Upgrade: [dependabot] - bump actions/attest-build-provenance from 3.2.0 to 4.1.0
Type: Pull Request
State: Open
![dependabot[bot]](https://github.com/dependabot.png){kind=small}
dependabot[bot]Association: Unknown
Comments: 7
(3 months ago)
(3 months ago)
dependencies github_actions
Bumps actions/attest-build-provenance from 3.2.0 to 4.1.0.
Release notes
Sourced from actions/attest-build-provenance's releases.
v4.1.0
[!NOTE] As of version 4,
actions/attest-build-provenanceis simply a wrapper on top ofactions/attest.Existing applications may continue to use the
attest-build-provenanceaction, but new implementations should useactions/attestinstead.What's Changed
- Update RELEASE.md docs by
@bdehamerin actions/attest-build-provenance#836- Bump
actions/attestfrom 4.0.0 to 4.1.0 by@bdehamerin actions/attest-build-provenance#838
- Bump
@actions/attestfrom 3.0.0 to 3.1.0 by@bdehamerin actions/attest#362- Bump
@actions/attestfrom 3.1.0 to 3.2.0 by@bdehamerin actions/attest#365- Add new
subject-versioninput for inclusion in storage record by@bdehamerin actions/attest#364- Add storage record content to README by
@bdehamerin actions/attest#366Full Changelog: https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0
v4.0.0
[!NOTE] As of version 4,
actions/attest-build-provenanceis simply a wrapper on top ofactions/attest.Existing applications may continue to use the
attest-build-provenanceaction, but new implementations should useactions/attestinstead.What's Changed
- Prepare v4 release by
@bdehamerin actions/attest-build-provenance#835Full Changelog: https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0
Commits
a2bbfa2bump actions/attest from 4.0.0 to 4.1.0 (#838)0856891update RELEASE.md docs (#836)e4d4f7cprepare v4 release (#835)02a49bdBump github/codeql-action in the actions-minor group (#824)7c757dfBump the npm-development group with 2 updates (#825)c44148eBump github/codeql-action in the actions-minor group (#818)3234352Bump@types/nodefrom 25.0.10 to 25.2.0 in the npm-development group (#819)18db129Bump tar from 7.5.6 to 7.5.7 (#816)90fadfaBump@actions/corefrom 2.0.1 to 2.0.2 in the npm-production group (#799)57db8baBump the npm-development group across 1 directory with 3 updates (#808)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
actions/attest-build-provenance
actions
3.2.0 → 4.1.0
Major
Technical Details
| ID: | 14172908 |
| UUID: | 4002228749 |
| Node ID: | PR_kwDOQ1RxZM7G4x0F |
| Host: | GitHub |
| Repository: | NHSDigital/eps-devcontainers |