Bump actions/attest-build-provenance from 1.4.4 to 2.0.1 (#191)

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
JSPaste · Dec 9, 2024 · 5fbec52 · 5fbec52
1 parent 5903e69
commit 5fbec52
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -105,7 +105,7 @@ jobs:
 
       - if: ${{ inputs.artifact-action == 'build-release' }}
         name: Attest artifact
-        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
+        uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
         with:
           subject-path: |
             dist/*.tar.gz
@@ -188,7 +188,7 @@ jobs:
 
       - if: ${{ inputs.image-action == 'build-release' }}
         name: Attest image
-        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
+        uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
         with:
           subject-name: "${{ env.REGISTRY }}/${{ steps.build-image.outputs.image }}"
           subject-digest: ${{ steps.push-image.outputs.digest }}