github-actions[bot]
commented
2 weeks ago Dependency Review
✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|---|---|---|
| actions/actions/attest-build-provenance | ef244123eb79f2f7a7e75d99086184180e6d0018 | Unknown | Unknown |
Scanned Files
- .github/workflows/push-tag.yml
This PR contains the following updates:
v1.4.3->v1.4.4Release Notes
actions/attest-build-provenance (actions/attest-build-provenance)
### [`v1.4.4`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.4.4) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.4.3...v1.4.4) ##### What's Changed - Bump predicate action from 1.1.3 to 1.1.4 by [@bdehamer](https://redirect.github.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/310](https://redirect.github.com/actions/attest-build-provenance/pull/310) - Bump [@actions/core](https://redirect.github.com/actions/core) from 1.10.1 to 1.11.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/attest-build-provenance/pull/275](https://redirect.github.com/actions/attest-build-provenance/pull/275) - Bump [@actions/attest](https://redirect.github.com/actions/attest) from 1.4.2 to 1.5.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [https://github.com/actions/attest-build-provenance/pull/309](https://redirect.github.com/actions/attest-build-provenance/pull/309) - Fix SLSA provenance bug related to `workflow_ref` OIDC token claims containing the "@" symbol in the tag [https://github.com/actions/toolkit/pull/1863](https://redirect.github.com/actions/toolkit/pull/1863)l/1863) **Full Changelog**: https://github.com/actions/attest-build-provenance/compare/v1.4.3...v1.4.4Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.