Sourced fromactions/upload-artifact's releases.

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by@​yacaovsnc inactions/upload-artifact#662

Full Changelog:actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecatedNode.js version in action by@​hamirmahal inactions/upload-artifact#578
• Add newartifact-digest output by@​bdehamer inactions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution inactions/upload-artifact#578
• @​bdehamer made their first contribution inactions/upload-artifact#656

Full Changelog:actions/upload-artifact@v4.4.3...v4.5.0

• 65c4c4a Merge pull request#662 from actions/yacaovsnc/add_variable_for_concurrency_a...
• 0207619 move files back to satisfy licensed ci
• 1ecca81 licensed cache updates
• 9742269 Expose env vars to controll concurrency and timeout
• 6f51ac0 Merge pull request#656 from bdehamer/bdehamer/artifact-digest
• c40c16d add new artifact-digest output
• 735efb4 bump@​actions/artifact from 2.1.11 to 2.2.0
• 184d73b Merge pull request#578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
• b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
• See full diff incompare view

Sourced frompypa/gh-action-pypi-publish's releases.

v1.12.4

✨ What's Changed

The main theme of this patch release that the support for uploadingPEP 639 licensing metadata to PyPI has been fixed in#327.

🛠️ Internal Updates

A few smaller updates include the attestation existence being checked earlier in the process now, listing all the violating files together, not just one (PR#315).And the lock file with the software available in runtime has been re-pinned in#329.Additionally, the CI now runs the smoke-tests against both Ubuntu 22.04 and 24.04 explicitly via da900af96347cc027433720ad4f122117645459d.

🪞 Full Diff:pypa/gh-action-pypi-publish@v1.12.3...v1.12.4

🧔‍♂️ Release Manager:@​webknjaz🇺🇦

🙏 Special Thanks to@​dnicolodi💰 and@​woodruffw💰 for releasing the license metadata support fix in Twine!

💬 Discusson Bluesky 🦋,on Mastodon 🐘 andon GitHub.

v1.12.3

✨ What's Improved

With the updates by@​woodruffw💰 and@​webknjaz💰 via#309 and#313, it is now possible to publish [distribution packages] that include [core metadata v2.4], like those built using [maturin]. This is done by bumpingTwine to v6.0.1 andpkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in:https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP]Please, let us know in therelease discussion if anything still remains unclear.TL;DR always call [pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [pypi-publish] on a GitHub-provided infra withruns-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [pypi-publish] from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in#301. And@​woodruffw💰 added theworkflow_ref context to Trusted Publishing debug logging in#305, helping us diagnose misconfigurations faster.#313 also extends the smoke test in the CI to check against the [maturin]-made dists. Additionally,jeepney andsecretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

... (truncated)

• 76f52bc Merge pull request#329 from webknjaz/maintenance/runtime-lockfile-24-02-2025
• 72de13b 📌 Mass-upgrade transitive dependency pins
• 1995f2e Merge pull request#327 from webknjaz/maintenance/twine-6.1-pep639
• 29f40bd 📦 Enable metadata 2.4 support in Twine
• 10df67d 📦 Enable support for PEP 639 metadata
• e0449d2 🧪 Integrate a unifiedalls-green GHA status
• cebc64f 🧪 Bump setuptools in smoke test to v75.8.0
• da900af 🧪 Run smoke tests against Ubuntu 24 and 22
• 8cafb5c 💰 Sync the funding config
• 916e576 Merge pull request#315 from webknjaz/refactoring/attestations-exist-bundle
• Additional commits viewable incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions