build(deps): Bump actions/attest-sbom from 2.2.0 to 4.0.0 (#285)

dependabot[bot] · web-flow · commit 1fda11ad0117 · 2026-03-17T11:29:32.000-07:00
Bumps [actions/attest-sbom](https://github.com/actions/attest-sbom) from 2.2.0 to 4.0.0. - [Release notes](https://github.com/actions/attest-sbom/releases) - [Changelog](https://github.com/actions/attest-sbom/blob/main/RELEASE.md) - [Commits](actions/attest-sbom@115c3be...07e74fc) --- updated-dependencies: - dependency-name: actions/attest-sbom dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -40,7 +40,7 @@ jobs:
 
       - name: Attest SBOM
         if: github.event_name == 'release'
-        uses: actions/attest-sbom@115c3be05ff3974bcbd596578934b3f9ce39bf68 # v2.2.0
+        uses: actions/attest-sbom@07e74fc4e78d1aad915e867f9a094073a9f71527 # v4.0.0
         with:
           subject-path: sbom.spdx.json
           sbom-path: sbom.spdx.json
