diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 8efd0ee..dbac00b 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -256,7 +256,7 @@ jobs: # Combined with the cosign signature above and the SBOM # attestation, this completes the supply-chain transparency # bundle for the OCI artifact. - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-digest: ${{ steps.cosign-sign.outputs.digest }} subject-name: ghcr.io/${{ github.repository }}/manifests