Skip to content

Commit e2bfccc

Browse files
dependabot[bot]dependabot[bot]
authored
chore(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 (#4450)
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.0 to 2.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/attest-build-provenance/releases">actions/attest-build-provenance's releases</a>.</em></p> <blockquote> <h2>v2.2.2</h2> <h2>What's Changed</h2> <ul> <li>Bump predicate action from 1.1.4 to 1.1.5 by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/485">actions/attest-build-provenance#485</a> <ul> <li>Bump <code>@​actions/attest</code> from 1.5.0 to 1.6.0 by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/484">actions/attest-build-provenance#484</a> <ul> <li>Update buildSLSAProvenancePredicate to populate <code>workflow.ref</code> field from the <code>ref</code> claim in the OIDC token (<a href="https://redirect.github.com/actions/toolkit/pull/1969">actions/toolkit#1969</a>)</li> </ul> </li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest-build-provenance/compare/v2.2.1...v2.2.2">https://github.com/actions/attest-build-provenance/compare/v2.2.1...v2.2.2</a></p> <h2>v2.2.1</h2> <h2>What's Changed</h2> <ul> <li>Bump undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/457">actions/attest-build-provenance#457</a></li> <li>Bump <code>@​octokit/request-error</code> from 5.0.1 to 5.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/469">actions/attest-build-provenance#469</a></li> <li>Bump <code>@​octokit/request</code> from 8.2.0 to 8.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/478">actions/attest-build-provenance#478</a></li> <li>Bump actions/attest from 2.2.0 to 2.2.1 by <a href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest-build-provenance/pull/481">actions/attest-build-provenance#481</a> <ul> <li>Includes <code>@actions/attest</code> <a href="https://github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md#160">v1.6.0</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest-build-provenance/compare/v2.2.0...v2.2.1">https://github.com/actions/attest-build-provenance/compare/v2.2.0...v2.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/attest-build-provenance/commit/bd77c077858b8d561b7a36cbe48ef4cc642ca39d"><code>bd77c07</code></a> bump predicate from 1.1.4 to 1.1.5 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/485">#485</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/1176ef556905f349f669722abf30bce1a6e16e01"><code>1176ef5</code></a> bump <code>@​actions/attest</code> from 1.5.0 to 1.6.0 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/484">#484</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/f9eaf234fc1c2e333c1eca18177db0f44fa6ba52"><code>f9eaf23</code></a> Bump actions/attest from 2.2.0 to 2.2.1 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/481">#481</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/f1321eccb7f66405fe3db013137d2d645e6bc45a"><code>f1321ec</code></a> Bump <code>@​octokit/request</code> from 8.2.0 to 8.4.1 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/478">#478</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/d8181f545adc18f9aedfb731c23660cb00dc737d"><code>d8181f5</code></a> Bump the npm-development group with 6 updates (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/476">#476</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/1f22f30822a16ae9e0becf164e213808ab322d24"><code>1f22f30</code></a> Bump <code>@​octokit/request-error</code> from 5.0.1 to 5.1.1 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/469">#469</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/6e5e68c5f71bfc58cbaa918885e585e490479796"><code>6e5e68c</code></a> Bump the npm-development group with 4 updates (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/471">#471</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/555f5b7e366d4d3179de3d1e8859906f6883b2d4"><code>555f5b7</code></a> Bump the npm-development group with 6 updates (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/465">#465</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/2d4fa84118ec070aeab0f526278616ad48b05f47"><code>2d4fa84</code></a> Bump the npm-development group with 2 updates (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/461">#461</a>)</li> <li><a href="https://github.com/actions/attest-build-provenance/commit/ccf3390dd421ed6d05e0f1eb4e39c701e20c300b"><code>ccf3390</code></a> Bump undici from 5.28.4 to 5.28.5 (<a href="https://redirect.github.com/actions/attest-build-provenance/issues/457">#457</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/attest-build-provenance/compare/520d128f165991a6c774bcb264f323e3d70747f4...bd77c077858b8d561b7a36cbe48ef4cc642ca39d">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/attest-build-provenance&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent e68ea93 commit e2bfccc

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ jobs:
4545
- name: Attest
4646
if: ${{ steps.release.outputs.releases_created == 'true' }}
4747
id: attest
48-
uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
48+
uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2
4949
with:
5050
subject-path: '${{ github.workspace }}/lambdas/functions/**/*.zip'
5151
- name: Update release notes with attestation

0 commit comments

Comments
 (0)