build(deps): bump actions/attest from 4.1.0 to 4.1.1#181
build(deps): bump actions/attest from 4.1.0 to 4.1.1#181dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/attest](https://github.com/actions/attest) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/attest/releases) - [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md) - [Commits](actions/attest@59d8942...a1948c3) --- updated-dependencies: - dependency-name: actions/attest dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Code Coverage OverviewLanguages: TypeScript TypeScript / code-coverage/arkorThe overall coverage remains at 99%, unchanged from the branch. TypeScript / code-coverage/create-arkorThe overall coverage remains at 56%, unchanged from the branch. TypeScript / code-coverage/cli-internalThe overall coverage remains at 97%, unchanged from the branch. TypeScript / code-coverage/studio-appThe overall coverage remains at 53%, unchanged from the branch. Updated |
There was a problem hiding this comment.
Pull request overview
This PR updates the pinned actions/attest GitHub Action used in the release build workflow from v4.1.0 to v4.1.1 (by commit SHA), keeping the supply-chain posture of pinning actions to immutable SHAs.
Changes:
- Bump
actions/attestfrom59d8942…(v4.1.0) toa1948c3…(v4.1.1) for tarball attestations. - Bump
actions/attestfrom59d8942…(v4.1.0) toa1948c3…(v4.1.1) for SBOM attestations.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Bumps actions/attest from 4.1.0 to 4.1.1.
Release notes
Sourced from actions/attest's releases.
Commits
a1948c3Bump@sigstore/ocifrom 0.6.1 to 0.7.1 (#432)b21da33Bump csv-parse from 5.6.0 to 6.2.1 (#414)d811ccfBump actions/checkout from 6.0.3 to 7.0.0 (#431)2e48bd5Bump the npm-development group across 1 directory with 4 updates (#433)4ad76f8Bump markdown-it and markdownlint-cli (#425)701ae0bBump tar from 7.5.11 to 7.5.17 (#429)a8f22caBump form-data from 4.0.5 to 4.0.6 (#428)01540afBump typescript from 5.9.3 to 6.0.3 (#407)5ec407fBump github/codeql-action in the actions-minor group (#422)08210f8Bump the npm-development group across 1 directory with 8 updates (#419)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)