Bump the actions group with 15 updates

[dependabot]

Bumps the actions group with 15 updates:

Package	From	To
actions/upload-artifact	4.6.2	7.0.1
docker/setup-buildx-action	3.12.0	4.0.0
docker/login-action	3.7.0	4.1.0
docker/build-push-action	6.19.2	7.1.0
huggingface/doc-builder/.github/workflows/build_main_documentation.yml	2430c1ec91d04667414e2fa31ecfc36c153ea391	b0f9a6e3b6aa912656cbda9f74896eb721d29421
actions/setup-python	5.6.0	6.2.0
huggingface/doc-builder/.github/workflows/build_pr_documentation.yml	90b4ee2c10b81b5c1a6367c4e6fc9e2fb510a7e3	b0f9a6e3b6aa912656cbda9f74896eb721d29421
anthropics/claude-code-action	1.0.91	1.0.127
huggingface/security-workflows/.github/workflows/codeql-reusable.yml	1.1.0	1.2.0
actions/download-artifact	4.3.0	8.0.1
actions/labeler	5.0.0	6.1.0
pypa/gh-action-pypi-publish	1.13.0	1.14.0
trufflesecurity/trufflehog	3.94.2	3.95.3
crate-ci/typos	1.42.1	1.46.2
huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml	9ad2de8582b56c017cb530c1165116d40433f1c6	b0f9a6e3b6aa912656cbda9f74896eb721d29421

Updates actions/upload-artifact from 4.6.2 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in docker/setup-buildx-action#483
• Remove deprecated inputs/outputs by @​crazy-max in docker/setup-buildx-action#464
• Switch to ESM and update config/test wiring by @​crazy-max in docker/setup-buildx-action#481
• Bump @​actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475
• Bump @​docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485
• Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452
• Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472
• Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits

• 4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
• cd74e05 chore: update generated content
• eee38ec build(deps): bump @​docker/actions-toolkit from 0.77.0 to 0.79.0
• 7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
• a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
• e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
• 28a438e Merge pull request #483 from crazy-max/node24
• 034e9d3 chore: update generated content
• b4664d8 remove deprecated inputs/outputs
• a8257de node 24 as default runtime
• Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.1.0

Commits

• 4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 1e233e6 chore: update generated content
• 6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
• ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
• 1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
• d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
• a6f092b chore: update generated content
• 60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
• 62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 102c0e6 chore: update generated content
• Additional commits viewable in compare view

Updates docker/build-push-action from 6.19.2 to 7.1.0

Commits

• bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
• 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
• 46580d2 chore: update generated content
• 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
• efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
• ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
• db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
• ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
• 2d8f2a1 chore: update generated content
• 919ac7b fix test since secrets are not written to temp path anymore
• Additional commits viewable in compare view

Updates huggingface/doc-builder/.github/workflows/build_main_documentation.yml from 2430c1ec91d04667414e2fa31ecfc36c153ea391 to b0f9a6e3b6aa912656cbda9f74896eb721d29421

Commits

• b0f9a6e update (#788)
• 093eb65 feat: add language-* class to rendered code blocks (#787)
• 8991858 fix: preserve angle-bracketed content in code blocks when exporting Markdown ...
• See full diff in compare view

Updates actions/setup-python from 5.6.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

• Upgrade dependencies to Node 24 compatible versions by @​salmanmkc in actions/setup-python#1259
• Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @​dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

• Add support for pip-install input by @​gowridurgad in actions/setup-python#1201
• Add graalpy early-access and windows builds by @​timfel in actions/setup-python#880

Dependency and Documentation updates:

• Enhanced wording and updated example usage for allow-prereleases by @​yarikoptic in actions/setup-python#979
• Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @​dependabot in actions/setup-python#1139
• Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @​dependabot in actions/setup-python#1094
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @​dependabot in actions/setup-python#1199
• Upgrade requests from 2.32.2 to 2.32.4 by @​dependabot in actions/setup-python#1130
• Upgrade prettier from 3.5.3 to 3.6.2 by @​dependabot in actions/setup-python#1234
• Upgrade @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @​dependabot in actions/setup-python#1235

New Contributors

• @​yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @​priyagupta108 in actions/setup-python#1129
• Enhance reading from .python-version by @​krystof-k in actions/setup-python#787
• Add version parsing from Pipfile by @​aradkdj in actions/setup-python#1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @​aparnajyothi-y in actions/setup-python#1183
• Change missing cache directory error to warning by @​aparnajyothi-y in actions/setup-python#1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @​aparnajyothi-y in actions/setup-python#1122
• Include python version in PyPy python-version output by @​cdce8p in actions/setup-python#1110
• Update docs: clarification on pip authentication with setup-python by @​priya-kinthali in actions/setup-python#1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @​dependabot[bot] in actions/setup-python#843
• Upgrade form-data to fix critical vulnerabilities #182 & #183 by @​aparnajyothi-y in actions/setup-python#1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @​aparnajyothi-y in actions/setup-python#1165
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-python#1181
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in actions/setup-python#1095

... (truncated)

Commits

• a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
• bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
• 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
• 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
• bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
• 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
• 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
• cfd55ca graalpy: add graalpy early-access and windows builds (#880)
• bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
• 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
• Additional commits viewable in compare view

Updates huggingface/doc-builder/.github/workflows/build_pr_documentation.yml from 90b4ee2c10b81b5c1a6367c4e6fc9e2fb510a7e3 to b0f9a6e3b6aa912656cbda9f74896eb721d29421

Commits

• b0f9a6e update (#788)
• 093eb65 feat: add language-* class to rendered code blocks (#787)
• 8991858 fix: preserve angle-bracketed content in code blocks when exporting Markdown ...
• 2430c1e feat: pin missing deps + update (#783)
• 37b4351 fix(ci): set default shell to bash in build workflow jobs (#784)
• 2f8115f fix(ci): sync to bucket before zip-push to preserve extracted files (#782)
• 8624007 feat: make >>> and ... REPL prompts unselectable in code blocks (#781)
• 9ad2de8 feat: sync PR docs to HF bucket instead of git dataset (#780)
• 3ffa60f fix(security): sanitize PR data interpolation in upload_pr_documentation work...
• 9a1ab9c 🔒 Pin GitHub Actions to commit SHAs (#775)
• Additional commits viewable in compare view

Updates anthropics/claude-code-action from 1.0.91 to 1.0.127

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.127

What's Changed

• Refactor allowed_bots actor resolution by @​ashwin-ant in anthropics/claude-code-action#1330

Full Changelog: anthropics/claude-code-action@v1...v1.0.127

v1.0.126

Full Changelog: anthropics/claude-code-action@v1...v1.0.126

v1.0.125

What's Changed

• Simplify comment tool instructions in prompt by @​ashwin-ant in anthropics/claude-code-action#1328

Full Changelog: anthropics/claude-code-action@v1...v1.0.125

v1.0.124

What's Changed

• fix: add parentheses to fix operator precedence in co-author check by @​FuturizeRush in anthropics/claude-code-action#1199
• Strengthen simplified tag-mode prompt (USE_SIMPLE_PROMPT) by @​ashwin-ant in anthropics/claude-code-action#1313
• Fix prettier formatting in create-prompt by @​ashwin-ant in anthropics/claude-code-action#1325

New Contributors

• @​FuturizeRush made their first contribution in anthropics/claude-code-action#1199

Full Changelog: anthropics/claude-code-action@v1...v1.0.124

v1.0.123

What's Changed

• fix: allow , in branch names by @​bugbubug in anthropics/claude-code-action#1310
• fix: dereference symlinks when snapshotting sensitive paths to .claude-pr/ by @​matanbaruch in anthropics/claude-code-action#1186
• fix: exclude .claude-pr snapshot from git staging by @​cvan20191 in anthropics/claude-code-action#1277
• fix: write execution file when SDK throws by @​Jerry2003826 in anthropics/claude-code-action#1255
• fix: handle non-user actors (e.g. Copilot) in permission and actor checks by @​krislavten in anthropics/claude-code-action#1144
• chore: bump pinned Bun to 1.3.14 by @​ashwin-ant in anthropics/claude-code-action#1312

New Contributors

• @​bugbubug made their first contribution in anthropics/claude-code-action#1310
• @​matanbaruch made their first contribution in anthropics/claude-code-action#1186
• @​cvan20191 made their first contribution in anthropics/claude-code-action#1277
• @​Jerry2003826 made their first contribution in anthropics/claude-code-action#1255
• @​krislavten made their first contribution in anthropics/claude-code-action#1144

Full Changelog: anthropics/claude-code-action@v1...v1.0.123

v1.0.122

Full Changelog: anthropics/claude-code-action@v1...v1.0.122

v1.0.121

... (truncated)

Commits

• 1dc994e Resolve actor account type before applying allowed_bots (#1330)
• ca89df3 chore: bump Claude Code to 2.1.145 and Agent SDK to 0.3.145
• fd1877d Simplify comment tool instructions in prompt (#1328)
• 2449274 chore: bump Claude Code to 2.1.144 and Agent SDK to 0.3.144
• 0345b11 Fix prettier formatting in create-prompt (#1325)
• b020494 chore: bump Claude Code to 2.1.143 and Agent SDK to 0.3.143
• d56f102 Strengthen simplified tag-mode prompt (USE_SIMPLE_PROMPT) (#1313)
• bbad518 fix: add parentheses to fix operator precedence in co-author check (#1199)
• 51ea8ea chore: bump Claude Code to 2.1.142 and Agent SDK to 0.3.142
• acfa366 chore: bump pinned Bun to 1.3.14 (#1312)
• Additional commits viewable in compare view

Updates huggingface/security-workflows/.github/workflows/codeql-reusable.yml from 1.1.0 to 1.2.0

