From 5a2ea379cbc0fc6fcb95c53cdeb4da79d22ddb72 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Dec 2022 09:36:08 +0000
Subject: [PATCH 1/6] Bump certifi from 2022.9.24 to 2022.12.7 in /requirements

Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.9.24 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2022.09.24...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements/runtime.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index 40b6ff62..68228822 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -6,7 +6,7 @@
 #
 bleach==5.0.1
     # via readme-renderer
-certifi==2022.9.24
+certifi==2022.12.7
     # via requests
 cffi==1.15.1
     # via cryptography
@@ -36,7 +36,7 @@ more-itertools==9.0.0
     # via jaraco-classes
 pkginfo==1.9.2
     # via
-    #   -r requirements/runtime.in
+    #   -r runtime.in
     #   twine
 pycparser==2.21
     # via cffi
@@ -61,7 +61,7 @@ secretstorage==3.3.3
 six==1.16.0
     # via bleach
 twine==4.0.1
-    # via -r requirements/runtime.in
+    # via -r runtime.in
 urllib3==1.26.13
     # via
     #   requests

From c13a06eb2f9167d9877293c177bb2361e8a9410c Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 2 Jan 2023 20:49:16 +0000
Subject: [PATCH 2/6] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/add-trailing-comma.git: v2.3.0 → v2.4.0](https://github.com/asottile/add-trailing-comma.git/compare/v2.3.0...v2.4.0)
- [github.com/PyCQA/isort.git: 5.10.1 → 5.11.4](https://github.com/PyCQA/isort.git/compare/5.10.1...5.11.4)
- [github.com/python-jsonschema/check-jsonschema.git: 0.18.3 → 0.19.2](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.18.3...0.19.2)
- [github.com/pre-commit/pre-commit-hooks.git: v4.3.0 → v4.4.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.3.0...v4.4.0)
- [github.com/codespell-project/codespell: v2.2.1 → v2.2.2](https://github.com/codespell-project/codespell/compare/v2.2.1...v2.2.2)
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0)
- [github.com/PyCQA/pylint.git: v2.15.3 → v2.15.9](https://github.com/PyCQA/pylint.git/compare/v2.15.3...v2.15.9)
---
 .pre-commit-config.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 28f3d3d9..53c5c9fe 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,12 +4,12 @@ ci:
 
 repos:
 - repo: https://github.com/asottile/add-trailing-comma.git
-  rev: v2.3.0
+  rev: v2.4.0
   hooks:
   - id: add-trailing-comma
 
 - repo: https://github.com/PyCQA/isort.git
-  rev: 5.10.1
+  rev: 5.11.4
   hooks:
   - id: isort
     args:
@@ -21,7 +21,7 @@ repos:
   - id: remove-tabs
 
 - repo: https://github.com/python-jsonschema/check-jsonschema.git
-  rev: 0.18.3
+  rev: 0.19.2
   hooks:
   - id: check-github-actions
   - id: check-github-workflows
@@ -36,7 +36,7 @@ repos:
   - id: check-readthedocs
 
 - repo: https://github.com/pre-commit/pre-commit-hooks.git
-  rev: v4.3.0
+  rev: v4.4.0
   hooks:
   # Side-effects:
   - id: end-of-file-fixer
@@ -61,7 +61,7 @@ repos:
     language_version: python3
 
 - repo: https://github.com/codespell-project/codespell
-  rev: v2.2.1
+  rev: v2.2.2
   hooks:
   - id: codespell
 
@@ -98,7 +98,7 @@ repos:
 
 - repo: https://github.com/PyCQA/flake8.git
   # NOTE: This is kept at v4 for until WPS starts supporting flake v5.
-  rev: 4.0.1  # enforce-version: 4.0.1
+  rev: 6.0.0  # enforce-version: 4.0.1
   hooks:
   - id: flake8
     alias: flake8-only-wps
@@ -127,7 +127,7 @@ repos:
     language_version: python3
 
 - repo: https://github.com/PyCQA/pylint.git
-  rev: v2.15.3
+  rev: v2.15.9
   hooks:
   - id: pylint
     args:

From 91e612128c6eb36bfa9bd31ddcae03eceb63616c Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <sviat@redhat.com>
Date: Mon, 2 Jan 2023 22:21:39 +0100
Subject: [PATCH 3/6] Revert WPS flake8 hook version to 4.0.1

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 53c5c9fe..4e0eddf2 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -98,7 +98,7 @@ repos:
 
 - repo: https://github.com/PyCQA/flake8.git
   # NOTE: This is kept at v4 for until WPS starts supporting flake v5.
-  rev: 6.0.0  # enforce-version: 4.0.1
+  rev: 4.0.1  # enforce-version: 4.0.1
   hooks:
   - id: flake8
     alias: flake8-only-wps

From 6a2da9bc3b4a932e2daeabc60613200d38c902f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 04:41:02 +0000
Subject: [PATCH 4/6] Bump cryptography from 38.0.4 to 39.0.1 in /requirements

Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.4 to 39.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/38.0.4...39.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements/runtime.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index 68228822..03b99f0d 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -14,7 +14,7 @@ charset-normalizer==2.1.1
     # via requests
 commonmark==0.9.1
     # via rich
-cryptography==38.0.4
+cryptography==39.0.1
     # via secretstorage
 docutils==0.19
     # via readme-renderer

From d2ce3ec872b8e7e5190b4b094dd0b7a447c0b266 Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
Date: Fri, 10 Mar 2023 20:27:46 +0100
Subject: [PATCH 5/6] =?UTF-8?q?=E2=87=AA=20Bump=20isort=20to=20v5.12.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous version had a Poetry packaging problem. This patch
fixes that.
---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4e0eddf2..3f39d044 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -9,7 +9,7 @@ repos:
   - id: add-trailing-comma
 
 - repo: https://github.com/PyCQA/isort.git
-  rev: 5.11.4
+  rev: 5.12.0
   hooks:
   - id: isort
     args:

From efcb9babc8c755fa5eaf7e581749c61995268ba7 Mon Sep 17 00:00:00 2001
From: Colin Dean <colin.dean@target.com>
Date: Thu, 23 Feb 2023 11:11:08 -0500
Subject: [PATCH 6/6] =?UTF-8?q?=F0=9F=8E=A8=20Warn=20about=20empty=20passw?=
 =?UTF-8?q?ord/token=20action=20input?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes #25.
---
 twine-upload.sh | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/twine-upload.sh b/twine-upload.sh
index 74fe0850..f2c6aa5e 100755
--- a/twine-upload.sh
+++ b/twine-upload.sh
@@ -23,15 +23,25 @@ if [[
     ! "$INPUT_PASSWORD" =~ ^pypi-
   ]]
 then
-    echo \
-        ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
-        POTENTIALLY INVALID TOKEN \
-        '<< ':: \
-        It looks like you are trying to use an API token to \
-        authenticate in the package index and your token value does \
-        not start with '"pypi-"' as it typically should. This may \
-        cause an authentication error. Please verify that you have \
-        copied your token properly if such an error occurs.
+    if [[ -z "$INPUT_PASSWORD" ]]; then
+        echo \
+            ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
+            EMPTY TOKEN \
+            '<< ':: \
+            It looks like you have not passed a password or it \
+            is otherwise empty. Please verify that you have passed it \
+            directly or, preferably, through a secret.
+    else
+        echo \
+            ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
+            POTENTIALLY INVALID TOKEN \
+            '<< ':: \
+            It looks like you are trying to use an API token to \
+            authenticate in the package index and your token value does \
+            not start with '"pypi-"' as it typically should. This may \
+            cause an authentication error. Please verify that you have \
+            copied your token properly if such an error occurs.
+    fi
 fi
 
 if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \