Rooba
/
pipdeptree
mirror of https://github.com/tox-dev/pipdeptree.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
491 Commits 2 Branches 65 Tags 2.9 MiB
Commit Graph

48 Commits

Author SHA1 Message Date
dependabot[bot] ec75d56577
Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#426) 
Bumps
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
from 1.11.0 to 1.12.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/gh-action-pypi-publish/releases">pypa/gh-action-pypi-publish's
releases</a>.</em></p>
<blockquote>
<h2>v1.12.2</h2>
<h2>🐛 What's Fixed</h2>
<p>The fix for signing legacy zip sdists turned out to be incomplete, so
<a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> promptly produced
another follow-up that updated <code>pypi-attestations</code> from
v0.0.13 to v0.0.15 in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/297">#297</a>.
This is the only change since the previous release.</p>
<p><strong>🪞 Full Diff</strong>: <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2">https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2</a></p>
<p><strong>🧔‍♂️ Release Manager:</strong> <a
href="https://github.com/sponsors/webknjaz"><code>@​webknjaz</code></a>
<a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p>
<h2>v1.12.1</h2>
<h2>🐛 What's Fixed</h2>
<p>Version v1.12.0 hit several rare corner cases we never considered
fully supported, and this release fixes a few of those.
In <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/294">#294</a>,
<a href="https://github.com/webknjaz"><code>@​webknjaz</code></a><a
href="https://github.com/sponsors/webknjaz">💰</a> improved the
self-hosted runner experience by pre-installing Python if it's not
there, and with <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/293">#293</a>
the ability to use the action on GitHub Enterprise instances has been
restored. The latter should've also fixed the ability to invoke <a
href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a>
from nested in-repo composite actions — another exotic use-case that was
never tested in our CI.
<a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> also managed to
squeeze in a last-minute fix for detecting legacy <code>.zip</code>
sdists while producing attestations via <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/295">#295</a>.</p>
<p><strong>🪞 Full Diff</strong>: <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.0...v1.12.1">https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.0...v1.12.1</a></p>
<p><strong>🧔‍♂️ Release Manager:</strong> <a
href="https://github.com/sponsors/webknjaz"><code>@​webknjaz</code></a>
<a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p>
<p><strong>🙏 Huge Thanks</strong> to all the bug reporters for posting
the logs, helping inspect the problems and verify the regression
fixes!</p>
<h2>v1.12.0</h2>
<h2>️ Why Should You Update?</h2>
<p>This is a minor version bump, but it does not add any new user-facing
interfaces. Still, I felt like it should not be a patch-release: this
update brings <em>significant changes</em> to the action invocation and
internal release process.</p>
<p>Previously, each invocation of <a
href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a>
required building a container image in the invoking CI job. This was
inefficient and added about 30 seconds to the publishing jobs at their
startup just to build the container.</p>
<p>I wanted to improve this for over three years (<a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/58">#58</a>)
and a little over half a year ago <a
href="https://github.com/br3ndonland"><code>@​br3ndonland</code></a><a
href="https://github.com/sponsors/br3ndonland">💰</a> stepped up and
offered a very comprehensive solution to the limitation I was hoping to
overcome: <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/230">#230</a>.</p>
<p>Going forward, I'm going to pre-build per-version containers prior to
cutting each release. And the action invocations will just pull the
image from GitHub Container registry.</p>
<blockquote>
<p>[!CAUTION]
Known quirks:</p>
<ul>
<li>This seems to not work on self-hosted runners without a
<code>python</code> executable: <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/289">#289</a>.
The workaround could be installing it prior to running the action.</li>
<li><del>Pinning to commit hashes does not work: <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/290">#290</a>.
Workaround: postpone updating until it's fixed or switch to Git tags for
now. Subscribe to that issue to follow the progress.</del> <em>UPD:</em>
This was an issue during the first 12 hours post release and it has been
addressed upstream by publishing a commit SHA-tagged image for the
release on Nov 12, 2024 at 10:27 UTC+1.</li>
<li>Calling <code>pypi-publish</code> from another nested repo-local
composite action might be breaking file paths: <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/291">#291</a>.
Workaround: postpone updating until it's fixed. Subscribe to that issue
to follow the progress.</li>
<li>Running within GitHub Enterprise fails on the action repo clone: <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/292">#292</a>.
Workaround: postpone updating until it's fixed. Subscribe to that issue
to follow the progress.</li>
</ul>
</blockquote>
<p><strong>🪞 Full Diff</strong>: <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.0">https://github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.0</a></p>
<p><strong>🧔‍♂️ Release Manager:</strong> <a
href="https://github.com/sponsors/webknjaz"><code>@​webknjaz
🇺🇦</code></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="15c56dba36"><code>15c56db</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/297">#297</a>
from trail-of-forks/ww/bump-pypi-attestations</li>
<li><a
href="fe8d1484ba"><code>fe8d148</code></a>
requirements: bump pypi-attestations to 0.0.15</li>
<li><a
href="1f5d4ec244"><code>1f5d4ec</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/295">#295</a>
from trail-of-forks/ww/fix-sdist-collection</li>
<li><a
href="fec2f0c0ce"><code>fec2f0c</code></a>
attestations: collect *.zip sdists as well</li>
<li><a
href="a8b73a6d88"><code>a8b73a6</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/294">#294</a>
from webknjaz/bugfixes/optional-python</li>
<li><a
href="9b4dfb0c84"><code>9b4dfb0</code></a>
 Pre-install Python if there's none</li>
<li><a
href="0a87186d5f"><code>0a87186</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/293">#293</a>
from webknjaz/bugfixes/uncheckout-intermediate-action</li>
<li><a
href="dfcfeca43e"><code>dfcfeca</code></a>
🧪 Use prefetched action to make trampoline</li>
<li><a
href="0d02f372c3"><code>0d02f37</code></a>
📝💅 Update the CI/CD badge in README</li>
<li><a
href="61da13deb5"><code>61da13d</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/230">#230</a>
from br3ndonland/ghcr</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.11.0&new-version=1.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-07 09:29:26 -08:00
dependabot[bot] 05e3aaa8d7
Bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 (#423) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-31 10:04:23 -07:00
dependabot[bot] 6686a176a6
Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3 (#417) 2024-10-04 11:42:09 -07:00
dependabot[bot] ea1afdd2a9
Bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 (#413) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-23 09:40:20 -07:00
Bernát Gábor b28a0ceb59
Improve the CI (#411) 2024-09-17 15:35:02 -07:00
Bernát Gábor 813a9d0a4c
Declare 3.13 support (#406) 2024-09-07 14:24:41 -07:00
dependabot[bot] e945c84710
Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#405) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-06 21:56:12 -07:00
dependabot[bot] 46575bac60
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#381) 
Bumps
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
from 1.8.14 to 1.9.0.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-17 12:07:30 -07:00
Kemal Zebari b8313c87c6
Add pypy to CI (#369) 2024-05-23 19:23:59 -07:00
Kemal Zebari 4c832b516e
Remove publish job from the check workflow (#361) 2024-04-29 18:40:03 -07:00
Kemal Zebari 64f5789c66
Use dropdown instead of checkbox in bug report template (#356) 2024-04-18 18:23:21 -07:00
Kemal Zebari e1d3da4184
Use GitHub issue forms (#337) 2024-03-25 10:41:00 -07:00
dependabot[bot] b4f508536f
Bump pypa/gh-action-pypi-publish from 1.8.12 to 1.8.14 (#329) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-08 14:37:26 -08:00
dependabot[bot] f009a197c3
Bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12 (#323) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-27 07:50:22 -08:00
pre-commit-ci[bot] 001650990f
[pre-commit.ci] pre-commit autoupdate (#305) 
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
 2023-12-08 20:39:08 -08:00
dependabot[bot] 30011acb3d
Bump actions/setup-python from 4 to 5 (#306) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-08 09:40:07 -08:00
dependabot[bot] 28bf158e98
Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (#304) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 11:54:12 -08:00
dependabot[bot] 94558a1c28
Bump actions/checkout from 3 to 4 (#285) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-06 08:47:40 -07:00
dependabot[bot] 6dddc85520
Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 (#278) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-11 08:41:16 -07:00
Bernát Gábor 94682d2b23
Add type check to CI and fix errors (#266) 2023-07-15 08:58:56 -07:00
Bernát Gábor 3435b64244
Drop 3.7 support (#263) 2023-07-15 08:07:02 -07:00
dependabot[bot] 527871b137
Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8 (#259) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-14 16:22:41 -07:00
Bernát Gábor 9a77ca5d46
Exclude dependabot and pre-commit ci from release notes (#257) 2023-07-10 15:18:59 -07:00
dependabot[bot] f08cdec13c
Bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.7 (#252) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-27 08:53:23 -07:00
Bernát Gábor 35f885a052
Add ruff (#243) 2023-06-14 13:02:41 -07:00
Bernát Gábor c23f8a32aa
git ls-files -z -- .github/workflows/check.yml | xargs -0 sed -i 's|3.12.0-alpha.7|3.12.0-beta.1|g' (#238) 2023-05-30 07:54:54 -07:00
dependabot[bot] ba98a85d17
Bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6 (#231) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-03 15:37:32 -07:00
Bernát Gábor 0019dcbdb9
Add 3.12 support (#228) 2023-05-01 08:18:33 -07:00
Bernát Gábor f79ee17882
Add trusted-publish (#226) 
Committed via https://github.com/asottile/all-repos
 2023-04-26 17:41:09 -07:00
dependabot[bot] ff4e50eefa
Bump pypa/gh-action-pypi-publish from 1.8.3 to 1.8.5 (#219) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 06:30:49 -07:00
dependabot[bot] c6b7837a7f
Bump pypa/gh-action-pypi-publish from 1.8.1 to 1.8.3 (#214) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-23 07:41:07 -07:00
dependabot[bot] 03d9c7c99e
Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.8.1 (#206) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-17 08:31:50 -07:00
dependabot[bot] c5d9e7a1d6
Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.4 (#185) 
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.2 to 1.6.4.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.2...v1.6.4)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-05 12:26:05 -08:00
dependabot[bot] 2eb4894491
Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.5.2 (#182) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-03 14:48:22 -08:00
Bernát Gábor 721d95ca0a
Update check.yml 2022-10-30 15:55:08 -07:00
Bernát Gábor a8a836f54a
Update check.yml 2022-10-30 15:54:04 -07:00
Bernát Gábor e479b314c0
Generalize license (#179) 2022-10-30 15:35:17 -07:00
Bernát Gábor 63bad16333
Add tidelift 
Signed-off-by: Bernát Gábor <gaborjbernat@gmail.com>
 2022-10-22 11:37:10 -07:00
Bernát Gábor a64ae4a539
Add depth git checkout 
Signed-off-by: Bernát Gábor <gaborjbernat@gmail.com>
 2022-09-06 01:19:55 -07:00
Dương Quốc Khánh 6952c1c668
Make pipdeptree works with python 3.11 (#173) 2022-09-06 01:12:22 -07:00
Bernát Gábor 8679c0af7c
Bump CI 
Signed-off-by: Bernát Gábor <gaborjbernat@gmail.com>
 2022-09-03 08:58:56 -07:00
Vineet Naik 32f874b2f5 Remove 3.10.0b4 python version from github workflow check 
This version is not yet available.
 2021-07-31 11:44:47 +05:30
Vineet Naik 41e5615510 Update python versions in github workflow check 
Removed 3.4, 3.9-dev

Added 3.9, 3.10.0b4
 2021-07-31 11:42:12 +05:30
Patrick Wang 238cbb2803 Fix GitHub Actions, as GitHub upgrades `Ubuntu-latest` 2021-04-06 21:10:02 +08:00
Vineet Naik 536e1a0317 Fix github checks due to set-env deprecation 
More info:
https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
 2020-11-22 20:07:49 +05:30
Bernat Gabor e273087052
Simplify Github check 
Signed-off-by: Bernat Gabor <bgabor8@bloomberg.net>
 2020-09-22 10:17:56 +01:00
Bernat Gabor 8a7df56112
Use tox to run the test suite in CI for isolation 
Signed-off-by: Bernat Gabor <bgabor8@bloomberg.net>
 2020-09-21 13:55:21 +01:00
Bernat Gabor a2c9654850
Use Github Actions instead of Travis 
Signed-off-by: Bernat Gabor <bgabor8@bloomberg.net>
 2020-09-21 08:12:35 +01:00