Merge pull request #402 from atsign-foundation/dependabot/github_actions/github-actions-73a34daf9e

gkc · web-flow · commit 678bfc98c2e2 · 2025-08-29T10:56:43.000+01:00
build(deps): Bump actions/attest-build-provenance from 2.4.0 to 3.0.0 in the github-actions group
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
@@ -134,7 +134,7 @@ jobs:
       run: |
         echo "hashes=$(cat checksums.txt | base64 -w0)" >> "$GITHUB_OUTPUT"
     - name: Attest the release artifacts
-      uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+      uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
       with:
         subject-path: 'dist/**'
     - name: Upload artifact signatures to GitHub Release
