v1.8.8

[webknjaz]

💅 Cosmetic output improvements

• In twine-upload: add a nudge for trusted publishing #167, @woodruffw introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by @sethmlarson in Nudge users to use Trusted Publishers when publishing to PyPI and TestPyPI #164, collaborating with @di.

  💡 Tip: The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

🛠️ Internal dependencies

• @pquentin bumped the runtime dependency pins to the recent versions @ Bump runtime dependencies #168.

💪 New Contributors

• @pquentin made their first contribution in Bump runtime dependencies #168

🪞 Full Diff: v1.8.7...v1.8.8

---

This discussion was created from the release v1.8.8.