This is an automated email from the ASF dual-hosted git repository.
johnbam pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sedona.git
The following commit(s) were added to refs/heads/master by this push:
new 52776044db [CI] Pin pypa/gh-action-pypi-publish to allowed commit hash
(#2817)
52776044db is described below
commit 52776044db1772272f01a461ad86393afa593fc7
Author: Jia Yu <[email protected]>
AuthorDate: Tue Mar 31 02:29:21 2026 -0700
[CI] Pin pypa/gh-action-pypi-publish to allowed commit hash (#2817)
---
.github/linters/zizmor.yml | 1 -
.github/workflows/python-wheel.yml | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/.github/linters/zizmor.yml b/.github/linters/zizmor.yml
index c2dd066be7..0da493ec91 100644
--- a/.github/linters/zizmor.yml
+++ b/.github/linters/zizmor.yml
@@ -21,7 +21,6 @@ rules:
policies:
actions/*: any
github/*: any
- pypa/gh-action-pypi-publish: any
r-lib/actions/check-r-package: any
r-lib/actions/setup-r: any
r-lib/actions/setup-r-dependencies: any
diff --git a/.github/workflows/python-wheel.yml
b/.github/workflows/python-wheel.yml
index c84fd5c2ba..38c69a3f5f 100644
--- a/.github/workflows/python-wheel.yml
+++ b/.github/workflows/python-wheel.yml
@@ -127,5 +127,5 @@ jobs:
done
echo "Content copied to dist."
- name: Publish package to PyPI
- uses: pypa/gh-action-pypi-publish@release/v1
+ uses:
pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
# repository_url: https://test.pypi.org/legacy/ # to test
