gh-actions(deps): Bump the gh-actions-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the gh-actions-dependencies group with 2 updates in the / directory: python-semantic-release/python-semantic-release and pypa/gh-action-pypi-publish.

Updates python-semantic-release/python-semantic-release from 9.8.7 to 9.8.8

Release notes

Sourced from python-semantic-release/python-semantic-release's releases.

v9.8.8 (2024-09-01)

Fixes

• config: fix path traversal detection for windows compatibility (#1014, 16e6daa)

Documentation

• configuration: update build_command env table for windows to use all capital vars (0e8451c)

• github-actions: update version in examples to latest version (3c894ea)

Resolved Issues

• #978: Changelog file destination must be inside of the repository directory error on windows
• #994: Template directory must be inside of the repository directory error on windows

---

Detailed Changes: v9.8.7...v9.8.8

Changelog

Sourced from python-semantic-release/python-semantic-release's changelog.

CHANGELOG

v9.8.8 (2024-09-01)

Documentation

• docs(configuration): update build_command env table for windows to use all capital vars (0e8451c)

• docs(github-actions): update version in examples to latest version (3c894ea)

Fix

• fix(config): fix path traversal detection for windows compatibility (#1014)

  The original implementation of the path traversal detection expected that resolve() works the same on windows as it does with Linux/Mac. Windows requires the folder paths to exist to be resolved and that is not the case when the template_dir is not being used.

  Resolves: #994 (16e6daa)

v9.8.7 (2024-08-20)

Documentation

• docs: use pinned version for GHA examples (#1004)

• docs(github-actions): use pinned version for GHA examples

  Fixes #1003

• chore(scripts): add auto version bump to non dynamic docs text (i.e. code snippets)

• docs(github-actions): adjust formatting & version warning in code snippets

• style(docs-github-actions): adjust formatting for readability

---

Co-authored-by: codejedi365 <[email protected]> (5fdf761)

• docs(configuration): fix build_command_env table rendering (#996) (a5eff0b)

• docs(changelog): clarify description of the default changelog generation process (399fa65)

• docs(configuration): clarify changelog_file vs template_dir option usage

Provided additional description that warns about the mutually-exclusive nature of the changelog_file option and the template_dir option.

... (truncated)

Commits

• fe6b271 9.8.8
• 16e6daa fix(config): fix path traversal detection for windows compatibility (#1014)
• dadf0cd ci(gha-pr): restrict windows executions to [email protected]
• 922a5ab ci(pr): change to annotate only for test report upload on prs
• f8f97c6 ci(main,pr): add automated testing on windows in parallel with linux
• 0e8451c docs(configuration): update build_command env table for windows to use all ...
• f539aa4 refactor(version-cmd): use all capital windows variables (x86) -> X86
• d34cbef style(tests): swap to dynamic references to ensure easy refactor
• 6369ffd test(conf): ensure netrc generation fixture is windows compatible
• 42590f6 test(github): ensure netrc testing works on windows
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.9.0 to 1.10.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.10.0

🔏 Anything fancy, eh?

This time, @​woodruffw💰 implemented support for PEP 740 attestations functionality in #236 and #245. This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way.

[!IMPORTANT] ✨ Please, do opt into trying this feature out early. It can be enabled as follows:

  with:
    attestations: true

Leave any feedback on this in this release discussion or the PR.

🙏 And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @ pypi/warehouse#15871, by the way.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.9.0...v1.10.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

Commits

• 8a08d61 Expose PEP 740 attestations functionality
• fb9fc6a Merge pull request #245 from trail-of-forks/ww/bump-twine
• 4d020ff requirements: re-compile requirements with latest twine
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (3059132) to head (f334dda).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #35   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            4         4           
  Lines          189       189           
  Branches        39        39           
=========================================
  Hits           189       189           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Test Results (windows)

path	passed	subtotal
tests\test_bump_version_in_files.py	5	5
tests\test_create_unique_testpypi_version.py	7	7
tests\test_find_unreleased_changelog_items.py	3	3
tests\test_update_development_dependencies.py	13	13
TOTAL	28	28

Link to workflow run

[github-actions]

Test Results (ubuntu)

path	passed	subtotal
tests/test_bump_version_in_files.py	5	5
tests/test_create_unique_testpypi_version.py	7	7
tests/test_find_unreleased_changelog_items.py	3	3
tests/test_update_development_dependencies.py	13	13
TOTAL	28	28

Link to workflow run

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml