Fix typos

mihaimaruseac · lwasser · commit e78ad07e6355 · 2025-07-22T15:49:24.000-06:00
Signed-off-by: Mihai Maruseac &lt;mihaimaruseac@google.com&gt;
diff --git a/tutorials/publish-pypi.md b/tutorials/publish-pypi.md
@@ -373,7 +373,7 @@ While publishing from GitHub Action is possible using tokens, we recommend the _
 
 On the usability front, when Trusted Publishing is enabled, users no longer need to manually create API tokens on PyPI and store them in the GitHub release workflow.
 
-On the security front, Trusted Publishing reduces a risk related to the API token being long lived: with API tokens, as soon as an attacker gets access to it, they can publish many packages and versions in your name (dependending on the scope of the token), until you discover the token compromise and rotate the credential. Trusted Publishing avoids this problem by minting very short lived tokens which expire automatically.
+On the security front, Trusted Publishing reduces a risk related to the API token being long lived: with API tokens, as soon as an attacker gets access to it, they can publish many packages and versions in your name (depending on the scope of the token), until you discover the token compromise and rotate the credential. Trusted Publishing avoids this problem by minting very short lived tokens which expire automatically.
 
 For these benefits, it is recommended that users use _only_ the GitHub Actions release workflow to publish packages.
 :::
diff --git a/tutorials/trusted-publishing.md b/tutorials/trusted-publishing.md
@@ -1,5 +1,5 @@
 ---
-:og:description: Learn how to publish your Python package automically via GitHub Actions. This lessons also covers how to do publishing in a secure way by using Trusted Publishing.
+:og:description: Learn how to publish your Python package automatically via GitHub Actions. This lessons also covers how to do publishing in a secure way by using Trusted Publishing.
 :og:title: Setup Trusted Publishing for secure and automated publishing via GitHub Actions
 ---
 
@@ -199,7 +199,7 @@ still need to upload it to PyPI. We could upload the package from the same job,
 but it is better to create a separate one, to maintain separation of concerns.
 This is why in the previous section we uploaded the artifact to the temporary
 storage -- in the new job, we will download the package from there and upload it
-to PyPI. Since this job does nothing else, there is no possiblity that the
+to PyPI. Since this job does nothing else, there is no possibility that the
 package could get compromised before the release.
 
 ### Step 1: Add the upload job
