavior. It's just a bit of maintenance burden to be done occasionally by [@​webknjaz](https://togithub.com/webknjaz)[💰](https://togithub.com/sponsors/webknjaz). *Enjoy!* **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.8.13...v1.8.14 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://togithub.com/sponsors/webknjaz) ### [`v1.8.13`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.13) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.12...v1.8.13) #### 🐛 What's Fixed This action is now able to consume and publish distribution packages with `Metadata-Version: 2.3` embedded. #### 🛠️ Internal Dependencies [@​SigureMo](https://togithub.com/SigureMo)[💰](https://togithub.com/sponsors/SigureMo) sent us a bump of `pkginfo` version to version 1.10.0 in [#​219](https://togithub.com/pypa/gh-action-pypi-publish/issues/219). It's a transitive dependency for us and is not an API-level change but upgrading it has a side effect of letting Twine recognize distribution packages [declaring `Metadata-Version: 2.3`](https://packaging.python.org/en/latest/specifications/core-metadata/). In particular, it is known to affect distributions built with `Maturin >= 1.5.0`. Following that, [@​webknjaz](https://togithub.com/webknjaz)[💰](https://togithub.com/sponsors/webknjaz) upgraded other transitive and direct dependency pins, including, among others, the following notable bumps: - `cryptography == 42.0.5` - `id == 1.3.0` - `readme-renderer == 43.0` - `Twine == 5.0.0` #### 💪 New Contributors [@​SigureMo](https://togithub.com/SigureMo) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/219](https://togithub.com/pypa/gh-action-pypi-publish/pull/219) **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.8.12...v1.8.13 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://togithub.com/sponsors/webknjaz) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.24.6->v2.24.7v1.8.12->v1.8.14Release Notes
github/codeql-action (github/codeql-action)
v2.24.7Compare Source
pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)
v1.8.14Compare Source
🛠️ Internal Dependencies
Nothing changed feature-wise. The only notable update is that the underlying container runtime now uses Python 3.12 and pip has been updated to v24.0 there.
This is should go unnoticed in terms of behavior. It's just a bit of maintenance burden to be done occasionally by @webknjaz💰.
Enjoy!
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.13...v1.8.14
🧔♂️ Release Manager: @webknjaz 🇺🇦
v1.8.13Compare Source
🐛 What's Fixed
This action is now able to consume and publish distribution packages with
Metadata-Version: 2.3embedded.🛠️ Internal Dependencies
@SigureMo💰 sent us a bump of
pkginfoversion to version 1.10.0 in #219. It's a transitive dependency for us and is not an API-level change but upgrading it has a side effect of letting Twine recognize distribution packages declaringMetadata-Version: 2.3. In particular, it is known to affect distributions built withMaturin >= 1.5.0.Following that, @webknjaz💰 upgraded other transitive and direct dependency pins, including, among others, the following notable bumps:
cryptography == 42.0.5id == 1.3.0readme-renderer == 43.0Twine == 5.0.0💪 New Contributors
@SigureMo made their first contribution in https://github.com/pypa/gh-action-pypi-publish/pull/219
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.12...v1.8.13
🧔♂️ Release Manager: @webknjaz 🇺🇦
Configuration
📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.