Skip to content

ci(deps)(deps): Bump pypa/gh-action-pypi-publish from 1.10.3 to 1.14.0#8

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/pypa/gh-action-pypi-publish-1.14.0
Closed

ci(deps)(deps): Bump pypa/gh-action-pypi-publish from 1.10.3 to 1.14.0#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/pypa/gh-action-pypi-publish-1.14.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Contributor

Bumps pypa/gh-action-pypi-publish from 1.10.3 to 1.14.0.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

v1.13.0

[!important] 🚨 This release includes fixes for GHSA-vxmw-7h4f-hqxh discovered by @​woodruffw💰. We've also integrated Zizmor to catch similar issues in the future and you should too.

✨ New Stuff

@​woodruffw💰 updated the README to no longer mention the attestations feature being experimental in #347: it's been rather stable for a year already 🎉 He also added more diagnostic output which includes printing out the GitHub Environment claim via #371 and warning about the unsupported reusable workflows configurations #306, when using Trusted Publishing.

[!tip]

... (truncated)

Commits
  • cef2210 Merge pull request #397 from whitequark/patch-1
  • b4595e2 Enable verbose and print-hash by default.
  • e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
  • 7495c38 docs: fix typos and grammar in README and SECURITY
  • 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
  • 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
  • b5a6e8b deps: bump sigstore and pypi-attestations
  • a48a03e remove another experimental mention
  • 8087a88 action: remove a lingering mention of PEP 740 being experimental
  • 3317ede 🧪 Integrate actionlint via pre-commit framework
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.10.3 to 1.14.0.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@f760068...cef2210)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner May 26, 2026 07:46
@opensource-SantanderAI

Copy link
Copy Markdown
Contributor

Closing initial Dependabot batch. Will be re-opened (grouped, monthly cadence) after fixing CI/license-check/dep-scan workflows in main.

@opensource-SantanderAI opensource-SantanderAI deleted the dependabot/github_actions/pypa/gh-action-pypi-publish-1.14.0 branch May 26, 2026 07:53
@dependabot @github

dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@github-actions github-actions Bot locked and limited conversation to collaborators May 26, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant