id,node_id,number,title,user,state,locked,assignee,milestone,comments,created_at,updated_at,closed_at,author_association,active_lock_reason,draft,pull_request,body,reactions,performed_via_github_app,state_reason,repo,type 2242781767,PR_kwDOAMm_X85soOln,8943,Bump codecov/codecov-action from 4.2.0 to 4.3.0 in the actions group,49699333,closed,0,,,0,2024-04-15T06:04:28Z,2024-04-15T19:16:38Z,2024-04-15T19:16:38Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8943,"Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.2.0 to 4.3.0

Release notes

Sourced from codecov/codecov-action's releases.

v4.3.0

What's Changed

fix: automatically detect if using GitHub enterprise by @thomasrockhu-codecov in codecov/codecov-action#1356

build(deps-dev): bump typescript from 5.4.3 to 5.4.4 by @dependabot in codecov/codecov-action#1355

build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in codecov/codecov-action#1360

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.5.0 to 7.6.0 by @dependabot in codecov/codecov-action#1364

build(deps-dev): bump @typescript-eslint/parser from 7.5.0 to 7.6.0 by @dependabot in codecov/codecov-action#1363

feat: add network params by @thomasrockhu-codecov in codecov/codecov-action#1365

build(deps): bump undici from 5.28.3 to 5.28.4 by @dependabot in codecov/codecov-action#1361

chore(release): v4.3.0 by @thomasrockhu-codecov in codecov/codecov-action#1366

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.2.0...v4.3.0

Commits

8450866 chore(release): v4.3.0 (#1366)
e841909 build(deps): bump undici from 5.28.3 to 5.28.4 (#1361)
363a65a feat: add network params (#1365)
640b86a build(deps-dev): bump @typescript-eslint/parser from 7.5.0 to 7.6.0 (#1363)
375c033 build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.5.0 to 7.6.0 (#...
d701256 build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 (#1360)
0bb547a build(deps-dev): bump typescript from 5.4.3 to 5.4.4 (#1355)
55e8381 fix: automatically detect if using GitHub enterprise (#1356)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4.2.0&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8943/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2230357492,PR_kwDOAMm_X85r9wiV,8918,Bump codecov/codecov-action from 4.1.1 to 4.2.0 in the actions group,49699333,closed,0,,,0,2024-04-08T06:21:47Z,2024-04-08T16:31:12Z,2024-04-08T16:31:11Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8918,"Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.1.1 to 4.2.0

Release notes

Sourced from codecov/codecov-action's releases.

v4.2.0

What's Changed

chore(deps): update deps by @thomasrockhu-codecov in codecov/codecov-action#1351

feat: allow for authentication via OIDC token by @thomasrockhu-codecov in codecov/codecov-action#1330

fix: use_oidc shoudl be required false by @thomasrockhu-codecov in codecov/codecov-action#1353

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.1.1...v4.2.0

Commits

7afa10e fix: use_oidc shoudl be required false (#1353)
d820d60 feat: allow for authentication via OIDC token (#1330)
3a20752 chore(deps): update deps (#1351)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4.1.1&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8918/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2217657228,PR_kwDOAMm_X85rSLKy,8896,Bump the actions group with 1 update,49699333,closed,0,,,0,2024-04-01T06:50:24Z,2024-04-01T18:02:56Z,2024-04-01T18:02:56Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8896,"Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.1.0 to 4.1.1

Release notes

Sourced from codecov/codecov-action's releases.

v4.1.1

What's Changed

build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in codecov/codecov-action#1315

build(deps-dev): bump typescript from 5.3.3 to 5.4.2 by @dependabot in codecov/codecov-action#1319

Removed mention of Mercurial by @drazisil-codecov in codecov/codecov-action#1325

build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in codecov/codecov-action#1332

build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in codecov/codecov-action#1331

fix: force version by @thomasrockhu-codecov in codecov/codecov-action#1329

build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by @dependabot in codecov/codecov-action#1334

build(deps): bump undici from 5.28.2 to 5.28.3 by @dependabot in codecov/codecov-action#1338

build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in codecov/codecov-action#1341

fix: typo in disable_safe_directory by @mkroening in codecov/codecov-action#1343

chore(release): 4.1.1 by @thomasrockhu-codecov in codecov/codecov-action#1344

New Contributors

@mkroening made their first contribution in codecov/codecov-action#1343

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.1.0...v4.1.1

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

#1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

No current support for aarch64 and alpine architectures.

Tokenless uploading is unsuported

Various arguments to the Action have been removed

3.1.4

Fixes

#967 Fix typo in README.md

#971 fix: add back in working dir

#969 fix: CLI option names for uploader

Dependencies

#970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3

#979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2

#981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

#960 fix: allow for aarch64 build

Dependencies

#957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0

#958 build(deps): bump openpgp from 5.7.0 to 5.8.0

#959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

#718 Update README.md

#851 Remove unsupported path_to_write_report argument

#898 codeql-analysis.yml

#901 Update README to contain correct information - inputs and negate feature

#955 fix: add in all the extra arguments for uploader

Dependencies

#819 build(deps): bump openpgp from 5.4.0 to 5.5.0

#835 build(deps): bump node-fetch from 3.2.4 to 3.2.10

#840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4

#841 build(deps): bump @actions/core from 1.9.1 to 1.10.0

#843 build(deps): bump @actions/github from 5.0.3 to 5.1.1

#869 build(deps): bump node-fetch from 3.2.10 to 3.3.0

#872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0

#879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

c16abc2 chore(release): 4.1.1 (#1344)
3e33441 fix: typo in disable_safe_directory (#1343)
85aacc9 build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 (#1341)
4ea9be0 build(deps): bump undici from 5.28.2 to 5.28.3 (#1338)
164fade build(deps-dev): bump typescript from 5.4.2 to 5.4.3 (#1334)
4621ecc fix: force version (#1329)
251ba34 build(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#1331)
5a593a5 build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 (#1332)
a15c0e4 Removed mention of Mercurial (#1325)
8be6ba5 build(deps-dev): bump typescript from 5.3.3 to 5.4.2 (#1319)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8896/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2178320249,PR_kwDOAMm_X85pMy5O,8818,Bump the actions group with 1 update,49699333,closed,0,,,0,2024-03-11T06:21:39Z,2024-03-11T07:00:10Z,2024-03-11T07:00:10Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8818,"Bumps the actions group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `pypa/gh-action-pypi-publish` from 1.8.12 to 1.8.14

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.14

🛠️ Internal Dependencies

Nothing changed feature-wise. The only notable update is that the underlying container runtime now uses Python 3.12 and pip has been updated to v24.0 there. This is should go unnoticed in terms of behavior. It's just a bit of maintenance burden to be done occasionally by @webknjaz💰. Enjoy!

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.13...v1.8.14

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

v1.8.13

🐛 What's Fixed

This action is now able to consume and publish distribution packages with Metadata-Version: 2.3 embedded.

🛠️ Internal Dependencies

@SigureMo💰 sent us a bump of pkginfo version to version 1.10.0 in #219. It's a transitive dependency for us and is not an API-level change but upgrading it has a side effect of letting Twine recognize distribution packages declaring Metadata-Version: 2.3. In particular, it is known to affect distributions built with Maturin >= 1.5.0.

Following that, @webknjaz💰 upgraded other transitive and direct dependency pins, including, among others, the following notable bumps:

cryptography == 42.0.5

id == 1.3.0

readme-renderer == 43.0

Twine == 5.0.0

💪 New Contributors

@SigureMo made their first contribution in pypa/gh-action-pypi-publish#219

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.12...v1.8.13

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

Commits

81e9d93 Bump pip to v24.0 in runtime prerequisites lock
91527c4 Regenerate lockfiles with pip-tools v7.4.1
3a817c6 Bump action runtime to CPython 3.12
741947b Add a config file for pip-tools
d7af439 Mass-bump transitive dependencies of runtime
e90ddca Bump readme-renderer to v43.0
dae7fa3 Bump Twine to v5.0.0
0fe04ae Bump id to v1.3.0
444e179 Bump cryptography to v42.0.5
820be4e Normalize pip-tools' header comment @ runtime.txt
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.12&new-version=1.8.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8818/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2166021058,PR_kwDOAMm_X85oi7iB,8804,Bump the actions group with 2 updates,49699333,closed,0,,,0,2024-03-04T06:14:58Z,2024-03-04T18:42:55Z,2024-03-04T18:42:54Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8804,"Bumps the actions group with 2 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `codecov/codecov-action` from 4.0.2 to 4.1.0

Release notes

Sourced from codecov/codecov-action's releases.

v4.1.0

What's Changed

fix: set safe directory by @thomasrockhu-codecov in codecov/codecov-action#1304

build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in codecov/codecov-action#1306

build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @dependabot in codecov/codecov-action#1305

chore(release): v4.1.0 by @thomasrockhu-codecov in codecov/codecov-action#1307

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.0.2...v4.1.0

Commits

54bcd87 chore(release): v4.1.0 (#1307)
8ba77ef build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#1305)
c60aa80 build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#1306)
2fc4847 fix: set safe directory (#1304)
See full diff in compare view

Updates `pypa/gh-action-pypi-publish` from 1.8.11 to 1.8.12

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.12

💅 Cosmetic Output Improvements

@woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.

📝 What's Documented

@virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @xuanzhi33💰 later corrected the markdown syntax there via #216.

🛠️ Internal Dependencies

pre-commit linters got autoupdated @ #204

Cryptography was bumped from 41.0.6 to 42.0.4 @ #210, #213 and #214

⚙️ Secret Stuff

@woodruffw proactively updated the OIDC minting API endpoint used during the exchange via #206. Nothing you should be too concerned about, promise!

💪 New Contributors

@virtuald made their first contribution in pypa/gh-action-pypi-publish#186

@xuanzhi33 made their first contribution in pypa/gh-action-pypi-publish#216

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.11...v1.8.12

:man_beard: Release Manager: @webknjaz 🇺🇦

Commits

e53eb8b Clarify the error during OIDC exchange on PRs from forks
edfa8f3 Merge pull request #216 from xuanzhi33/unstable/v1
aeff019 docs(fix): Fix a markdown alert
24c5d5c Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...
c13b4aa build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
72a79c8 Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...
751e5b8 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
0580fcb Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...
a524841 build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
3f824c7 Merge pull request #204 from pypa/pre-commit-ci-update-config
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8804/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2153359481,PR_kwDOAMm_X85n3yWP,8785,Bump the actions group with 2 updates,49699333,closed,0,,,0,2024-02-26T06:29:23Z,2024-02-26T07:00:03Z,2024-02-26T07:00:02Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8785,"Bumps the actions group with 2 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [scientific-python/upload-nightly-action](https://github.com/scientific-python/upload-nightly-action). Updates `codecov/codecov-action` from 4.0.1 to 4.0.2

Release notes

Sourced from codecov/codecov-action's releases.

v4.0.2

What's Changed

Update README.md by @thomasrockhu-codecov in codecov/codecov-action#1251

build(deps-dev): bump @types/jest from 29.5.11 to 29.5.12 by @dependabot in codecov/codecov-action#1257

build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in codecov/codecov-action#1266

Escape pipes in table of arguments by @jwodder in codecov/codecov-action#1265

Add link to docs on Dependabot secrets by @ianlewis in codecov/codecov-action#1260

fix: working-directory input for all stages by @Bo98 in codecov/codecov-action#1272

build(deps-dev): bump @typescript-eslint/parser from 6.20.0 to 6.21.0 by @dependabot in codecov/codecov-action#1271

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 by @dependabot in codecov/codecov-action#1269

build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in codecov/codecov-action#1298

Use updated syntax for GitHub Markdown notes by @jamacku in codecov/codecov-action#1300

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.21.0 to 7.0.0 by @dependabot in codecov/codecov-action#1290

build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in codecov/codecov-action#1286

chore(release): bump to 4.0.2 by @thomasrockhu-codecov in codecov/codecov-action#1302

New Contributors

@jwodder made their first contribution in codecov/codecov-action#1265

@ianlewis made their first contribution in codecov/codecov-action#1260

@Bo98 made their first contribution in codecov/codecov-action#1272

@jamacku made their first contribution in codecov/codecov-action#1300

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.0.1...v4.0.2

Commits

0cfda1d chore(release): bump to 4.0.2 (#1302)
7d3a55e build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1286)
fe84a0b build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.21.0 to 7.0.0 (...
e12c940 Use updated syntax for GitHub Markdown notes (#1300)
ef7f8a5 build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#1298)
b8a1d6a build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 ...
6ef7ea4 build(deps-dev): bump @typescript-eslint/parser from 6.20.0 to 6.21.0 (#1271)
f62c5ee fix: working-directory input for all stages (#1272)
fdbfa4b Add link to docs on Dependabot secrets (#1260)
9855cf7 Escape pipes in table of arguments (#1265)
Additional commits viewable in compare view

Updates `scientific-python/upload-nightly-action` from 0.3.0 to 0.5.0

Release notes

Sourced from scientific-python/upload-nightly-action's releases.

0.5.0

0.5.0 has the same features as release 0.4.0 but achieves them with fewer dependencies by updating anaconda-client to v1.12.3 to take advantage of upstream fixes that release 0.4.0 provided locally in the GitHub Action. The version of CPython used is also updated to 3.12.

