chore(deps): update actions/attest-build-provenance action to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/attest-build-provenance	action	major	v3 → v4

---

Release Notes

actions/attest-build-provenance (actions/attest-build-provenance)

v4

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Note

Low Risk
Low risk workflow-only change that swaps the build provenance attestation action version; main risk is a CI/release pipeline break if the new action has incompatible inputs/behavior.

Overview
Updates the release workflow to generate build provenance using actions/attest@v4 instead of actions/attest-build-provenance@v3, keeping the same conditional execution and dist/* subject path for attestations.

^{Written by Cursor Bugbot for commit b358b24. This will update automatically on new commits. Configure here.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.07%. Comparing base (4c42260) to head (b358b24).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #232   +/-   ##
=======================================
  Coverage   86.07%   86.07%           
=======================================
  Files           7        7           
  Lines         474      474           
  Branches       91       91           
=======================================
  Hits          408      408           
  Misses         40       40           
  Partials       26       26           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Free Tier Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable autofix in the Cursor dashboard.}

[cursor]

Wrong action used for attest-build-provenance update

Medium Severity

The PR updates actions/attest-build-provenance from v3 to v4, but the diff replaces it with actions/attest@v4 instead of actions/attest-build-provenance@v4. Those are different actions; the intended change is actions/attest-build-provenance@v4.