Release notes

Sourced from huggingface/security-workflows/.github/workflows/codeql-reusable.yml's releases.

v1.2.0

1.2.0 (2026-01-07)

Features

• Add support for runner group in CodeQL workflow (556dfac)

Commits

• e0d40aa Fix typo in workflow name
• c2d38d6 Merge pull request #13 from huggingface/improvments
• 2c91f1e docs: update workflows infos
• f07172e Rename auto-create-release.yml to manual-create-release.yml
• 67fe7b0 Merge pull request #12 from huggingface/improvments
• 37c2ec8 chore(ci): refactoring workflows
• 3863108 Update release workflow name for clarity
• 4a56a03 Merge pull request #11 from huggingface/paulinebm-patch-3
• 556dfac feat: Add support for runner group in CodeQL workflow
• a36b07e Merge pull request #9 from salmanmkc/upgrade-github-actions-node24
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/download-artifact#440
• Download Artifact Node24 support by @​salmanmkc in actions/download-artifact#415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in actions/download-artifact#451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in actions/download-artifact#452

... (truncated)

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Updates actions/labeler from 5.0.0 to 6.1.0

Release notes

Sourced from actions/labeler's releases.

v6.1.0

Enhancements

• Add changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by @​bluca in actions/labeler#923

Bug Fixes

• Improve Labeler Action documentation and permission error handling by @​chiranjib-swain in actions/labeler#897
• Preserve manually added labels during workflow runs and refine label synchronization logic by @​chiranjib-swain in actions/labeler#917

Dependency Updates

• Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by @​dependabot in actions/labeler#877
• Upgrade minimatch from 10.0.1 to 10.2.3 by @​dependabot in actions/labeler#926
• Upgrade dependencies (@​actions/core, @​actions/github, js-yaml, minimatch, @​typescript-eslint) by @​Copilot in actions/labeler#934

New Contributors

• @​chiranjib-swain made their first contribution in actions/labeler#897
• @​bluca made their first contribution in actions/labeler#923
• @​Copilot made their first contribution in actions/labeler#934

Full Changelog: actions/labeler@v6...v6.1.0

v6.0.1

What's Changed

• Upgrade publish-action from 0.2.2 to 0.4.0 by @​aparnajyothi-y in actions/labeler#901

New Contributors

• @​aparnajyothi-y made their first contribution in actions/labeler#901

Full Changelog: actions/labeler@v6.0.0...v6.0.1

v6.0.0

What's Changed

• Add workflow file for publishing releases to immutable action package by @​jcambass in actions/labeler#802

Breaking Changes

• Upgrade Node.js version to 24 in action and dependencies @​salmanmkc in actions/labeler#891 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Dependency Upgrades

• Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by @​dependabot[bot] in actions/labeler#711
• Upgrade eslint from 8.52.0 to 8.55.0 by @​dependabot[bot] in actions/labeler#720
• Upgrade @​types/jest from 29.5.6 to 29.5.11 by @​dependabot[bot] in actions/labeler#719
• Upgrade @​types/js-yaml from 4.0.8 to 4.0.9 by @​dependabot[bot] in actions/labeler#718
• Upgrade @​typescript-eslint/parser from 6.9.0 to 6.14.0 by @​dependabot[bot] in actions/labeler#717
• Upgrade prettier from 3.0.3 to 3.1.1 by @​dependabot[bot] in actions/labeler#726
• Upgrade eslint from 8.55.0 to 8.56.0 by @​dependabot[bot] in actions/labeler#725
• Upgrade @​typescript-eslint/parser from 6.14.0 to 6.19.0 by @​dependabot[bot] in actions/labeler#745
• Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by @​dependabot[bot] in actions/labeler#744
• Upgrade @​typescript-eslint/eslint-plugin from 6.9.0 to 6.20.0 by @​dependabot[bot] in actions/labeler#750
• Upgrade prettier from 3.1.1 to 3.2.5 by @​dependabot[bot] in actions/labeler#752
• Upgrade undici from 5.26.5 to 5.28.3 by @​dependabot[bot] in actions/labeler#757

... (truncated)

Commits

• f27b608 chore: upgrade dependencies (@​actions/core, @​actions/github, js-yaml, minimat...
• c5dadc2 Add 'changed-files-labels-limit' and 'max-files-changed' configs to allow cap...
• e52e4fb Bump minimatch from 10.0.1 to 10.2.3 (#926)
• 77a4082 Fix: Preserve manually added labels during workflow run and refine label sync...
• 25abb3c Improve Labeler Action Documentation and Error Handling for Permissions (#897)
• 395c8cf Bump brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v...
• 634933e publish-action upgrade to 0.4.0 from 0.2.2 (#901)
• f1a63e8 Update Node.js version to 24 in action and dependencies (#891)
• b0a1180 Bump @​octokit/request-error from 5.0.1 to 5.1.1 (#846)
• 110d441 Update README.md (#871)
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw