From 9d39c5c353e93bfe4a2ad0c8ae9fdfe43acff543 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Mar 2026 11:42:17 +0000
Subject: [PATCH] bump actions/attest-build-provenance from 3 to 4

Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3 to 4.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ghcr.yml                | 2 +-
 .github/workflows/release-docker-ghcr.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index c755da8..b9803cd 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -64,7 +64,7 @@ jobs:
       
       # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
           subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/release-docker-ghcr.yml b/.github/workflows/release-docker-ghcr.yml
index 697741a..f29d47a 100644
--- a/.github/workflows/release-docker-ghcr.yml
+++ b/.github/workflows/release-docker-ghcr.yml
@@ -78,7 +78,7 @@ jobs:
             if-no-files-found: error
             retention-days: 1
         - name: Generate artifact attestation
-          uses: actions/attest-build-provenance@v3
+          uses: actions/attest-build-provenance@v4
           with:
             subject-name: ${{ env.REGISTRY_IMAGE }}
             subject-digest: ${{ steps.push.outputs.digest }}