github-actions[bot]
commented
3 weeks ago Dependency Review
β No vulnerabilities or license issues or OpenSSF Scorecard issues found.
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|---|---|---|
| actions/actions/attest-build-provenance | bdd51370e0416ac948727f861e03c2f05d32d78e | Unknown | Unknown |
| actions/actions/attest-build-provenance | f8d5ea8082b0d9f5ab855907be308fbd7eefb155 | Unknown | Unknown |
Scanned Manifest Files
.github/workflows/push-tag.yml
- actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e
- actions/attest-build-provenance@f8d5ea8082b0d9f5ab855907be308fbd7eefb155
This PR contains the following updates:
v1.1.0->v1.3.2Release Notes
actions/attest-build-provenance (actions/attest-build-provenance)
### [`v1.3.2`](https://togithub.com/actions/attest-build-provenance/releases/tag/v1.3.2) [Compare Source](https://togithub.com/actions/attest-build-provenance/compare/v1.3.1...v1.3.2) #### What's Changed - Bump actions/attest from 1.3.1 to 1.3.2 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/123](https://togithub.com/actions/attest-build-provenance/pull/123) - Increase timeout for OCI operations **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.3.1...v1.3.2 ### [`v1.3.1`](https://togithub.com/actions/attest-build-provenance/releases/tag/v1.3.1) [Compare Source](https://togithub.com/actions/attest-build-provenance/compare/v1.3.0...v1.3.1) #### What's Changed - Bump actions/attest from 1.3.0 to 1.3.1 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/117](https://togithub.com/actions/attest-build-provenance/pull/117) - Bugfix when detecting support for the referrers API with OCI registries **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.3.0...v1.3.1 ### [`v1.3.0`](https://togithub.com/actions/attest-build-provenance/releases/tag/v1.3.0) [Compare Source](https://togithub.com/actions/attest-build-provenance/compare/v1.2.0...v1.3.0) #### What's Changed - Bump actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/116](https://togithub.com/actions/attest-build-provenance/pull/116) - Switch to new GH provenance [build type](https://actions.github.io/buildtypes/workflow/v1) - Bump actions/attest from 1.2.0 to 1.3.0 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/116](https://togithub.com/actions/attest-build-provenance/pull/116) - Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL - Improved handling of Rekor 409 responses - Bugfix - detection of registries with support for the OCI referrers API **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.2.0...v1.3.0 ### [`v1.2.0`](https://togithub.com/actions/attest-build-provenance/releases/tag/v1.2.0) [Compare Source](https://togithub.com/actions/attest-build-provenance/compare/v1.1.2...v1.2.0) #### What's Changed - Bump actions/attest from 1.1.2 to 1.2.0 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/101](https://togithub.com/actions/attest-build-provenance/pull/101) - Batch processing w/ exponential backoff - Bugfix when pushing attestation to OCI registry **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.1.2...v1.2.0 ### [`v1.1.2`](https://togithub.com/actions/attest-build-provenance/releases/tag/v1.1.2) [Compare Source](https://togithub.com/actions/attest-build-provenance/compare/v1.1.1...v1.1.2) #### What's Changed - Bump actions/attest from 1.1.1 to 1.1.2 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/79](https://togithub.com/actions/attest-build-provenance/pull/79) - Downcase subject name for OCI images - Fix accept header when retrieving image manifest - Support variants of the Docker Hub registry name **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.1.1...v1.1.2 ### [`v1.1.1`](https://togithub.com/actions/attest-build-provenance/releases/tag/v1.1.1) [Compare Source](https://togithub.com/actions/attest-build-provenance/compare/v1.1.0...v1.1.1) #### What's Changed - Bump actions/attest from v1.1.0 to v1.1.1 by [@bdehamer](https://togithub.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/67](https://togithub.com/actions/attest-build-provenance/pull/67) - Bump [@sigstore/sign](https://togithub.com/sigstore/sign) from 2.3.0 to 2.3.1 - Bump [@sigstore/oci](https://togithub.com/sigstore/oci) from 0.3.0 to 0.3.2 - Include more detail in error logging - Send API errors to GHA debug log - Fix bug preventing failed API requests from being retried **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.1.0...v1.1.1Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.