-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update pypa/gh-action-pypi-publish digest to f760068 #63
base: main
Are you sure you want to change the base?
Conversation
f7fbc5a
to
65baffd
Compare
65baffd
to
70d17c5
Compare
423ae5d
to
f3b2eb3
Compare
f3b2eb3
to
50c88b1
Compare
50c88b1
to
e868838
Compare
e868838
to
e517cbb
Compare
ce48a02
to
c7a1936
Compare
c7a1936
to
a2e6b2e
Compare
a2e6b2e
to
203a8fd
Compare
203a8fd
to
0d062bf
Compare
0d062bf
to
a4bbd06
Compare
a4bbd06
to
593c7a3
Compare
593c7a3
to
67a055e
Compare
67a055e
to
720f261
Compare
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. Summary: The provided code change is related to a GitHub Actions workflow for publishing a Python package to the PyPI (Python Package Index) repository. The main change is an update to the version of the From an application security perspective, the changes in this pull request do not appear to introduce any major security concerns. However, it's important to review the dependency update, ensure proper secrets management, and verify the workflow permissions to maintain the overall security of the application. Files Changed:
Additionally, the workflow uses a secret Powered by DryRun Security |
720f261
to
431396c
Compare
431396c
to
ddd3c6a
Compare
ddd3c6a
to
3b50f01
Compare
3b50f01
to
2aeb7f7
Compare
2aeb7f7
to
5684f31
Compare
5684f31
to
23bdb1b
Compare
DryRun Security SummaryThis pull request updates the GitHub Actions workflow responsible for publishing a Python package to the PyPI repository, with the main change being an update to the version of the Expand for full summarySummary: The changes in this pull request update the GitHub Actions workflow responsible for publishing a Python package to the PyPI (Python Package Index) repository when a new release is published. The main change is an update to the version of the From an application security perspective, the key considerations are ensuring that the updated version of the Files Changed:
Code AnalysisWe ran Riskiness🟢 Risk threshold not exceeded. |
23bdb1b
to
0390813
Compare
0390813
to
aa40079
Compare
aa40079
to
c791fe8
Compare
c791fe8
to
c0b0a43
Compare
c0b0a43
to
f42fa59
Compare
This PR contains the following updates:
27b3170
->f760068
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.