Update pypi-publish GitHub Action to v1.13.0 (#578)

santisoler · web-flow · commit 35b7f75af0f8 · 2025-09-04T20:17:39.000Z
Update the version of `gh-action-pypi-publish` used in our workflows
since the last version (v1.12.4) has a known vulnerability discovered by
Zizmor.
diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
@@ -115,7 +115,7 @@ jobs:
       - name: Publish to Test PyPI
         # Only publish to TestPyPI when a PR is merged (pushed to main)
         if: success() && github.event_name == 'push'
-        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
         with:
           repository_url: https://test.pypi.org/legacy/
           # Allow existing releases on test PyPI without errors.
@@ -125,4 +125,4 @@ jobs:
       - name: Publish to PyPI
         # Only publish to PyPI when a release triggers the build
         if: success() && github.event_name == 'release'
-        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