What's Changed

DOC: Update action commit SHA to the 0.4.0 tag by @matthewfeickert in scientific-python/upload-nightly-action#66

ENH: Update to anaconda-client v1.12.3 and simplify dependencies by @matthewfeickert in scientific-python/upload-nightly-action#67

Full Changelog: https://github.com/scientific-python/upload-nightly-action/compare/0.4.0...0.5.0

0.4.0

0.4.0 adds an additional guard to ensure that projects that:

Already have the package name exist on the target index

Only have one version of the package on the target index

Only have one distribution file for that package

won't remove the project from the index while trying to upload to it. This most commonly guards no arch wheels that don't include version control system information in the filename that are overriding the same wheel filename in place. c.f. Anaconda-Platform/anaconda-client#702 for more informaiton.

No API changes are required to move from 0.3.0 to 0.4.0.

What's Changed

DOC: Update action commit SHA to the 0.3.0 tag by @matthewfeickert in scientific-python/upload-nightly-action#56

CI: Group dependabot updates by @matthewfeickert in scientific-python/upload-nightly-action#59

fix: Guard against removing package while uploading to it by @matthewfeickert in scientific-python/upload-nightly-action#64

Full Changelog: https://github.com/scientific-python/upload-nightly-action/compare/0.3.0...0.4.0

Commits

b67d7fc ENH: Update to anaconda-client v1.12.3 and simplify dependencies (#67)
2c7042c DOC: Update action commit SHA to the 0.4.0 tag (#66)
95f7bf6 fix: Guard against removing package while uploading to it (#64)
66bc1b6 CI: Group dependabot updates (#59)
6f1e2b9 DOC: Update action commit SHA to the 0.3.0 tag (#56)
See full diff in compare view

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8785/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2117749336,PR_kwDOAMm_X85l-wKQ,8706,Bump the actions group with 1 update,49699333,closed,0,,,0,2024-02-05T06:04:43Z,2024-02-06T16:02:56Z,2024-02-06T16:02:55Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8706,"Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 3.1.5 to 4.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v4.0.1

What's Changed

Update README.md by @thomasrockhu-codecov in codecov/codecov-action#1243

Add all args by @thomasrockhu-codecov in codecov/codecov-action#1245

fix: show both token uses in readme by @thomasrockhu-codecov in codecov/codecov-action#1250

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.0.0...v4.0.1

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.

Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.

OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page

Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs

v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).

What's Changed

build(deps): bump openpgp from 5.8.0 to 5.9.0 by @dependabot in codecov/codecov-action#985

build(deps): bump actions/checkout from 3.0.0 to 3.5.3 by @dependabot in codecov/codecov-action#1000

build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in codecov/codecov-action#1006

build(deps): bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in codecov/codecov-action#1013

build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in codecov/codecov-action#1024

build(deps): bump node-fetch from 3.3.1 to 3.3.2 by @dependabot in codecov/codecov-action#1031

build(deps-dev): bump @types/node from 20.1.4 to 20.4.5 by @dependabot in codecov/codecov-action#1032

build(deps): bump github/codeql-action from 1.0.26 to 2.21.2 by @dependabot in codecov/codecov-action#1033

build commit,report and upload args based on codecovcli by @dana-yaish in codecov/codecov-action#943

build(deps-dev): bump @types/node from 20.4.5 to 20.5.3 by @dependabot in codecov/codecov-action#1055

build(deps): bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in codecov/codecov-action#1051

build(deps-dev): bump @types/node from 20.5.3 to 20.5.4 by @dependabot in codecov/codecov-action#1058

chore(deps): update outdated deps by @thomasrockhu-codecov in codecov/codecov-action#1059

build(deps-dev): bump @types/node from 20.5.4 to 20.5.6 by @dependabot in codecov/codecov-action#1060

build(deps-dev): bump @typescript-eslint/parser from 6.4.1 to 6.5.0 by @dependabot in codecov/codecov-action#1065

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.1 to 6.5.0 by @dependabot in codecov/codecov-action#1064

build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in codecov/codecov-action#1063

build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by @dependabot in codecov/codecov-action#1061

build(deps-dev): bump @types/node from 20.5.6 to 20.5.7 by @dependabot in codecov/codecov-action#1062

build(deps): bump openpgp from 5.9.0 to 5.10.1 by @dependabot in codecov/codecov-action#1066

build(deps-dev): bump @types/node from 20.5.7 to 20.5.9 by @dependabot in codecov/codecov-action#1070

build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in codecov/codecov-action#1069

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.5.0 to 6.6.0 by @dependabot in codecov/codecov-action#1072

Update README.md by @thomasrockhu-codecov in codecov/codecov-action#1073

build(deps-dev): bump @typescript-eslint/parser from 6.5.0 to 6.6.0 by @dependabot in codecov/codecov-action#1071

build(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.0 by @dependabot in codecov/codecov-action#1074

build(deps): bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in codecov/codecov-action#1081

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.6.0 to 6.7.0 by @dependabot in codecov/codecov-action#1080

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

#1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

No current support for aarch64 and alpine architectures.

Tokenless uploading is unsuported

Various arguments to the Action have been removed

3.1.4

Fixes

#967 Fix typo in README.md

#971 fix: add back in working dir

#969 fix: CLI option names for uploader

Dependencies

#970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3

#979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2

#981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

#960 fix: allow for aarch64 build

Dependencies

#957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0

#958 build(deps): bump openpgp from 5.7.0 to 5.8.0

#959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

#718 Update README.md

#851 Remove unsupported path_to_write_report argument

#898 codeql-analysis.yml

#901 Update README to contain correct information - inputs and negate feature

#955 fix: add in all the extra arguments for uploader

Dependencies

#819 build(deps): bump openpgp from 5.4.0 to 5.5.0

#835 build(deps): bump node-fetch from 3.2.4 to 3.2.10

#840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4

#841 build(deps): bump @actions/core from 1.9.1 to 1.10.0

#843 build(deps): bump @actions/github from 5.0.3 to 5.1.1

#869 build(deps): bump node-fetch from 3.2.10 to 3.3.0

#872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0

#879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

e0b68c6 fix: show both token uses in readme (#1250)
1f9f557 Add all args (#1245)
09686fc Update README.md (#1243)
f30e495 fix: update action.yml (#1240)
a7b945c fix: allow for other archs (#1239)
98ab2c5 Update package.json (#1238)
43235cc Update README.md (#1237)
0cf8684 chore(ci): bump to node20 (#1236)
8e1e730 build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 ...
61293af build(deps-dev): bump @typescript-eslint/parser from 6.19.1 to 6.20.0 (#1235)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.5&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8706/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2104759905,PR_kwDOAMm_X85lSVfr,8678,Bump the actions group with 1 update,49699333,closed,0,,,0,2024-01-29T06:37:28Z,2024-01-29T19:27:12Z,2024-01-29T19:27:11Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8678,"Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 3.1.4 to 3.1.5

Release notes

Sourced from codecov/codecov-action's releases.

v3.1.5

What's Changed

action.yml: Update to Node.js 20 by @hallabro in codecov/codecov-action#1228

New Contributors

@hallabro made their first contribution in codecov/codecov-action#1228

Full Changelog: https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

#1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

No current support for aarch64 and alpine architectures.

Tokenless uploading is unsuported

Various arguments to the Action have been removed

Commits

4fe8c5f chore(release): bump to 3.1.5
9140fdc action.yml: Update to Node.js 20 (#1228)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.4&new-version=3.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8678/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2045809742,PR_kwDOAMm_X85iN_wD,8557,Bump actions/upload-artifact from 3 to 4,49699333,closed,0,,,10,2023-12-18T06:08:49Z,2024-01-04T22:40:26Z,2024-01-04T22:40:25Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8557,"Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.

Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @actions/artifact documentation.

New Contributors

@vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v4.0.0

v3.1.3

What's Changed

chore(github): remove trailing whitespaces by @ljmf00 in actions/upload-artifact#313

Bump @actions/artifact version to v1.1.2 by @bethanyj28 in actions/upload-artifact#436

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v3.1.3

v3.1.2

Update all @actions/* NPM packages to their latest versions- #374

Update all dev dependencies to their most recent versions - #375

v3.1.1

Update actions/core package to latest version to remove set-output deprecation warning #351

v3.1.0

What's Changed

Bump @actions/artifact to v1.1.0 (actions/upload-artifact#327)

Adds checksum headers on artifact upload (actions/toolkit#1095) (actions/toolkit#1063)

Commits

c7d193f Merge pull request #466 from actions/v4-beta
13131bb licensed cache
4a6c273 Merge branch 'main' into v4-beta
f391bb9 Merge pull request #465 from actions/robherley/v4-documentation
9653d03 Apply suggestions from code review
875b630 add limitations section
ecb2146 add compression example
5e7604f trim some repeated info
d6437d0 naming
1b56155 s/v4-beta/v4/g
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8557/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2045809680,PR_kwDOAMm_X85iN_vQ,8556,Bump actions/download-artifact from 3 to 4,49699333,closed,0,,,3,2023-12-18T06:08:46Z,2024-01-03T21:57:18Z,2024-01-03T21:57:17Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8556,"Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.

Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @actions/artifact documentation.

New Contributors

@bflad made their first contribution in actions/download-artifact#194

Full Changelog: https://github.com/actions/download-artifact/compare/v3...v4.0.0

v3.0.2

Bump @actions/artifact to v1.1.1 - actions/download-artifact#195

Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278

v3.0.1

Bump @actions/core to 1.10.0

Commits

7a1cd32 Merge pull request #246 from actions/v4-beta
8f32874 licensed cache
b5ff844 Merge pull request #245 from actions/robherley/v4-documentation
f07a0f7 Update README.md
7226129 update test workflow to use different artifact names for matrix
ada9446 update docs and bump @actions/artifact
7eafc8b Merge pull request #244 from actions/robherley/bump-toolkit
3132d12 consume latest toolkit
5be1d38 Merge pull request #243 from actions/robherley/v4-beta-updates
465b526 consume latest @actions/toolkit
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8556/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2034952754,PR_kwDOAMm_X85hpKYs,8540,Bump actions/setup-python from 4 to 5,49699333,closed,0,,,0,2023-12-11T06:50:24Z,2023-12-11T07:56:07Z,2023-12-11T07:56:06Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8540,"Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: https://github.com/actions/setup-python/compare/v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py
Besides, the release contains such changes as:

Trim python version when reading from file by @FerranPares in actions/setup-python#628

Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724

Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723

Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743

advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729

Examples now use checkout@v4 by @simonw in actions/setup-python#738

Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761

New Contributors

@FerranPares made their first contribution in actions/setup-python#628

@timfel made their first contribution in actions/setup-python#694

@jeffwidman made their first contribution in actions/setup-python#724

Full Changelog: https://github.com/actions/setup-python/compare/v4...v4.8.0

v4.7.1

What's Changed

Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in actions/setup-python#702

Add range validation for toml files by @dmitry-shibanov in actions/setup-python#726

Full Changelog: https://github.com/actions/setup-python/compare/v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).
      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table> 

... (truncated)

Commits

0a5c615 Update action to node20 (#772)
0ae5836 Add example of GraalPy to docs (#773)
b64ffca update actions/checkout to v4 (#761)
8d28961 Examples now use checkout@v4 (#738)
7bc6abb advanced-usage.md: Encourage the use actions/checkout@v4 (#729)
e8111ce Bump @babel/traverse from 7.9.0 to 7.23.2 (#743)
a00ea43 add fix for graalpy ci (#741)
8635b1c Change deprecation comment to past tense (#723)
f6cc428 Use non-deprecated versions in examples (#724)
5f2af21 Add GraalPy support (#694)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8540/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 2023108220,PR_kwDOAMm_X85hA5hU,8514,Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11,49699333,closed,0,,,0,2023-12-04T06:14:27Z,2023-12-04T21:10:15Z,2023-12-04T21:10:14Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8514,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.10 to 1.8.11.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.11

:nail_care: Cosmetic output improvements

@woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

:memo: What's Documented

@di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

:hammer_and_wrench: Internal dependencies

Cryptography was bumped from 41.0.3 to 41.0.6 @ pypa/gh-action-pypi-publish#194

Pip was bumped from 22.3.1 to 23.3 @ pypa/gh-action-pypi-publish#189

pre-commit linters got autoupdated @ pypa/gh-action-pypi-publish#184

Urllib3 was bumped from 2.0.3 to 2.0.7 @ pypa/gh-action-pypi-publish#183 and pypa/gh-action-pypi-publish#185

:muscle: New Contributors

@di made their first contribution in pypa/gh-action-pypi-publish#179

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11

Commits

2f6f737 Merge commit PR #184 into unstable/v1
2fa448a Merge PRs #190, #184, #185, #189 and #194 into unstable/v1
824ad31 Revert flake8 to v4.0.1 for WPS
41f3f53 Bump cryptography from 41.0.3 to 41.0.6 in /requirements
2319287 twine-upload: ::error, switch nudge order
254a0d4 twine-upload: add a nudge for password auth
70a33ca Bump pip from 22.3.1 to 23.3 in /requirements
102f507 Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
79739dc Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
9a3f9ad [pre-commit.ci] pre-commit autoupdate
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.10&new-version=1.8.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8514/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1889750338,PR_kwDOAMm_X85Z-5dO,8169,Bump actions/checkout from 3 to 4,49699333,closed,0,,,0,2023-09-11T06:19:29Z,2023-09-11T12:32:05Z,2023-09-11T12:32:04Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8169,"Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

Update default runtime to node20 by @takost in actions/checkout#1436

Support fetching without the --progress option by @simonbaird in actions/checkout#1067

Release 4.0.0 by @takost in actions/checkout#1447

New Contributors

@takost made their first contribution in actions/checkout#1436

@simonbaird made their first contribution in actions/checkout#1067

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377

Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579

Release 3.6.0 by @luketomlinson in actions/checkout#1437

New Contributors

@RobertWieczoreck made their first contribution in actions/checkout#579

@luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196

Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287

Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369

Release v3.5.3 by @TingluoHuang in actions/checkout#1376

New Contributors

@megamanics made their first contribution in actions/checkout#1196

@DimitriPapadopoulos made their first contribution in actions/checkout#1287

@dfdez made their first contribution in actions/checkout#1369

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246

New Contributors

@BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

Fix slow checkout on Windows

v3.5.0

Add new public key for known_hosts

v3.4.0

Upgrade codeql actions to v2

Upgrade dependencies

Upgrade @actions/io

v3.3.0

Implement branch list using callbacks from exec function

Add in explicit reference to private checkout options

[Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

Add GitHub Action to perform release

Fix status badge

Replace datadog/squid with ubuntu/squid Docker image

Wrap pipeline commands for submoduleForeach in quotes

Update @actions/io to 1.1.2

Upgrading version to 3.2.0

v3.1.0

Use @actions/core saveState and getState

Add github-server-url input

v3.0.2

Add input set-safe-directory

v3.0.1

... (truncated)

Commits

3df4ab1 Release 4.0.0 (#1447)
8b5e8b7 Support fetching without the --progress option (#1067)
97a652b Update default runtime to node20 (#1436)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8169/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1849099655,PR_kwDOAMm_X85X2KV7,8068,Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10,49699333,closed,0,,,0,2023-08-14T06:36:51Z,2023-08-17T10:32:20Z,2023-08-17T10:32:19Z,CONTRIBUTOR,,0,pydata/xarray/pulls/8068,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.8 to 1.8.10.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.10

:bug: What's Fixed

@woodruffw fixed decoding OIDC claims in debug output on failure by applying correct padding to the encoded payload via pypa/gh-action-pypi-publish#177.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10

v1.8.9

:nail_care: Cosmetic output improvements

@woodruffw added debug output to the trusted publishing OIDC exchange on failures in pypa/gh-action-pypi-publish#174

@woodruffw implemented Markdown semantic callouts in README via pypa/gh-action-pypi-publish#175

:hammer_and_wrench: Internal dependencies

Certifi was bumped from 2023.5.7 to 2023.7.22 @ pypa/gh-action-pypi-publish#171

Cryptography was bumped from 41.0.2 to 41.0.3 @ pypa/gh-action-pypi-publish#172

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9

Commits

b7f401d Merge PR #177 into unstable/v1
ba3ecc9 oidc-exchange: fix padding
ade57f5 Merge PRs #174 #175 and #172 into unstable/v1
637917e README: re-add "pro tip" language
4864f13 README: use semantic callouts
326f9ad oidc-exchange: add-trailing-comma
e5f0690 oidc-exchange: ignore a nested function
8bdd0cc oidc-exchange: lintage
71a0032 oidc-exchange: render claims if exchange fails
adef75a Bump cryptography from 41.0.2 to 41.0.3 in /requirements
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.8&new-version=1.8.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/8068/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1807049424,PR_kwDOAMm_X85VoeLa,7994,Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8,49699333,closed,0,,,0,2023-07-17T06:07:36Z,2023-07-17T13:27:28Z,2023-07-17T13:27:27Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7994,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.7 to 1.8.8.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.8

:nail_care: Cosmetic output improvements

In pypa/gh-action-pypi-publish#167, @woodruffw introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by @sethmlarson in pypa/gh-action-pypi-publish#164, collaborating with @di.

:bulb: Tip: The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

:hammer_and_wrench: Internal dependencies

@pquentin bumped the runtime dependency pins to the recent versions @ pypa/gh-action-pypi-publish#168.

:muscle: New Contributors

@pquentin made their first contribution in pypa/gh-action-pypi-publish#168

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8

Commits

f8c70e7 Merge pull request #168 from pquentin/bump-dependencies
68276eb Merge pull request #167 from trail-of-forks/tob-nudge
a5d57af Bump runtime dependencies
e90e853 twine-upload: only nudge on PyPI-looking domains
be69596 twine-upload: add a nudge for trusted publishing
54d67ed Merge pull request #165 from pypa/pre-commit-ci-update-config
d32e2fa Revert flake8 to v4.0.1
a8d92e9 [pre-commit.ci] pre-commit autoupdate
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.7&new-version=1.8.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7994/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1785405563,PR_kwDOAMm_X85UfCul,7956,Bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.7,49699333,closed,0,,,0,2023-07-03T06:07:52Z,2023-07-03T15:43:38Z,2023-07-03T15:43:37Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7956,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.6 to 1.8.7.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.7

:nail_care: Cosmetic output impovements

@woodruffw fixed OIDC the multiline annotations by escaping LF through urlencoding it in pypa/gh-action-pypi-publish#156.

@jaap3 noticed and promptly removed extraneous } from a non-OIDC log annotation in pypa/gh-action-pypi-publish#161.

@hugovk made pip ignore that it runs under the root user and suppress its warning output in pypa/gh-action-pypi-publish#159.

:hammer_and_wrench: Internal dependencies

Cryptography was bumped from 39.0.1 to 41.0.0 @ pypa/gh-action-pypi-publish#160

Requests was bumped from 2.28.1 to 2.31.0 @ pypa/gh-action-pypi-publish#157

:muscle: New Contributors

@jaap3 made their first contribution in pypa/gh-action-pypi-publish#161

:mirror: Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.6...v1.8.7

Commits

f5622bd Merge PRs #159 and #160 into unstable/v1
3be882c Merge pull request #161 from jaap3/jaap3-patch-1
775be49 Remove extraneous }
5684530 Bump cryptography from 39.0.1 to 41.0.0 in /requirements
135d0d5 Ignore pip's root user warning
110f54a Merge pull request #157 from pypa/dependabot/pip/requirements/requests-2.31.0
c803c91 Bump requests from 2.28.1 to 2.31.0 in /requirements
f9ed8ba Merge pull request #156 from trail-of-forks/tob-fix-annotation
3063966 oidc-exchange: "fix" multiline annotations
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.6&new-version=1.8.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7956/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1730190019,PR_kwDOAMm_X85Rk3y9,7877,Bump mamba-org/provision-with-micromamba from 15 to 16,49699333,closed,0,,,1,2023-05-29T06:57:09Z,2023-06-01T16:22:07Z,2023-06-01T16:21:57Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7877,"Bumps [mamba-org/provision-with-micromamba](https://github.com/mamba-org/provision-with-micromamba) from 15 to 16.

Release notes

Sourced from mamba-org/provision-with-micromamba's releases.

v16

⛔️ With this release, we are deprecating this project.

Please use the mamba-org/setup-micromamba action instead.

See the migration guide for instructions how to migrate from provision-with-micromamba to setup-micromamba.

Commits

3c96c0c Add deprecation warning (#122)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mamba-org/provision-with-micromamba&package-manager=github_actions&previous-version=15&new-version=16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7877/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1719022727,PR_kwDOAMm_X85Q-26-,7859,Bump codecov/codecov-action from 3.1.3 to 3.1.4,49699333,closed,0,,,0,2023-05-22T06:57:15Z,2023-05-22T19:49:21Z,2023-05-22T19:49:20Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7859,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4.

Release notes

Sourced from codecov/codecov-action's releases.

3.1.4

What's Changed

build(deps-dev): bump @types/node from 18.15.12 to 18.16.3 by @dependabot in codecov/codecov-action#970

Fix typo in README.md by @hisaac in codecov/codecov-action#967

fix: add back in working dir by @thomasrockhu-codecov in codecov/codecov-action#971

fix: CLI option names for uploader by @kleisauke in codecov/codecov-action#969

build(deps-dev): bump @types/node from 18.16.3 to 20.1.0 by @dependabot in codecov/codecov-action#975

build(deps-dev): bump @types/node from 20.1.0 to 20.1.2 by @dependabot in codecov/codecov-action#979

build(deps-dev): bump @types/node from 20.1.2 to 20.1.4 by @dependabot in codecov/codecov-action#981

release: 3.1.4 by @thomasrockhu-codecov in codecov/codecov-action#983

New Contributors

@hisaac made their first contribution in codecov/codecov-action#967

@kleisauke made their first contribution in codecov/codecov-action#969

Full Changelog: https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.4

Fixes

#967 Fix typo in README.md

#971 fix: add back in working dir

#969 fix: CLI option names for uploader

Dependencies

#970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3

#979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2

#981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4

Commits

eaaf4be release: 3.1.4 (#983)
c2ab9ab build(deps-dev): bump @types/node from 20.1.2 to 20.1.4 (#981)
49c20db build(deps-dev): bump @types/node from 20.1.0 to 20.1.2 (#979)
cf8e3e4 build(deps-dev): bump @types/node from 18.16.3 to 20.1.0 (#975)
1c34415 fix: CLI option names for uploader (#969)
b4dfea7 fix: add back in working dir (#971)
5bf2504 Fix typo in README.md (#967)
1dd0ce3 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3 (#970)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7859/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1699649294,PR_kwDOAMm_X85P99OH,7826,Bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6,49699333,closed,0,,,0,2023-05-08T06:56:59Z,2023-05-08T21:24:30Z,2023-05-08T21:24:29Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7826,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.5 to 1.8.6.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.6

What's Updated

@woodruffw dropped the references to a “private beta” from the project docs and runtime in pypa/gh-action-pypi-publish#147. He also clarified that the API tokens are still more secure than passwords in pypa/gh-action-pypi-publish#150.

@asherf noticed that the action metadata incorrectly marked the password field as required and contributed a correction in pypa/gh-action-pypi-publish#151

@webknjaz moved the Trusted Publishing example to the top of the README in hopes that new users would default to using it via https://github.com/pypa/gh-action-pypi-publish/commit/f47b34707fd264d5ddb1ef322ca74cf8e4cf351b

New Contributors

@asherf made their first contribution in pypa/gh-action-pypi-publish#151

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.5...v1.8.6

Commits

a56da0b Merge pull request #151 from asherf/trusted
e4b9031 password input is no longer required, since not specifying it implies trusted...
5a085bf Merge pull request #150 from trail-of-forks/tob-doc-tweaks
0811f99 README: small doc tweaks
f47b347 📝🎨 Put OIDC on pedestal @ README
7a1a355 🎨 Show GH environments use in README examples
3b6670b Merge pull request #147 from trail-of-forks/tob-stabilize-oidc
c008c2f README: re-add OIDC note
fe431ff README, oidc-exchange: remove beta references
c542b72 Bump WPS flake8 plugin set to v0.17.0
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.5&new-version=1.8.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7826/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1680579545,PR_kwDOAMm_X85O93j-,7781,Bump codecov/codecov-action from 3.1.2 to 3.1.3,49699333,closed,0,,,0,2023-04-24T06:57:05Z,2023-04-24T10:16:54Z,2023-04-24T10:16:52Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7781,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3.

Release notes

Sourced from codecov/codecov-action's releases.

3.1.3

What's Changed

build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0 by @dependabot in codecov/codecov-action#957

build(deps): bump openpgp from 5.7.0 to 5.8.0 by @dependabot in codecov/codecov-action#958

build(deps-dev): bump @types/node from 18.15.10 to 18.15.12 by @dependabot in codecov/codecov-action#959

fix: allow for aarch64 build by @thomasrockhu-codecov in codecov/codecov-action#960

chore(release): bump to 3.1.3 by @thomasrockhu-codecov in codecov/codecov-action#961

Full Changelog: https://github.com/codecov/codecov-action/compare/v3.1.2...v3.1.3

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.3

Fixes

#960 fix: allow for aarch64 build

Dependencies

#957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0

#958 build(deps): bump openpgp from 5.7.0 to 5.8.0

#959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12

Commits

894ff02 chore(release): bump to 3.1.3 (#961)
f539f97 fix: allow for aarch64 build (#960)
6757614 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12 (#959)
cdee249 build(deps): bump openpgp from 5.7.0 to 5.8.0 (#958)
ce548e9 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0 (#957)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.2&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7781/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1670537301,PR_kwDOAMm_X85OcZKY,7760,Bump codecov/codecov-action from 3.1.1 to 3.1.2,49699333,closed,0,,,0,2023-04-17T06:57:09Z,2023-04-17T10:22:42Z,2023-04-17T10:22:40Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7760,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.1 to 3.1.2.

Release notes

Sourced from codecov/codecov-action's releases.

3.1.2

What's Changed

build(deps): bump node-fetch from 3.2.4 to 3.2.10 by @dependabot in codecov/codecov-action#835

build(deps-dev): bump @types/node from 16.11.40 to 18.13.0 by @dependabot in codecov/codecov-action#911

build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1 by @dependabot in codecov/codecov-action#900

build(deps-dev): bump typescript from 4.7.4 to 4.9.5 by @dependabot in codecov/codecov-action#905

Update README.md by @stefanomunarini in codecov/codecov-action#718

build(deps): bump openpgp from 5.4.0 to 5.5.0 by @dependabot in codecov/codecov-action#819

build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4 by @dependabot in codecov/codecov-action#840

build(deps): bump @actions/core from 1.9.1 to 1.10.0 by @dependabot in codecov/codecov-action#841

build(deps): bump @actions/github from 5.0.3 to 5.1.1 by @dependabot in codecov/codecov-action#843

build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in codecov/codecov-action#896

build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0 by @dependabot in codecov/codecov-action#872

build(deps): bump node-fetch from 3.2.10 to 3.3.0 by @dependabot in codecov/codecov-action#869

build(deps): bump decode-uri-component from 0.2.0 to 0.2.2 by @dependabot in codecov/codecov-action#879

build(deps): bump json5 from 2.2.1 to 2.2.3 by @dependabot in codecov/codecov-action#895

codeql-analysis.yml by @minumulasri in codecov/codecov-action#898

build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2 by @dependabot in codecov/codecov-action#889

build(deps-dev): bump @types/node from 18.13.0 to 18.14.0 by @dependabot in codecov/codecov-action#922

build(deps): bump openpgp from 5.5.0 to 5.7.0 by @dependabot in codecov/codecov-action#924

build(deps-dev): bump @types/node from 18.14.0 to 18.14.2 by @dependabot in codecov/codecov-action#927

Remove unsupported path_to_write_report argument by @jsoref in codecov/codecov-action#851

Update README to contain correct information - inputs and negate feature by @moshe-azaria-sage in codecov/codecov-action#901

build(deps-dev): bump @types/node from 18.14.2 to 18.14.6 by @dependabot in codecov/codecov-action#933

build(deps-dev): bump @types/node from 18.14.6 to 18.15.0 by @dependabot in codecov/codecov-action#937

build(deps-dev): bump @types/node from 18.15.0 to 18.15.5 by @dependabot in codecov/codecov-action#945

build(deps): bump node-fetch from 3.3.0 to 3.3.1 by @dependabot in codecov/codecov-action#938

build(deps-dev): bump @types/node from 18.15.5 to 18.15.6 by @dependabot in codecov/codecov-action#946

build(deps-dev): bump @types/node from 18.15.6 to 18.15.10 by @dependabot in codecov/codecov-action#947

build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in codecov/codecov-action#951

fix: add in all the extra arguments for uploader by @thomasrockhu-codecov in codecov/codecov-action#955

chore(release): bump to 3.1.2 by @thomasrockhu-codecov in codecov/codecov-action#956

New Contributors

@stefanomunarini made their first contribution in codecov/codecov-action#718

@minumulasri made their first contribution in codecov/codecov-action#898

@jsoref made their first contribution in codecov/codecov-action#851

@moshe-azaria-sage made their first contribution in codecov/codecov-action#901

Full Changelog: https://github.com/codecov/codecov-action/compare/v3.1.1...v3.1.2

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.2

Fixes

#718 Update README.md

#851 Remove unsupported path_to_write_report argument

#898 codeql-analysis.yml

#901 Update README to contain correct information - inputs and negate feature

#955 fix: add in all the extra arguments for uploader

Dependencies

#819 build(deps): bump openpgp from 5.4.0 to 5.5.0

#835 build(deps): bump node-fetch from 3.2.4 to 3.2.10

#840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4

#841 build(deps): bump @actions/core from 1.9.1 to 1.10.0

#843 build(deps): bump @actions/github from 5.0.3 to 5.1.1

#869 build(deps): bump node-fetch from 3.2.10 to 3.3.0

#872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0

#879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

#889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2

#895 build(deps): bump json5 from 2.2.1 to 2.2.3

#896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2

#900 build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1

#905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5

#911 build(deps-dev): bump @types/node from 16.11.40 to 18.13.0

#922 build(deps-dev): bump @types/node from 18.13.0 to 18.14.0

#924 build(deps): bump openpgp from 5.5.0 to 5.7.0

#927 build(deps-dev): bump @types/node from 18.14.0 to 18.14.2

#933 build(deps-dev): bump @types/node from 18.14.2 to 18.14.6

#937 build(deps-dev): bump @types/node from 18.14.6 to 18.15.0

#938 build(deps): bump node-fetch from 3.3.0 to 3.3.1

#945 build(deps-dev): bump @types/node from 18.15.0 to 18.15.5

#946 build(deps-dev): bump @types/node from 18.15.5 to 18.15.6

#947 build(deps-dev): bump @types/node from 18.15.6 to 18.15.10

#951 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3

Commits

40a12dc chore(release): bump to 3.1.2 (#956)
030a000 fix: add in all the extra arguments for uploader (#955)
91e1847 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#951)
cc7fb3f build(deps-dev): bump @types/node from 18.15.6 to 18.15.10 (#947)
fee4896 build(deps-dev): bump @types/node from 18.15.5 to 18.15.6 (#946)
ddd8c1b build(deps): bump node-fetch from 3.3.0 to 3.3.1 (#938)
76e2f52 build(deps-dev): bump @types/node from 18.15.0 to 18.15.5 (#945)
9b87723 build(deps-dev): bump @types/node from 18.14.6 to 18.15.0 (#937)
13d8b07 build(deps-dev): bump @types/node from 18.14.2 to 18.14.6 (#933)
4b062cb Update README to contain correct information - inputs and negate feature (#901)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.1&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7760/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1660336993,PR_kwDOAMm_X85N6TPB,7743,Bump pypa/gh-action-pypi-publish from 1.8.4 to 1.8.5,49699333,closed,0,,,0,2023-04-10T06:56:58Z,2023-04-10T14:40:29Z,2023-04-10T14:40:28Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7743,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.4 to 1.8.5.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.5

What's Improved

@woodruffw improved the user-facing documentation and logging to make use of the Trusted Publishing flow terminology cohesive with PyPI in pypa/gh-action-pypi-publish#143. Trusted Publishing used to be referred to as OpenID Connect (OIDC) — the underlying technology that is being used to make it work. He also made the action display the cause of the Trusted Publishing flow being selected by the action via pypa/gh-action-pypi-publish#142.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.4...v1.8.5

Commits

0bf742b Merge pull request #143 from trail-of-forks/tob-rewrite-oidc-refs
30c3822 oidc-exchange: another link
89ddbea README: retitle, add note
a0f29a5 Apply suggestions from code review
0b567d5 oidc-exchange, twine-upload: remove more OIDC refs
4372cb5 README: replace OIDC with "trusted publishing"
69efb8c Merge pull request #142 from trail-of-forks/tob-indicate-oidc
dfde872 Apply suggestions from code review
3d567f4 twine-upload: expound
67b747a oidc-exchange: more explanation
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.4&new-version=1.8.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7743/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1651454408,PR_kwDOAMm_X85NdS1C,7709,Bump pypa/gh-action-pypi-publish from 1.8.3 to 1.8.4,49699333,closed,0,,,0,2023-04-03T06:56:57Z,2023-04-03T18:08:17Z,2023-04-03T18:08:16Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7709,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.3 to 1.8.4.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.4

What's Improved

@hugovk cleaned up the double whitespaces in the OIDC flow logging in pypa/gh-action-pypi-publish#140

@woodruffw added a title and a docs link to the OIDC error output in pypa/gh-action-pypi-publish#139

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.3...v1.8.4

Commits

29930c9 Merge pull request #139 from trail-of-forks/tob-improve-errors
9c859e9 Merge pull request #140 from hugovk/oidc-whitespace
65bf8a8 Remove double spaces
486ec8d oidc-exchange: improve errors
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.3&new-version=1.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7709/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1641499432,PR_kwDOAMm_X85M8MQ-,7682,Bump pypa/gh-action-pypi-publish from 1.8.1 to 1.8.3,49699333,closed,0,,,0,2023-03-27T06:57:15Z,2023-03-27T07:48:25Z,2023-03-27T07:48:23Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7682,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.1 to 1.8.3.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.3

What's New

This release improves the logging detalization of which authentication mode is selected when the action runs. It surfaces this detail to the workflow run summary page as annotations. The change was contributed by @woodruffw in pypa/gh-action-pypi-publish#136.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.2...v1.8.3

v1.8.2

What's Changed

This release started printing out full OIDC error messages to console, instead of just one line -- by @woodruffw in pypa/gh-action-pypi-publish#134.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.1...v1.8.2

Commits

48b317d Merge PR #136 into unstable/v1
ae29550 twine-upload: increase detail on console notices
f3ce18f Merge pull request #134 from trail-of-forks/tob-better-errors
ea29ccc oidc-exchange: avoid splitting the error message
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.8.1&new-version=1.8.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7682/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1631503428,PR_kwDOAMm_X85Ma0Cr,7648,Bump pypa/gh-action-pypi-publish from 1.7.1 to 1.8.1,49699333,closed,0,,,0,2023-03-20T06:57:22Z,2023-03-20T15:57:22Z,2023-03-20T15:57:20Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7648,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.7.1 to 1.8.1.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.1

🐛 What's Fixed

💔 Unfortunately, a tiny mistake in v1.8.0 caused a far-reaching regression for the most used code path. ❗ But don't worry, it's fixed now thanks to @njzjz who promptly spotted it and @zhongjiajie who sent a bugfix.

🙌 New Contributors

@zhongjiajie made their first contribution in pypa/gh-action-pypi-publish#131

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.0...v1.8.1

v1.8.0

The Coolest Release Ever!

In this release, @woodruffw implemented support for secretless OIDC-based publishing to PyPI-like package indexes. The OIDC flow is activated when neither username nor password action inputs are set.

The OIDC “token exchange”, is an authentication technique that PyPI (and TestPyPI, and hopefully some future others) supports as an alternative to long-lived username/password combinations or long-lived API tokens.

IMPORTANT: The PyPI-side configuration is only available to participants of the private beta test. Please, only try out the zero-config mode if you are a beta test participant having followed the PyPI configuration instructions.

Setup prerequisites: https://github.com/marketplace/actions/pypi-publish#publishing-with-openid-connect PyPI's documentation: https://pypi.org/help/#openid-connect Beta test enrollment: pypi/warehouse#12965

New Contributors

@woodruffw made their first contribution in pypa/gh-action-pypi-publish#123

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.7.1...v1.8.0

Commits

a3a3baf 🐛 Merge PR #131 from into unstable/v1
d5417dc 🐛Correct default upload URL
8ef2b3d Merge PR #123 into unstable/v1
2b46bad OIDC beta support
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.7.1&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7648/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1620861791,PR_kwDOAMm_X85L3HDg,7618,Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.7.1,49699333,closed,0,,,0,2023-03-13T06:57:02Z,2023-03-14T03:13:57Z,2023-03-14T03:13:55Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7618,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.6.4 to 1.7.1.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.7.1

Regression?

There was a small setback with v1.7.0 — the snake_case fallbacks didn't work because the check for the kebab-case env vars with default values set was always truthy. This bugfix release promptly fixes that.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.7.0...v1.7.1

v1.7.0

What should I care about?

TL;DR The action input names have been converted to use kebab-case and marked deprecated. But the old names still work.

This is made to align the public API with the de-facto conventions in the ecosystem. We've used snake_case names, which the maintainer considers a historical mistake. New kebab-case inputs will make the end-users' workflows look more consistent and and visually distinguishable from other identifiers one may encounter in YAML.

There is no timeline for removing the old names, but it will happen in v3 or later versions of the action. If the maintainer doesn't forget to do this, that is.

The patch is here: pypa/gh-action-pypi-publish#125.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.5...v1.7.0

v1.6.5

What's Changed

Added an explicit warning when the password passed into the action is empty — thanks @colindean

New Contributors

@colindean made their first contribution in pypa/gh-action-pypi-publish#122

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.4...v1.6.5

Commits

22b4d1f 🐛 Make kebab options fall back for snake_case
7104b6e Merge branch 'maintenance/kebab-case-inputs' into unstable/v1
f131721 🎨 Convert action inputs to use kebab-case
32b5e93 Merge pull request #122 from colindean/empty-token
efcb9ba 🎨 Warn about empty password/token action input
d2ce3ec ⇪ Bump isort to v5.12.0
0eaf3a1 Merge pull request #121 from pypa/dependabot/pip/requirements/cryptography-39...
6a2da9b Bump cryptography from 38.0.4 to 39.0.1 in /requirements
7eb3b70 Merge pull request #119 from pypa/pre-commit-ci-update-config
91e6121 Revert WPS flake8 hook version to 4.0.1
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.6.4&new-version=1.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7618/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1552559345,PR_kwDOAMm_X85ITHT-,7466,Bump mamba-org/provision-with-micromamba from 14 to 15,49699333,closed,0,,,0,2023-01-23T06:01:09Z,2023-01-23T11:26:03Z,2023-01-23T11:26:02Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7466,"Bumps [mamba-org/provision-with-micromamba](https://github.com/mamba-org/provision-with-micromamba) from 14 to 15.

Release notes

Sourced from mamba-org/provision-with-micromamba's releases.

v15

Fix #112 (channels overridden even if empty)

Commits

e2b397b Fix #112 (#113)
160ff6b Bump checkout GHA version in readme example (#105)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mamba-org/provision-with-micromamba&package-manager=github_actions&previous-version=14&new-version=15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7466/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1491047976,PR_kwDOAMm_X85FJZX2,7375,Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.4,49699333,closed,0,,,0,2022-12-12T06:01:07Z,2022-12-12T11:01:12Z,2022-12-12T11:01:11Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7375,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.1 to 1.6.4.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.6.4

oh, boi! again?

This is the last one tonight, promise! It fixes this embarrassing bug that was actually caught by the CI but got overlooked due to the lack of sleep. TL;DR GH passed $HOME from the external env into the container and that tricked the Python's site module to think that the home directory is elsewhere, adding non-existent paths to the env vars. See #115.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.3...v1.6.4

v1.6.3

Another Release!? Why?

In pypa/gh-action-pypi-publish#112, it was discovered that passing a $PATH variable even breaks the shebang. So this version adds more safeguards to make sure it keeps working with a fully broken $PATH.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.2...v1.6.3

v1.6.2

What's Fixed

Made the $PATH and $PYTHONPATH environment variables resilient to broken values passed from the host runner environment, which previously allowed the users to accidentally break the container's internal runtime as reported in pypa/gh-action-pypi-publish#112

Internal Maintenance Improvements

Added a devpi-based smoke-test GitHub Actions CI/CD workflow by @sesdaile-varmour in pypa/gh-action-pypi-publish#111

New Contributors

@sesdaile-varmour made their first contribution in pypa/gh-action-pypi-publish#111

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.1...v1.6.2

v1.6.1

What's happened?!

There was a sneaky bug in v1.6.0 which caused Twine to be outside the import path in the Python runtime. It is fixed in v1.6.1 by updating $PYTHONPATH to point to a correct location of the user-global site-packages/ directory.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.0...v1.6.1

v1.6.0

Anything's changed?

The only update is that the Python runtime has been upgraded from 3.9 to 3.11. There are no functional changes in this release.

Full Changelog: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.2...v1.6.0

v1.5.2

What's Improved

Implemented the Twine transitive dependency tree pinning using pip-tools-generated constraint files. See pypa/gh-action-pypi-publish#107 and pypa/gh-action-pypi-publish#101 for details.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.1...v1.5.2

Commits

c7f29f7 🐛 Override $HOME in the container with /root
644926c 🧪 Always run smoke testing in debug mode
e71a4a4 Add support for verbose bash execusion w/ $DEBUG
e56e821 🐛 Make id always available in twine-upload
c879b84 🐛 Use full path to bash in shebang
57e7d53 🐛Ensure the default $PATH value is pre-loaded
ce291dc 🎨🐛Fix the branch @ pre-commit.ci badge links
102d8ab 🐛 Rehardcode devpi port for GHA srv container
3a9eaef 🐛Use different ports in/out of GHA containers
a01fa74 🐛 Use localhost @ GHA outside the containers
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.5.1&new-version=1.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7375/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1475751357,PR_kwDOAMm_X85ETIqu,7357,Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1,49699333,closed,0,,,1,2022-12-05T06:01:28Z,2022-12-12T06:01:14Z,2022-12-12T06:01:12Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7357,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.1 to 1.6.1.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.6.1

What's happened?!

There was a sneaky bug in v1.6.0 which caused Twine to be outside the import path in the Python runtime. It is fixed in v1.6.1 by updating $PYTHONPATH to point to a correct location of the user-global site-packages/ directory.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.0...v1.6.1

v1.6.0

Anything's changed?

The only update is that the Python runtime has been upgraded from 3.9 to 3.11. There are no functional changes in this release.

Full Changelog: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.2...v1.6.0

v1.5.2

What's Improved

Implemented the Twine transitive dependency tree pinning using pip-tools-generated constraint files. See pypa/gh-action-pypi-publish#107 and pypa/gh-action-pypi-publish#101 for details.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.1...v1.5.2

Commits

5d1679f Use py3.11 user-global site-packages in PYTHONPATH
d2a2496 Switch the runtime from Python 3.9 to Python 3.11
d7edd4c Add user-global site-packages to $PYTHONPATH
8d5f27c Install Twine in the user-global site-packages
b0dc178 Disable pip cache dir with an env var
bbf6e0b Copy requirements to corresponding dir @ container
0b69a8c Document broken pkginfo==1.9.0 transitive dep
c54db9c Integrate pip-tools-generated constraint files
480ec4e Inherit yamllint config from the default preset
5fb2f04 Drop __token__ from README code usage snippets
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.5.1&new-version=1.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7357/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1429306020,PR_kwDOAMm_X85B2xZR,7241,Bump mamba-org/provision-with-micromamba from 12 to 14,49699333,closed,0,,,4,2022-10-31T06:05:14Z,2022-10-31T20:29:05Z,2022-10-31T15:46:14Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7241,"Bumps [mamba-org/provision-with-micromamba](https://github.com/mamba-org/provision-with-micromamba) from 12 to 14.

Release notes

Sourced from mamba-org/provision-with-micromamba's releases.

v14

What's Changed

Add micromamba deinit in post.js by @pavelzw in mamba-org/provision-with-micromamba#89

Fix duplicate options by @jonashaag in mamba-org/provision-with-micromamba#98

New Contributors

@pavelzw made their first contribution in mamba-org/provision-with-micromamba#89

Full Changelog: https://github.com/mamba-org/provision-with-micromamba/compare/v13...v14

v13

Fix channels and channel-priority settings

Support linux-aarch64 and osx-arm64 runners

Support sel(unix)

Commits

f347426 Remove unnecessary options (#98)
e542c7a Update deps (#93)
8aa0e58 Update actions/checkout (#91)
b54d7bb Add micromamba deinit in post.js (#89)
a319a81 Readme updates (#88)
28fa105 add unix for condaArch linux or osx (#85)
bc8e4cc Fix channel priority (#84)
52dc9e6 Delete dist/post.js directory (#83)
87a13a6 use "channels" and not extraChannels (#82)
e198969 Fix await (#78)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mamba-org/provision-with-micromamba&package-manager=github_actions&previous-version=12&new-version=14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7241/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1429305958,PR_kwDOAMm_X85B2xYV,7240,Bump xarray-contrib/issue-from-pytest-log from 0.1 to 1.1,49699333,closed,0,,,0,2022-10-31T06:05:10Z,2022-10-31T09:58:28Z,2022-10-31T09:58:27Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7240,"Bumps [xarray-contrib/issue-from-pytest-log](https://github.com/xarray-contrib/issue-from-pytest-log) from 0.1 to 1.1.

Release notes

Sourced from xarray-contrib/issue-from-pytest-log's releases.

v1.0

Initial release.

This is the same release as v0.1, but using the version v1.0 allows creating a moving tag named v1.

Commits

89ca589 Merge pull request #1 from jrbourbeau/add-more-options
9460ec9 Stringify
63bd7a4 Make issue title and label configurable
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=xarray-contrib/issue-from-pytest-log&package-manager=github_actions&previous-version=0.1&new-version=1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7240/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1362048785,PR_kwDOAMm_X84-X_Se,6991,Bump mamba-org/provision-with-micromamba from 12 to 13,49699333,closed,0,,,9,2022-09-05T14:08:41Z,2022-10-31T06:05:21Z,2022-10-31T06:05:19Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6991,"Bumps [mamba-org/provision-with-micromamba](https://github.com/mamba-org/provision-with-micromamba) from 12 to 13.

Release notes

Sourced from mamba-org/provision-with-micromamba's releases.

v13

Fix channels and channel-priority settings

Support linux-aarch64 and osx-arm64 runners

Support sel(unix)

Commits

a319a81 Readme updates (#88)
28fa105 add unix for condaArch linux or osx (#85)
bc8e4cc Fix channel priority (#84)
52dc9e6 Delete dist/post.js directory (#83)
87a13a6 use "channels" and not extraChannels (#82)
e198969 Fix await (#78)
d90963f Refactoring (#73)
431e55a Add timeouts to GHA workflows (#74)
21e0d20 Merge pull request #71 from mamba-org/aarch64
23fc0a3 Fix mac
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mamba-org/provision-with-micromamba&package-manager=github_actions&previous-version=12&new-version=13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @andersy005. [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6991/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1385474758,PR_kwDOAMm_X84_k5g7,7081,Bump codecov/codecov-action from 3.1.0 to 3.1.1,49699333,closed,0,,,2,2022-09-26T06:04:53Z,2022-09-26T18:54:02Z,2022-09-26T18:54:01Z,CONTRIBUTOR,,0,pydata/xarray/pulls/7081,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.1.

Release notes

Sourced from codecov/codecov-action's releases.

3.1.1

What's Changed

Update deprecation warning by @slifty in codecov/codecov-action#661

Create codeql-analysis.yml by @mitchell-codecov in codecov/codecov-action#593

build(deps): bump node-fetch from 3.2.3 to 3.2.4 by @dependabot in codecov/codecov-action#714

build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by @dependabot in codecov/codecov-action#713

README: fix typo by @Evalir in codecov/codecov-action#712

build(deps): bump github/codeql-action from 1 to 2 by @dependabot in codecov/codecov-action#724

build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0 by @dependabot in codecov/codecov-action#717

fix: Remove a blank row by @johnmanjiro13 in codecov/codecov-action#725

Update README.md with correct badge version by @gsheni in codecov/codecov-action#726

build(deps-dev): bump @types/node from 17.0.25 to 17.0.33 by @dependabot in codecov/codecov-action#729

build(deps-dev): downgrade @types/node to 16.11.35 by @dependabot in codecov/codecov-action#734

build(deps): bump actions/checkout from 2 to 3 by @dependabot in codecov/codecov-action#723

build(deps): bump @actions/github from 5.0.1 to 5.0.3 by @dependabot in codecov/codecov-action#733

build(deps): bump @actions/core from 1.6.0 to 1.8.2 by @dependabot in codecov/codecov-action#732

build(deps-dev): bump @types/node from 16.11.35 to 16.11.36 by @dependabot in codecov/codecov-action#737

Create scorecards-analysis.yml by @mitchell-codecov in codecov/codecov-action#633

build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by @dependabot in codecov/codecov-action#749

fix: add more verbosity to validation by @thomasrockhu-codecov in codecov/codecov-action#747

build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by @dependabot in codecov/codecov-action#755

Regenerate scorecards-analysis.yml by @mitchell-codecov in codecov/codecov-action#750

build(deps-dev): bump @types/node from 16.11.36 to 16.11.39 by @dependabot in codecov/codecov-action#759

build(deps-dev): bump @types/node from 16.11.39 to 16.11.40 by @dependabot in codecov/codecov-action#762

build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0 by @dependabot in codecov/codecov-action#746

build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in codecov/codecov-action#757

build(deps): bump openpgp from 5.2.1 to 5.3.0 by @dependabot in codecov/codecov-action#760

build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by @dependabot in codecov/codecov-action#748

build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by @dependabot in codecov/codecov-action#766

Switch to v3 by @thomasrockhu in codecov/codecov-action#774

Fix network entry in table by @kevmoo in codecov/codecov-action#783

Trim arguments after splitting them by @mitchell-codecov in codecov/codecov-action#791

build(deps): bump openpgp from 5.3.0 to 5.4.0 by @dependabot in codecov/codecov-action#799

build(deps): bump @actions/core from 1.8.2 to 1.9.1 by @dependabot in codecov/codecov-action#798

Plumb failCi into verification function. by @RobbieMcKinstry in codecov/codecov-action#769

release: update changelog and version to 3.1.1 by @thomasrockhu-codecov in codecov/codecov-action#828

New Contributors

@slifty made their first contribution in codecov/codecov-action#661

@Evalir made their first contribution in codecov/codecov-action#712

@johnmanjiro13 made their first contribution in codecov/codecov-action#725

@gsheni made their first contribution in codecov/codecov-action#726

@kevmoo made their first contribution in codecov/codecov-action#783

@RobbieMcKinstry made their first contribution in codecov/codecov-action#769

Full Changelog: https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.1

Fixes

#661 Update deprecation warning

#593 Create codeql-analysis.yml

#712 README: fix typo

#725 fix: Remove a blank row

#726 Update README.md with correct badge version

#633 Create scorecards-analysis.yml

#747 fix: add more verbosity to validation

#750 Regenerate scorecards-analysis.yml

#774 Switch to v3

#783 Fix network entry in table

#791 Trim arguments after splitting them

#769 Plumb failCi into verification function.

Dependencies

#713 build(deps-dev): bump typescript from 4.6.3 to 4.6.4

#714 build(deps): bump node-fetch from 3.2.3 to 3.2.4

#724 build(deps): bump github/codeql-action from 1 to 2

#717 build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0

#729 build(deps-dev): bump @types/node from 17.0.25 to 17.0.33

#734 build(deps-dev): downgrade @types/node to 16.11.35

#723 build(deps): bump actions/checkout from 2 to 3

#733 build(deps): bump @actions/github from 5.0.1 to 5.0.3

#732 build(deps): bump @actions/core from 1.6.0 to 1.8.2

#737 build(deps-dev): bump @types/node from 16.11.35 to 16.11.36

#749 build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0

#755 build(deps-dev): bump typescript from 4.6.4 to 4.7.3

#759 build(deps-dev): bump @types/node from 16.11.36 to 16.11.39

#762 build(deps-dev): bump @types/node from 16.11.39 to 16.11.40

#746 build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0

#757 build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1

#760 build(deps): bump openpgp from 5.2.1 to 5.3.0

#748 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0

#766 build(deps-dev): bump typescript from 4.7.3 to 4.7.4

#799 build(deps): bump openpgp from 5.3.0 to 5.4.0

#798 build(deps): bump @actions/core from 1.8.2 to 1.9.1

Commits

d9f34f8 release: update changelog and version to 3.1.1 (#828)
0e9e7b4 Plumb failCi into verification function. (#769)
7f20bd4 build(deps): bump @actions/core from 1.8.2 to 1.9.1 (#798)
13bc253 build(deps): bump openpgp from 5.3.0 to 5.4.0 (#799)
5c0da1b Trim arguments after splitting them (#791)
68d5f6d Fix network entry in table (#783)
2a829b9 Switch to v3 (#774)
8e09eaf build(deps-dev): bump typescript from 4.7.3 to 4.7.4 (#766)
39e2229 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 (#748)
b2b7703 build(deps): bump openpgp from 5.2.1 to 5.3.0 (#760)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/7081/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1323874145,PR_kwDOAMm_X848ZvvG,6855,Bump pypa/gh-action-pypi-publish from 1.5.0 to 1.5.1,49699333,closed,0,,,1,2022-08-01T06:06:02Z,2022-08-01T06:35:33Z,2022-08-01T06:35:32Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6855,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.0 to 1.5.1.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.5.1

What's Changed

Fixed printing out the dist hashes when packages_dir is a wildcard value. — by @meowmeowmeowcat in pypa/gh-action-pypi-publish#91

Full Changelog: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.0...v1.5.1

Commits

37f50c2 Merge PR #91
9f0421c Add #StandWithUkraine banner to README
c3fbd68 Remove quotes
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.5.0&new-version=1.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6855/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1300248774,PR_kwDOAMm_X847K2Cr,6770,Bump EnricoMi/publish-unit-test-result-action from 1 to 2,49699333,closed,0,,,0,2022-07-11T06:05:29Z,2022-07-11T06:38:55Z,2022-07-11T06:38:55Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6770,"Bumps [EnricoMi/publish-unit-test-result-action](https://github.com/EnricoMi/publish-unit-test-result-action) from 1 to 2.

Release notes

Sourced from EnricoMi/publish-unit-test-result-action's releases.

v2.0.0-beta.2

Adds the following features:

Support large CDATA in JUnit XML files with ignore_runs

Improved logging of parse errors and tracebacks (#322, #324)

Fix state leakage with ignore_runs (#323)

v2.0.0-beta

Adds the following features:

Minor improvements on warnings and logging.

v2.0.0-alpha

Adds the following features:

Add support for TRX files (#287)

Add support for NUnit and XUnit XML files (#288 and #289)

Move to lxml parsing library (#286)

Upgrade junitparser to 2.7.0

This release contains the following breaking changes:

Default value for option check_name changed from "Unit Test Results" to "Test Results". If check_name is set in your config, this change is not of your concern. Add check_name: "Unit Test Results" to your config, if you want to keep the old name. Otherwise expect comments and checks with old and new name for open pull requests when moving to version 2.

Default value for option comment_title changed from "Unit Test Results" to "Test Results". If either check_name or comment_title is set in your config, this change is not of your concern.

Modes create new and update last removed for option comment_mode. Remove option comment_mode if used with either of these modes.

Option hiding_comments removed. Please remove this option from your config.

Option comment_on_pr removed. Please remove this option from your config.

This release deprecates the following features:

Option files is deprecated, use junit_files instead (#285)

See README.md for further details on moving to version 2.

v1.39

Adds the following features:

Add check-run HTML URL to JSON output (#310)

Add thousands separator to progress log

v1.38

Adds the following features:

Allow to only comment on changes, failures, errors, ... (#248)

Add new comment_modes and deprecate create new and update last

Log file sizes, free memory, and progress reading files (#305)

v1.37

Adds the following features:

Re-arrange layout of PR comments without runs (#280)

Add formatted numbers to JSON (#298)

... (truncated)

Commits

00dc83b Releasing v2.0.0-beta.2
db33277 Log traceback and related exceptions (#324)
a0006c8 Remove static state from DropTestCaseBuilder (#323)
dd6c641 Log the actual exception that caused a ParseError (#322)
58debd1 Remove max-parallel from CI
9dc979d Support large CDATA in JUnit XML files with ignore_runs
7a453e7 Releasing v2.0.0-beta
693d938 Set log level correctly, so invalid values are reported
7167dcf Merge branch 'master' into master-2.x
62b1695 Add files back to action.yml, mark as deprected
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=EnricoMi/publish-unit-test-result-action&package-manager=github_actions&previous-version=1&new-version=2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6770/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1285290840,PR_kwDOAMm_X846Y75E,6729,Bump mamba-org/provision-with-micromamba from de032af7fb3675649f3d4bbdda85178ba412ee41 to 12,49699333,closed,0,,,0,2022-06-27T06:05:47Z,2022-06-27T07:55:26Z,2022-06-27T07:55:25Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6729,"Bumps [mamba-org/provision-with-micromamba](https://github.com/mamba-org/provision-with-micromamba) from de032af7fb3675649f3d4bbdda85178ba412ee41 to 12. This release includes the previously tagged commit.

Release notes

Sourced from mamba-org/provision-with-micromamba's releases.

v12

Add new options channels, condarc-file, channel-priority, log-level, installer-url, condarc-options

Add download caching and environment caching

Support sel(...) selectors in extra-specs

Add support for using inside Docker containers

Allow extra-specs only with no environment-file

Fix Bash + Windows

Commits

34071ca Add autoactivate sanity check (#69)
37cc095 More options (#63)
d77ce72 Add log-level option (#67)
4aceecb Do not ignore PowerShell exit codes (#66)
70349b4 Delete index.js (#64)
4ec73b7 Fix #60: channels both in action arguments and environment file (#62)
See full diff in compare view

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6729/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1268949702,PR_kwDOAMm_X845iWAe,6692,Bump actions/setup-python from 3 to 4,49699333,closed,0,,,0,2022-06-13T06:08:01Z,2022-06-13T06:41:19Z,2022-06-13T06:41:18Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6692,"Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.

Release notes

Sourced from actions/setup-python's releases.

v4.0.0

What's Changed

Support for python-version-file input: #336

Example of usage:
- uses: actions/setup-python@v4
  with:
    python-version-file: '.python-version' # Read python version from a file
- run: python my_script.py
There is no default python version for this setup-python major version, the action requires to specify either python-version input or python-version-file input. If the python-version input is not specified the action will try to read required version from file from python-version-file input.

Use pypyX.Y for PyPy python-version input: #349

Example of usage:
- uses: actions/setup-python@v4
  with:
    python-version: 'pypy3.9' # pypy-X.Y kept for backward compatibility
- run: python my_script.py
RUNNER_TOOL_CACHE environment variable is equal AGENT_TOOLSDIRECTORY: #338

Bugfix: create missing pypyX.Y symlinks: #347

PKG_CONFIG_PATH environment variable: #400

Added python-path output: #405 python-path output contains Python executable path.

Updated zeit/ncc to vercel/ncc package: #393

Bugfix: fixed output for prerelease version of poetry: #409

Made pythonLocation environment variable consistent for Python and PyPy: #418

Bugfix for 3.x-dev syntax: #417

Other improvements: #318 #396 #384 #387 #388

Update actions/cache version to 2.0.2

In scope of this release we updated actions/cache package as the new version contains fixes related to GHES 3.5 (actions/setup-python#382)

Add "cache-hit" output and fix "python-version" output for PyPy

This release introduces new output cache-hit (actions/setup-python#373) and fix python-version output for PyPy (actions/setup-python#365)

The cache-hit output contains boolean value indicating that an exact match was found for the key. It shows that the action uses already existing cache or not. The output is available only if cache is enabled.

... (truncated)

Commits

d09bd5e fix: 3.x-dev can install a 3.y version (#417)
f72db17 Made env.var pythonLocation consistent for Python and PyPy (#418)
53e1529 add support for python-version-file (#336)
3f82819 Fix output for prerelease version of poetry (#409)
397252c Update zeit/ncc to vercel/ncc (#393)
de977ad Merge pull request #412 from vsafonkin/v-vsafonkin/fix-poetry-cache-test
22c6af9 Change PyPy version to rebuild cache
081a3cf Merge pull request #405 from mayeut/interpreter-path
ff70656 feature: add a python-path output
fff15a2 Use pypyX.Y for PyPy python-version input (#349)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6692/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1214014255,PR_kwDOAMm_X842s5dd,6509,Bump codecov/codecov-action from 3.0.0 to 3.1.0,49699333,closed,0,,,0,2022-04-25T06:05:21Z,2022-04-25T15:09:45Z,2022-04-25T15:09:45Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6509,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.0.0 to 3.1.0.

Release notes

Sourced from codecov/codecov-action's releases.

v3.1.0

3.1.0

Features

#699 Incorporate xcode arguments for the Codecov uploader

Dependencies

#694 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4

#696 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25

#698 build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0

Changelog

Sourced from codecov/codecov-action's changelog.

3.1.0

Features

#699 Incorporate xcode arguments for the Codecov uploader

Dependencies

#694 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4

#696 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25

#698 build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0

Commits

81cd2dc Merge pull request #699 from codecov/feat-xcode
a03184e feat: add xcode support
6a6a9ae Merge pull request #694 from codecov/dependabot/npm_and_yarn/vercel/ncc-0.33.4
92a872a Merge pull request #696 from codecov/dependabot/npm_and_yarn/types/node-17.0.25
43a9c18 Merge pull request #698 from codecov/dependabot/npm_and_yarn/jest-junit-13.2.0
13ce822 Merge pull request #690 from codecov/ci-v3
4d6dbaa build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0
98f0f19 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25
d3021d9 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4
2c83f35 Update makefile to v3
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.0.0&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6509/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1199438404,PR_kwDOAMm_X841-cKc,6468,Bump actions/upload-artifact from 2 to 3,49699333,closed,0,,,0,2022-04-11T06:06:08Z,2022-04-11T14:42:24Z,2022-04-11T14:42:23Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6468,"Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.

Release notes

Sourced from actions/upload-artifact's releases.

v3.0.0

What's Changed

Update default runtime to node16 (#293)

Update package-lock.json file version to 2 (#302)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

v2.3.1

Fix for empty fails on Windows failing on upload #281

v2.3.0 Upload Artifact

Optimizations for faster uploads of larger files that are already compressed

Significantly improved logging when there are chunked uploads

Clarifications in logs around the upload size and prohibited characters that aren't allowed in the artifact name or any uploaded files

Various other small bugfixes & optimizations

v2.2.4

Retry on HTTP 500 responses from the service

v2.2.3

Fixes for proxy related issues

v2.2.2

Improved retryability and error handling

v2.2.1

Update used actions/core package to the latest version

v2.2.0

Support for artifact retention

v2.1.4

Add Third Party License Information

v2.1.3

Use updated version of the @action/artifact NPM package

v2.1.2

Increase upload chunk size from 4MB to 8MB

Detect case insensitive file uploads

v2.1.1

Fix for certain symlinks not correctly being identified as directories before starting uploads

v2.1.0

Support for uploading artifacts with multiple paths

Support for using exclude paths

Updates to dependencies

... (truncated)

Commits

6673cd0 Update lockfileVersion in package-lock.json (#302)
2244c82 Update to node16 (#293)
87348ce Add 503 warning when uploading to the same artifact
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6468/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1199438489,PR_kwDOAMm_X841-cLq,6470,Bump codecov/codecov-action from 2.1.0 to 3.0.0,49699333,closed,0,,,0,2022-04-11T06:06:12Z,2022-04-11T14:42:15Z,2022-04-11T14:42:14Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6470,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.1.0 to 3.0.0.

Release notes

Sourced from codecov/codecov-action's releases.

v3.0.0

Breaking Changes

#689 Bump to node16 and small fixes

Features

#688 Incorporate gcov arguments for the Codecov uploader

Dependencies

#548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0

#603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0

#628 build(deps): bump node-fetch from 2.6.1 to 3.1.1

#634 build(deps): bump node-fetch from 3.1.1 to 3.2.0

#636 build(deps): bump openpgp from 5.0.1 to 5.1.0

#652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3

#653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18

#659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1

#667 build(deps): bump actions/checkout from 2 to 3

#673 build(deps): bump node-fetch from 3.2.0 to 3.2.3

#683 build(deps): bump minimist from 1.2.5 to 1.2.6

#685 build(deps): bump @actions/github from 5.0.0 to 5.0.1

#681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23

#682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3

#676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1

#675 build(deps): bump openpgp from 5.1.0 to 5.2.1

Changelog

Sourced from codecov/codecov-action's changelog.

3.0.0

Breaking Changes

#689 Bump to node16 and small fixes

Features

#688 Incorporate gcov arguments for the Codecov uploader

Dependencies

#548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0

#603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0

#628 build(deps): bump node-fetch from 2.6.1 to 3.1.1

#634 build(deps): bump node-fetch from 3.1.1 to 3.2.0

#636 build(deps): bump openpgp from 5.0.1 to 5.1.0

#652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3

#653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18

#659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1

#667 build(deps): bump actions/checkout from 2 to 3

#673 build(deps): bump node-fetch from 3.2.0 to 3.2.3

#683 build(deps): bump minimist from 1.2.5 to 1.2.6

#685 build(deps): bump @actions/github from 5.0.0 to 5.0.1

#681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23

#682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3

#676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1

#675 build(deps): bump openpgp from 5.1.0 to 5.2.1

Commits

e3c5604 Merge pull request #689 from codecov/feat/gcov
174efc5 Update package-lock.json
6243a75 bump to 3.0.0
0d6466f Bump to node16
d4729ee fetch.default
351baf6 fix: bash
d8cf680 Merge pull request #675 from codecov/dependabot/npm_and_yarn/openpgp-5.2.1
b775e90 Merge pull request #676 from codecov/dependabot/npm_and_yarn/actions/exec-1.1.1
2ebc2f0 Merge pull request #682 from codecov/dependabot/npm_and_yarn/typescript-4.6.3
8e2ef2b Merge pull request #681 from codecov/dependabot/npm_and_yarn/types/node-17.0.23
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=2.1.0&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6470/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1199438428,PR_kwDOAMm_X841-cKw,6469,Bump actions/download-artifact from 2 to 3,49699333,closed,0,,,0,2022-04-11T06:06:09Z,2022-04-11T14:41:52Z,2022-04-11T14:41:51Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6469,"Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.

Release notes

Sourced from actions/download-artifact's releases.

v3.0.0

What's Changed

Update default runtime to node16 (actions/download-artifact#134)

Update package-lock.json file version to 2 (actions/download-artifact#136)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

v2.1.0 Download Artifact

Improved output & logging

Fixed issue where downloading all artifacts could cause display percentages to be over 100%

Various small bug fixes & improvements

v2.0.10

Retry on HTTP 500 responses from the service

v2.0.9

Fixes to proxy related issues

v2.0.8

Improvements to retryability if an error is encountered during artifact download

v2.0.7 download-artifact

Improved download retry-ability if a partial download is encountered

v2.0.6

Update actions/core NPM package that is used internally

v2.0.5

Add Third Party License Information

v2.0.4

Use the latest version of the @actions/artifact NPM package

v2.0.3

Misc improvements

v2.0.2

Support for tilde expansion

v2.0.1

Download path output

Improved logging

Commits

fb598a6 Merge pull request #136 from actions/jtamsut/update-lockfile-version
a4a09c5 regenerate index.js
9acf51d regenerate package lock
8821072 upgrade artifact version
b8bbd3b regenerate lockfile
6ee3d96 revert artifact version
d4793f4 update docs for v3
2d338d2 upgrade package to v3
360d083 update dependency on artifact lib
d9b73cc update lock file
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6469/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1182937375,PR_kwDOAMm_X841IVBX,6417,Bump actions/cache from 2 to 3,49699333,closed,0,,,1,2022-03-28T06:05:22Z,2022-03-31T09:25:22Z,2022-03-31T09:25:21Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6417,"Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.

Release notes

Sourced from actions/cache's releases.

v3.0.0

This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

Few dependencies and cache action usage examples have also been updated.

v2.1.7

Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

v2.1.6

Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

v2.1.5

Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

v2.1.4

Make caching more verbose #650

Use GNU tar on macOS if available #701

v2.1.3

Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.

Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

v2.1.2

Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds

No-op when executing on GHES

v2.1.1

Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

v2.1.0

Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently

Display download progress and speed

Commits

4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version
60c606a Update licensed files
b6e9a91 Revert "Updated to the latest version."
c842503 Updated to the latest version.
2b7da2a Bumped up to a major version.
deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example
c7c46bc Merge pull request #707 from duxtland/main
6535c5f Regenerated examples.md TOC
3fdafa4 Update GitHub Actions status badge markdown in README.md
341e6d7 Merge branch 'actions:main' into fix-golang-windows-example
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6417/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1160948233,PR_kwDOAMm_X840BOUc,6338,Bump actions/setup-python from 2 to 3,49699333,closed,0,,,2,2022-03-07T06:05:42Z,2022-03-08T14:58:08Z,2022-03-08T14:58:07Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6338,"Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.

Release notes

Sourced from actions/setup-python's releases.

v3.0.0

What's Changed

Update default runtime to node16 (actions/setup-python#340)

Update package-lock.json file version to 2, @types/node to 16.11.25 and typescript to 4.2.3 (actions/setup-python#341)

Remove legacy pypy2 and pypy3 keywords (actions/setup-python#342)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

This new major release removes support of legacy pypy2 and pypy3 keywords. Please use more specific and flexible syntax to specify a PyPy version:
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version:
        - 'pypy-2.7' # the latest available version of PyPy that supports Python 2.7
        - 'pypy-3.8' # the latest available version of PyPy that supports Python 3.8
        - 'pypy-3.8-v7.3.8' # Python 3.8 and PyPy 7.3.8
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-python@v3
      with:
        python-version: ${{ matrix.python-version }}
See more usage examples in the documentation

Update primary and restore keys for pip

In scope of this release we include a version of python in restore and primary cache keys for pip. Besides, we add temporary fix for Windows caching issue, that the pip cache dir command returns non zero exit code or writes to stderr. Moreover we updated node-fetch dependency.

Update actions/cache version to 1.0.8

We have updated actions/cache dependency version to 1.0.8 to support 10GB cache upload

Support caching dependencies

This release introduces dependency caching support (actions/setup-python#266)

Caching dependencies.

The action has a built-in functionality for caching and restoring pip/pipenv dependencies. The cache input is optional, and caching is turned off by default.

Besides, this release introduces dependency caching support for mono repos and repositories with complex structure.

By default, the action searches for the dependency file (requirements.txt for pip or Pipfile.lock for pipenv) in the whole repository. Use the cache-dependency-path input for cases when you want to override current behaviour and use different file for hash generation (for example requirements-dev.txt). This input supports wildcards or a list of file names for caching multiple dependencies.

Caching pip dependencies:
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
  with:
    python-version: '3.9'
</tr></table> 

... (truncated)

Commits

0ebf233 Remove legacy PyPy input (#342)
665cd78 Update lockfileversion (#341)
93cb78f Update to node16 (#340)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @andersy005. [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6338/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1160948208,PR_kwDOAMm_X840BOUH,6337,Bump actions/checkout from 2 to 3,49699333,closed,0,,,1,2022-03-07T06:05:40Z,2022-03-08T14:28:16Z,2022-03-08T14:28:15Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6337,"Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.

Release notes

Sourced from actions/checkout's releases.

v3.0.0

Update default runtime to node16

v2.4.0

Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

Add missing awaits

Swap to Environment Files

v2.3.3

Remove Unneeded commit information from build logs

Add Licensed to verify third party dependencies

v2.3.2

Add Third Party License Information to Dist Files

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

Changelog

Sourced from actions/checkout's changelog.

Changelog

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line

Add input persist-credentials

Fallback to REST API to download repo

Commits

a12a394 update readme for v3 (#708)
8f9e05e Update to node 16 (#689)
230611d Change secret name for PAT to not start with GITHUB_ (#623)
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @andersy005. [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6337/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1136815628,PR_kwDOAMm_X84ywrBP,6273,Bump actions/github-script from 5 to 6,49699333,closed,0,,,0,2022-02-14T06:04:33Z,2022-02-14T09:05:42Z,2022-02-14T09:05:41Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6273,"Bumps [actions/github-script](https://github.com/actions/github-script) from 5 to 6.

Release notes

Sourced from actions/github-script's releases.

v6.0.0

What's Changed

Update default runtime to node16 by @thboop in actions/github-script#235

Update node-fetch by @joshmgross in actions/github-script#237

Update @actions/core to 1.6.0 by @joshmgross in actions/github-script#238

Breaking Changes

With the update to Node 16 in #235, all scripts will now be run with Node 16 rather than Node 12.

New Contributors

@thboop made their first contribution in actions/github-script#235

Full Changelog: https://github.com/actions/github-script/compare/v5...v6.0.0

v5.1.0

What's Changed

Update to latest versions for dev dependencies by @joshmgross in actions/github-script#204

update plugin dependencies by @PeterNitscheMI in actions/github-script#216

Update licenses and use jonabc/setup-licensed in workflow by @joshmgross in actions/github-script#228

New Contributors

@johan-lindqvist made their first contribution in actions/github-script#201

@ansgarm made their first contribution in actions/github-script#215

@PeterNitscheMI made their first contribution in actions/github-script#216

Full Changelog: https://github.com/actions/github-script/compare/v5.0.0...v5.1.0

Commits

9ac0880 Merge pull request #240 from actions/joshmgross/document-esm
53cdbb4 Merge pull request #239 from actions/joshmgross/v6
6b8d8aa Merge pull request #238 from actions/joshmgross/update-actions-core
6689be4 Merge pull request #237 from actions/joshmgross/audit-fix
5541733 Add an example using ESM import
cd8eebf Release version 6.0.0
72fadf4 Update @actions/core to 1.6.0
d526c04 Update node-fetch license
2c946f1 Run npm audit fix
41e1ab4 Merge pull request #235 from thboop/patch-1
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6273/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1097490618,PR_kwDOAMm_X84wtobJ,6147,Bump pypa/gh-action-pypi-publish from 1.4.2 to 1.5.0,49699333,closed,0,,,0,2022-01-10T06:04:45Z,2022-01-10T08:07:23Z,2022-01-10T08:07:12Z,CONTRIBUTOR,,0,pydata/xarray/pulls/6147,"Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.4.2 to 1.5.0.

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.5.0

What's Changed

Added an action input print_hash for showing the hash values of files to be uploaded — by @meowmeowmeowcat in pypa/gh-action-pypi-publish#87

New Contributors

@pllim made their first contribution in pypa/gh-action-pypi-publish#55

@meowmeowmeowcat made their first contribution in pypa/gh-action-pypi-publish#87

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.4.2...v1.5.0

Commits

717ba43 Trim the trailing whitespaces in print-hash.py
4992a00 Merge pull request #87 from meowmeowmeowcat/show-hash-values
977d067 Fix a bug
5d18baa Drop unnecessary file_iterable var
0575dc8 Refactor the hash helper script to use pathlib and CLI args
8682135 Correct the if-clause for printing the hashes
c83d37b Introduce print_hash in README
777bfc4 Fix the message
ca30c7d Show a message before printing hash values of files
06a2dd6 Fix bug
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.4.2&new-version=1.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/6147/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1007733800,PR_kwDOAMm_X84sSyt3,5826,Bump actions/github-script from 4.1 to 5,49699333,closed,0,,,2,2021-09-27T06:05:00Z,2021-11-01T17:12:14Z,2021-11-01T17:12:12Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5826,"Bumps [actions/github-script](https://github.com/actions/github-script) from 4.1 to 5.

Release notes

Sourced from actions/github-script's releases.

v5.0.0

What's Changed

Upgrade to the latest version of Octokit by @joshmgross in actions/github-script#193

Full Changelog: https://github.com/actions/github-script/compare/v4.1.1...v5.0.0

v4.1.1

What's Changed

Update minor versions of dependencies by @joshmgross in actions/github-script#192

Full Changelog: https://github.com/actions/github-script/compare/v4.1.0...v4.1.1

Commits

441359b Merge pull request #193 from actions/joshmgross/v5
4e1175c Update licenses
004e46f Fix breaking change in workflow test
5e5d515 Upgrade to the latest version of Octokit
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=4.1&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5826/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 1000601456,PR_kwDOAMm_X84r8ft-,5800,Bump codecov/codecov-action from 2.0.3 to 2.1.0,49699333,closed,0,,,1,2021-09-20T06:04:18Z,2021-09-23T18:26:49Z,2021-09-23T18:26:48Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5800,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.3 to 2.1.0.

Release notes

Sourced from codecov/codecov-action's releases.

v2.1.0

2.1.0

Features

#515 Allow specifying version of Codecov uploader

Dependencies

#499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0

#508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0

#514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0

Changelog

Sourced from codecov/codecov-action's changelog.

2.1.0

Features

#515 Allow specifying version of Codecov uploader

Dependencies

#499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0

#508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0

#514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0

Commits

f32b3a3 Merge pull request #515 from codecov/specify-version
72dfd47 Allow specifying version of Codecov uploader
46edaed Merge pull request #499 from codecov/dependabot/npm_and_yarn/vercel/ncc-0.30.0
b6fd8cc Merge pull request #508 from codecov/dependabot/npm_and_yarn/openpgp-5.0.0
07a4e97 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0
c071c70 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
f6d4366 Merge pull request #514 from codecov/dependabot/npm_and_yarn/types/node-16.9.0
2bbefc9 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0
See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=2.0.3&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5800/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 982422703,MDExOlB1bGxSZXF1ZXN0NzIyMTg4MzI3,5747,Bump codecov/codecov-action from 2.0.2 to 2.0.3,49699333,closed,0,,,1,2021-08-30T06:04:14Z,2021-08-30T07:57:54Z,2021-08-30T07:32:37Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5747,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.2 to 2.0.3.

Release notes

Sourced from codecov/codecov-action's releases.

v2.0.3

2.0.3

Fixes

#464 Fix wrong link in the readme

#485 fix: Add override OS and linux default to platform

Dependencies

#447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5

#458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0

#465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1

#466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1

#468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0

#470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0

#472 build(deps): bump path-parse from 1.0.6 to 1.0.7

#473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1

#478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2

#479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2

#481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2

#483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2

#484 build(deps): bump @actions/core from 1.4.0 to 1.5.0

Changelog

Sourced from codecov/codecov-action's changelog.

