Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update workflows (google#2050)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.24.6` -> `v2.24.7` | | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.12` -> `v1.8.14` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.8.14`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.14) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.13...v1.8.14) #### 🛠️ Internal Dependencies Nothing changed feature-wise. The only notable update is that the underlying container runtime now uses Python 3.12 and pip has been updated to v24.0 there. This is should go unnoticed in terms of behavior. It's just a bit of maintenance burden to be done occasionally by [@​webknjaz](https://togithub.com/webknjaz)[💰](https://togithub.com/sponsors/webknjaz). *Enjoy!* **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.8.13...v1.8.14 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://togithub.com/sponsors/webknjaz) ### [`v1.8.13`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.13) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.12...v1.8.13) #### 🐛 What's Fixed This action is now able to consume and publish distribution packages with `Metadata-Version: 2.3` embedded. #### 🛠️ Internal Dependencies [@​SigureMo](https://togithub.com/SigureMo)[💰](https://togithub.com/sponsors/SigureMo) sent us a bump of `pkginfo` version to version 1.10.0 in [#​219](https://togithub.com/pypa/gh-action-pypi-publish/issues/219). It's a transitive dependency for us and is not an API-level change but upgrading it has a side effect of letting Twine recognize distribution packages [declaring `Metadata-Version: 2.3`](https://packaging.python.org/en/latest/specifications/core-metadata/). In particular, it is known to affect distributions built with `Maturin >= 1.5.0`. Following that, [@​webknjaz](https://togithub.com/webknjaz)[💰](https://togithub.com/sponsors/webknjaz) upgraded other transitive and direct dependency pins, including, among others, the following notable bumps: - `cryptography == 42.0.5` - `id == 1.3.0` - `readme-renderer == 43.0` - `Twine == 5.0.0` #### 💪 New Contributors [@​SigureMo](https://togithub.com/SigureMo) made their first contribution in [pypa/gh-action-pypi-publish#219 **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.8.12...v1.8.13 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://togithub.com/sponsors/webknjaz) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
](https://renovatebot.com){kind=link}
- Loading branch information
1 parent
c98aa04
commit faaccd1