Skip to content

Bump actions/attest from 4.1.0 to 4.1.1#87

Merged
dorssel merged 1 commit into
mainfrom
dependabot/github_actions/actions/attest-4.1.1
Jun 29, 2026
Merged

Bump actions/attest from 4.1.0 to 4.1.1#87
dorssel merged 1 commit into
mainfrom
dependabot/github_actions/actions/attest-4.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/attest from 4.1.0 to 4.1.1.

Release notes

Sourced from actions/attest's releases.

v4.1.1

What's Changed

Full Changelog: actions/attest@v4.1.0...v4.1.1

Commits
  • a1948c3 Bump @​sigstore/oci from 0.6.1 to 0.7.1 (#432)
  • b21da33 Bump csv-parse from 5.6.0 to 6.2.1 (#414)
  • d811ccf Bump actions/checkout from 6.0.3 to 7.0.0 (#431)
  • 2e48bd5 Bump the npm-development group across 1 directory with 4 updates (#433)
  • 4ad76f8 Bump markdown-it and markdownlint-cli (#425)
  • 701ae0b Bump tar from 7.5.11 to 7.5.17 (#429)
  • a8f22ca Bump form-data from 4.0.5 to 4.0.6 (#428)
  • 01540af Bump typescript from 5.9.3 to 6.0.3 (#407)
  • 5ec407f Bump github/codeql-action in the actions-minor group (#422)
  • 08210f8 Bump the npm-development group across 1 directory with 8 updates (#419)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/attest](https://github.com/actions/attest) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](actions/attest@59d8942...a1948c3)

---
updated-dependencies:
- dependency-name: actions/attest
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies github_actions Pull requests that update GitHub Actions code labels Jun 29, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/attest a1948c3f048ba23858d222213b7c278aabede763 UnknownUnknown

Scanned Files

  • .github/workflows/dotnet.yml

@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (7427a09) to head (b5923dc).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff            @@
##              main       #87   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           37        37           
  Branches         3         3           
=========================================
  Hits            37        37           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

@github-actions

Copy link
Copy Markdown
Contributor

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 5 0 0 0.05s
✅ ACTION zizmor 5 0 0 3.27s
✅ EDITORCONFIG editorconfig-checker 43 0 0 0.06s
✅ JSON jsonlint 2 0 0 0.11s
✅ JSON prettier 2 0 0 0.44s
✅ JSON v8r 2 0 0 3.49s
✅ MARKDOWN markdownlint 1 0 0 0.6s
✅ MARKDOWN markdown-table-formatter 1 0 0 0.28s
✅ REPOSITORY checkov yes no no 20.96s
✅ REPOSITORY gitleaks yes no no 0.15s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 47.68s
✅ REPOSITORY osv-scanner yes no no 0.45s
✅ REPOSITORY secretlint yes no no 1.09s
✅ REPOSITORY syft yes no no 2.29s
✅ REPOSITORY trivy-sbom yes no no 1.55s
✅ REPOSITORY trufflehog yes no no 4.23s
✅ XML xmllint 14 0 0 0.7s
✅ YAML prettier 10 0 0 0.69s
✅ YAML v8r 10 0 0 8.4s
✅ YAML yamllint 10 0 0 0.61s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@dorssel dorssel merged commit ebdd50c into main Jun 29, 2026
9 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/actions/attest-4.1.1 branch June 29, 2026 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant