From 5bb6fe87c44bef5bb4562b9ef4dad49a93546c4f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 4 Jul 2026 00:49:02 +0000 Subject: [PATCH] chore(deps): update all non-major dependencies --- .github/workflows/docker.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6321629c6..847f123f5 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -277,7 +277,7 @@ jobs: - name: Attest provenance for the merged image # Sigstore-signed in-toto attestation, verifiable with: # gh attestation verify oci://ghcr.io/block/buzz: --owner block - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-name: ${{ env.IMAGE_NAME }} subject-digest: ${{ steps.manifest.outputs.digest }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cd59b6bdf..433a9d612 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -614,7 +614,7 @@ jobs: - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: 24.14.0 + node-version: 24.14.1 # Disable dependency caching: a writable cache in this release workflow # (contents: write, feeds a signed installer) is a poisoning vector. pnpm # install runs uncached below.