[PR #293] [MERGED] chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 #2253

New Issue

Closed

opened 2026-05-03 05:58:09 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-05-03 05:58:09 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/newt/pull/293
Author: @dependabot[bot]
Created: 4/6/2026
Status: ✅ Merged
Merged: 4/6/2026
Merged by: @marcschaeferger

Base: main ← Head: dependabot/github_actions/actions/attest-build-provenance-4.1.0

---

📝 Commits (1)

• 3f32c9e chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 .github/workflows/cicd.yml (+2 -2)

📄 Description

Bumps actions/attest-build-provenance from 3.2.0 to 4.1.0.

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Update RELEASE.md docs by @​bdehamer in actions/attest-build-provenance#836
• Bump actions/attest from 4.0.0 to 4.1.0 by @​bdehamer in actions/attest-build-provenance#838
  • Bump @actions/attest from 3.0.0 to 3.1.0 by @​bdehamer in actions/attest#362
  • Bump @actions/attest from 3.1.0 to 3.2.0 by @​bdehamer in actions/attest#365
  • Add new subject-version input for inclusion in storage record by @​bdehamer in actions/attest#364
  • Add storage record content to README by @​bdehamer in actions/attest#366

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0

v4.0.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Prepare v4 release by @​bdehamer in actions/attest-build-provenance#835

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0

Commits

• a2bbfa2 bump actions/attest from 4.0.0 to 4.1.0 (#838)
• 0856891 update RELEASE.md docs (#836)
• e4d4f7c prepare v4 release (#835)
• 02a49bd Bump github/codeql-action in the actions-minor group (#824)
• 7c757df Bump the npm-development group with 2 updates (#825)
• c44148e Bump github/codeql-action in the actions-minor group (#818)
• 3234352 Bump @​types/node from 25.0.10 to 25.2.0 in the npm-development group (#819)
• 18db129 Bump tar from 7.5.6 to 7.5.7 (#816)
• 90fadfa Bump @​actions/core from 2.0.1 to 2.0.2 in the npm-production group (#799)
• 57db8ba Bump the npm-development group across 1 directory with 3 updates (#808)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/newt/pull/293 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/6/2026 **Status:** ✅ Merged **Merged:** 4/6/2026 **Merged by:** [@marcschaeferger](https://github.com/marcschaeferger) **Base:** `main` ← **Head:** `dependabot/github_actions/actions/attest-build-provenance-4.1.0` --- ### 📝 Commits (1) - [`3f32c9e`](https://github.com/fosrl/newt/commit/3f32c9e8ef86048af9326638dfe961bf9cf83b17) chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/cicd.yml` (+2 -2) </details> ### 📄 Description Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3.2.0 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/attest-build-provenance/releases">actions/attest-build-provenance's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <blockquote> <p>[!NOTE] As of version 4, <code>actions/attest-build-provenance</code> is simply a wrapper on top of <a href="https://github.com/actions/attest"><code>actions/attest</code></a>.</p> <p>Existing applications may continue to use the <code>attest-build-provenance</code> action, but new implementations should use <code>actions/attest</code> instead.</p> </blockquote> <h2>What's Changed</h2> <ul> <li>Update RELEASE.md docs by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/836">actions/attest-build-provenance#836</a></li> <li>Bump <code>actions/attest</code> from 4.0.0 to 4.1.0 by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/838">actions/attest-build-provenance#838</a> <ul> <li>Bump <code>@actions/attest</code> from 3.0.0 to 3.1.0 by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/362">actions/attest#362</a></li> <li>Bump <code>@actions/attest</code> from 3.1.0 to 3.2.0 by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/365">actions/attest#365</a></li> <li>Add new <code>subject-version</code> input for inclusion in storage record by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/364">actions/attest#364</a></li> <li>Add storage record content to README by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/366">actions/attest#366</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0">https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0</a></p> <h2>v4.0.0</h2> <blockquote> <p>[!NOTE] As of version 4, <code>actions/attest-build-provenance</code> is simply a wrapper on top of <a href="https://github.com/actions/attest"><code>actions/attest</code></a>.</p> <p>Existing applications may continue to use the <code>attest-build-provenance</code> action, but new implementations should use <code>actions/attest</code> instead.</p> </blockquote> <h2>What's Changed</h2> <ul> <li>Prepare v4 release by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/835">actions/attest-build-provenance#835</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0">https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32"><code>a2bbfa2</code></a> bump actions/attest from 4.0.0 to 4.1.0 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/838">#838</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385"><code>0856891</code></a> update RELEASE.md docs (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/836">#836</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99"><code>e4d4f7c</code></a> prepare v4 release (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/835">#835</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578"><code>02a49bd</code></a> Bump github/codeql-action in the actions-minor group (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/824">#824</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/7c757df4145fcd233331998e58b20b422c833a00"><code>7c757df</code></a> Bump the npm-development group with 2 updates (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/825">#825</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/c44148e5bf178192efd8947e07a0d439a356c60b"><code>c44148e</code></a> Bump github/codeql-action in the actions-minor group (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/818">#818</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/32343527f2ec94583cf7b31280de0f60dc9f0bf9"><code>3234352</code></a> Bump <code>@​types/node</code> from 25.0.10 to 25.2.0 in the npm-development group (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/819">#819</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/18db12979d4cecda10c1cf295bcb159f3e59866d"><code>18db129</code></a> Bump tar from 7.5.6 to 7.5.7 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/816">#816</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/90fadfae6ba2e2ef59f8d38e61ec3cf16443a18e"><code>90fadfa</code></a> Bump <code>@​actions/core</code> from 2.0.1 to 2.0.2 in the npm-production group (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/799">#799</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/57db8ba356515a4c8608990f2aa27a6972235ccc"><code>57db8ba</code></a> Bump the npm-development group across 1 directory with 3 updates (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/808">#808</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/attest-build-provenance/compare/96278af6caaf10aea03fd8d33a09a777ca52d62f...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-05-03 05:58:09 -05:00

GiteaMirror closed this issue 2026-05-03 05:58:10 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/prod-patch-updates-6805a9e229

dependabot/go_modules/golang.zx2c4.com/wireguard/windows-1.0.1

dependabot/docker/minor-updates-1134f52710

dev

fix-nix

dependabot/github_actions/actions/setup-go-6.4.0

dependabot/github_actions/docker/build-push-action-7.1.0

dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.0

dependabot/github_actions/softprops/action-gh-release-3.0.0

logging-provision

1.12.3

1.12.2

v1.12.2

1.12.1

v1.12.1

1.12.0

v1.12.0

v1.12.0-rc.1

1.12.0-rc.0

1.11.0

v1.11.0

1.10.4

1.10.3

v1.10.3

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

dependencies

enhancement

good first issue

help wanted

Improvement

needs investigating

pull-request

Mirrored from GitHub Pull Request

stale

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#2253