2.0.3

Fixes

#464 Fix wrong link in the readme

#485 fix: Add override OS and linux default to platform

Dependencies

#447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5

#458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0

#465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1

#466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1

#468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0

#470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0

#472 build(deps): bump path-parse from 1.0.6 to 1.0.7

#473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1

#478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2

#479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2

#481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2

#483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2

#484 build(deps): bump @actions/core from 1.4.0 to 1.5.0

Commits

5a8bb47 Merge pull request #485 from codecov/alternate-os
3e9a281 Merge pull request #481 from codecov/dependabot/npm_and_yarn/types/node-16.6.2
6feb914 chore: Update CHANGELOG
9f40d31 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2
c4e74fe Merge pull request #483 from codecov/dependabot/npm_and_yarn/vercel/ncc-0.29.2
6ba3fb3 Merge pull request #479 from codecov/dependabot/npm_and_yarn/typescript-eslin...
7efb9be build(deps-dev): bump @typescript-eslint/eslint-plugin
514990d build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2
cd6db5e Merge pull request #484 from codecov/dependabot/npm_and_yarn/actions/core-1.5.0
678cc77 Merge pull request #478 from codecov/dependabot/npm_and_yarn/typescript-eslin...
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=2.0.2&new-version=2.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5747/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 976663865,MDExOlB1bGxSZXF1ZXN0NzE3NTI2NjM0,5730,Bump actions/github-script from 4.0.2 to 4.1,49699333,closed,0,,,1,2021-08-23T06:04:14Z,2021-08-23T19:42:21Z,2021-08-23T19:16:21Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5730,"Bumps [actions/github-script](https://github.com/actions/github-script) from 4.0.2 to 4.1.

Release notes

Sourced from actions/github-script's releases.

v4.1.0

What's Changed

Adding @actions/exec to github-script by @bhavanakonchada in actions/github-script#178

Run npm audit and update dev dependencies by @joshmgross in actions/github-script#181

New Contributors

@MichaelDeBoey made their first contribution in actions/github-script#145

@oscard0m made their first contribution in actions/github-script#174

@brcrista made their first contribution in actions/github-script#177

@bhavanakonchada made their first contribution in actions/github-script#178

Full Changelog: https://github.com/actions/github-script/compare/v4.0.2...v4.1.0

Commits

f891eff Merge pull request #181 from actions/joshmgross/update-dependencies
4343407 Update dev dependencies
ab3c97f Run npm audit fix
e02270e Merge pull request #178 from bhavanakonchada/bhavanakonchada-exec
c07f5aa Placed the exe.dep.yml file at the right location
49d397a updated package-lock.json to reflect v2
6f9b9a8 Merge branch 'bhavanakonchada-exec' of https://github.com/bhavanakonchada/git...
6456c11 Adding @actions/exec
a832578 Added license file for @actions/exec
771c6cc updated readme.md
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=4.0.2&new-version=4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5730/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 957781045,MDExOlB1bGxSZXF1ZXN0NzAxMTUwNzM3,5663,Bump styfle/cancel-workflow-action from 0.9.0 to 0.9.1,49699333,closed,0,,,2,2021-08-02T06:05:09Z,2021-08-02T10:46:13Z,2021-08-02T10:19:32Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5663,"Bumps [styfle/cancel-workflow-action](https://github.com/styfle/cancel-workflow-action) from 0.9.0 to 0.9.1.

Release notes

Sourced from styfle/cancel-workflow-action's releases.

0.9.1

Patches

Fix: cancelling jobs from different repos where two branches have the same name: #105

Fix: use getBooleanInput instead of getInput: #92

Chore: add permissions configuration in the README.md: #96

Chore: add prettier config, format file, add lint workflow: #63

Chore: create dependabot.yml: #68

Bump typescript from 4.1.5 to 4.2.4: #71

Bump actions/setup-node requirement to v2.1.5: #69

Bump @vercel/ncc to 0.28.3: #73

Bump @actions/core from 1.2.6 to 1.2.7: #74

Bump @vercel/ncc from 0.28.3 to 0.28.5: #81

Bump @actions/core from 1.2.7 to 1.3.0: #90

Bump prettier from 2.2.1 to 2.3.0: #85

Bump @vercel/ncc from 0.28.5 to 0.28.6: #95

Bump typescript from 4.2.4 to 4.3.2: #94

Bump prettier from 2.3.0 to 2.3.1: #97

Bump typescript from 4.3.2 to 4.3.4: #99

Bump prettier from 2.3.1 to 2.3.2: #100

Bump typescript from 4.3.4 to 4.3.5: #101

Bump husky from 6.0.0 to 7.0.0: #102

Bump husky from 7.0.0 to 7.0.1: #103

Credits

Huge thanks to @mikehardy, @MichaelDeBoey, @Warashi, @adrienbernede, and @spaceface777 for helping!

Commits

a40b884 0.9.1
a66ae1f fix cancelling jobs from different repos where two branches have the same nam...
b54f1a5 Bump husky from 7.0.0 to 7.0.1 (#103)
cc6225c Bump husky from 6.0.0 to 7.0.0 (#102)
c94109d Bump typescript from 4.3.4 to 4.3.5 (#101)
fc3581b Bump prettier from 2.3.1 to 2.3.2 (#100)
6f9f8b4 Bump typescript from 4.3.2 to 4.3.4 (#99)
6135c0f Bump prettier from 2.3.0 to 2.3.1 (#97)
531a036 chore: add permissions configuration in the README.md (#96)
1f10757 Bump typescript from 4.2.4 to 4.3.2 (#94)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=styfle/cancel-workflow-action&package-manager=github_actions&previous-version=0.9.0&new-version=0.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5663/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 952536671,MDExOlB1bGxSZXF1ZXN0Njk2NzE1NjM1,5633,Bump codecov/codecov-action from 1 to 2.0.2,49699333,closed,0,,,1,2021-07-26T06:05:38Z,2021-07-26T07:01:58Z,2021-07-26T06:42:26Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5633,"Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 2.0.2.

Release notes

Sourced from codecov/codecov-action's releases.

v2.0.2

Fixes

Underlying uploader fixes issues with tokens not being sent properly for users seeing Error!: Error: Error uploading to https://codecov.io: Error: Error uploading to Codecov: Error: Not Found

#432 fix: use import to destructure package.json

#434 fix: openpgp and asn1.js

#440 2.0.2 token fixes

Dependencies

#420 Bump eslint from 7.30.0 to 7.31.0

#433 build(deps-dev): bump @types/node from 16.3.3 to 16.4.0

#425 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.3 to 4.28.4

#426 build(deps-dev): bump @typescript-eslint/parser from 4.28.3 to 4.28.4

#438 Set up Dependabot for github-actions dependencies

v2.0.1

Fixes

#424 fix: Issue in building all deep dependencies

v2.0.0

On February 1, 2022, the v1 uploader will be full sunset and no longer function. This is due to the deprecation of the underlying bash uploader. This version uses the new uploader.

The v2 Action downloads, verifies, and runs the Codecov binary.

Breaking Changes

Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably many of the functionalities and gcov_ arguments have been removed. Please check the documentation for the full list.

Features

dry-run argument allows Codecov flow without uploading reports to Codecov

(Enterprise only) slug allows specifying the repository slug manually

(Enterprise only) url allows changing the upload host

v1.5.2

1.5.2

Fixes

fix: Import version properly as string not object

v1.5.1

1.5.1

Fixes

#320 doc: add github actions badge

#336 Update bash uploader to 1.0.3

#339 fix: Add action version

Dependencies

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

2.0.2

Fixes

Underlying uploader fixes issues with tokens not being sent properly for users seeing Error!: Error: Error uploading to https://codecov.io: Error: Error uploading to Codecov: Error: Not Found

#440 fix: Validation ordering

2.0.1

Fixes

#424 fix: Issue in building all deep dependencies

2.0.0

On February 1, 2022, the v1 uploader will be full sunset and no longer function. This is due to the deprecation of the underlying bash uploader. This version uses the new uploader.

The v2 Action downloads, verifies, and runs the Codecov binary.

Breaking Changes

Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably many of the functionalities and gcov_ arguments have been removed. Please check the documentation for the full list.

Features

dry-run argument allows Codecov flow without uploading reports to Codecov

(Enterprise only) slug allows specifying the repository slug manually

(Enterprise only) url allows changing the upload host

1.5.2

Fixes

fix: Import version properly as string not object

1.5.1

Fixes

#320 doc: add github actions badge

#336 Update bash uploader to 1.0.3

#339 fix: Add action version

Dependencies

#302 Bump @typescript-eslint/eslint-plugin from 4.22.0 to 4.22.1

#303 Bump @typescript-eslint/parser from 4.22.0 to 4.22.1

#304 Bump ts-jest from 26.5.5 to 26.5.6

#309 Bump lodash from 4.17.19 to 4.17.21

#310 Bump hosted-git-info from 2.8.8 to 2.8.9

#311 Bump @actions/github from 4.0.0 to 5.0.0

#314 Bump eslint from 7.25.0 to 7.27.0

#315 Bump @actions/core from 1.2.7 to 1.3.0

#316 Bump @typescript-eslint/parser from 4.22.1 to 4.25.0

#317 Bump @typescript-eslint/eslint-plugin from 4.22.1 to 4.25.0

#319 Bump jest-junit from 12.0.0 to 12.1.0

#321 Bump typescript from 4.2.4 to 4.3.2

#323 Bump ws from 7.3.1 to 7.4.6

... (truncated)

Commits

51d8108 Merge pull request #440 from codecov/2.0.2-token-fixes
88c796d Merge pull request #438 from mmorel-35/chore/dependabot
0bbb082 fix: Update validation
53f686a fix: Update validation
6ab08a7 Bump to 2.0.2
f2242e1 Merge pull request #425 from codecov/dependabot/npm_and_yarn/typescript-eslin...
fc2878a build(deps-dev): bump @typescript-eslint/eslint-plugin
e00e953 Merge pull request #426 from codecov/dependabot/npm_and_yarn/typescript-eslin...
8dcb1d2 Merge pull request #433 from codecov/dependabot/npm_and_yarn/types/node-16.4.0
c5857ba Merge pull request #434 from RA80533/fix/openpgp
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=1&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5633/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 867404084,MDExOlB1bGxSZXF1ZXN0NjIzMDgwNDM1,5218,Bump pre-commit/action from v2.0.2 to v2.0.3,49699333,closed,0,,,5,2021-04-26T08:11:20Z,2021-04-27T03:33:46Z,2021-04-27T03:33:44Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5218,"Bumps [pre-commit/action](https://github.com/pre-commit/action) from v2.0.2 to v2.0.3.

Release notes

Sourced from pre-commit/action's releases.

pre-commit/action@v2.0.3

Fixes

push compatibility with actions/checkout@v2 which checks out the branch

#97 PR by @jackton1.

Commits

9b88afc Deployed to github pages
See full diff in compare view

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5218/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 867403935,MDExOlB1bGxSZXF1ZXN0NjIzMDgwMzAw,5217,Bump actions/github-script from v3 to v4.0.2,49699333,closed,0,,,3,2021-04-26T08:11:12Z,2021-04-27T02:57:37Z,2021-04-27T02:57:36Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5217,"Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.2.

Release notes

Sourced from actions/github-script's releases.

Update @actions/core package

This release updates the @actions/core package to 1.2.7 - actions/github-script#137

Commits

a3e7071 Merge pull request #137 from actions/joshgross/update-actions-core
3858e71 Update license for @actions/core
2b34a68 Update @actions/core to 1.2.7
85e88a6 Merge pull request #136 from actions/search-cwd-first
5cbb702 v4.0.1
1ef7fd0 Remove require search fallback
a49bf6b Search the cwd first, then existing module paths
95fb649 Merge pull request #135 from actions/wrap-require
2923e50 Run build script
b616178 Merge branch 'wrap-require' of https://github.com/actions/github-script into ...
Additional commits viewable in compare view

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5217/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 857967048,MDExOlB1bGxSZXF1ZXN0NjE1Mjk5NDEx,5158,Bump styfle/cancel-workflow-action from 0.8.0 to 0.9.0,49699333,closed,0,,,1,2021-04-14T14:40:13Z,2021-04-14T15:47:46Z,2021-04-14T15:47:44Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5158,"Bumps [styfle/cancel-workflow-action](https://github.com/styfle/cancel-workflow-action) from 0.8.0 to 0.9.0.

Release notes

Sourced from styfle/cancel-workflow-action's releases.

0.9.0

Minor Changes

Add all_but_latest flag - cancel all workflows but the latest: #35

Cleanup all_but_latest: #67

Credits

Huge thanks to @thomwiggers for helping!

Commits

89f242e 0.9.0
1f01010 Cleanup all_but_latest (#67)
1adde81 Optionally cancel all workflows but the latest (#35)
See full diff in compare view

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5158/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull 857967009,MDExOlB1bGxSZXF1ZXN0NjE1Mjk5Mzc3,5157,Bump pre-commit/action from v2.0.0 to v2.0.2,49699333,closed,0,,,1,2021-04-14T14:40:11Z,2021-04-14T15:25:27Z,2021-04-14T15:25:25Z,CONTRIBUTOR,,0,pydata/xarray/pulls/5157,"Bumps [pre-commit/action](https://github.com/pre-commit/action) from v2.0.0 to v2.0.2.

Release notes

Sourced from pre-commit/action's releases.

pre-commit/action@v2.0.2

retag of 2.0.1 but on the proper branch

pre-commit/action@v2.0.1

Fixes

Avoid failures if cache saving fails

#54 PR by @s-weigand

#53 issue by @s-weigand

Commits

9cf68dc Deployed to github pages
12c0cba Deployed to github pages
686243b Deployed to github pages
5b6c59a Deployed to github pages
23933a8 Deployed to github pages
ba03328 Deployed to github pages
055fa4e Deployed to github pages
2fcbdbb Deployed to github pages
8ba276b Deployed to github pages
34072ce Deployed to github pages
See full diff in compare view

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

","{""url"": ""https://api.github.com/repos/pydata/xarray/issues/5157/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,,13221727,pull