chore(deps): Bump actions/attest-build-provenance from 3 to 4

[dependabot]

Bumps actions/attest-build-provenance from 3 to 4.

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.0.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Prepare v4 release by @​bdehamer in actions/attest-build-provenance#835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

v3.2.0

What's Changed

• Bump @​actions/core from 1.11.1 to 2.0.1 by @​dependabot[bot] in actions/attest-build-provenance#776
• Add more documentation on Artifact Metadata Storage Records by @​malancas in actions/attest-build-provenance#797
• Update actions/attest to latest version v3.2.0 by @​malancas in actions/attest-build-provenance#812

Full Changelog: actions/attest-build-provenance@v3.1.0...v3.2.0

v3.1.0

What's Changed

• Prepare v3 release by @​bdehamer in actions/attest-build-provenance#697
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in actions/attest-build-provenance#749
• Bump tar from 7.5.1 to 7.5.2 by @​dependabot[bot] in actions/attest-build-provenance#753
• Bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in actions/attest-build-provenance#754
• Bump @​types/node from 24.10.1 to 25.0.2 by @​dependabot[bot] in actions/attest-build-provenance#774
• Bump @​actions/attest from 1.6.0 to 2.0.0 by @​dependabot[bot] in actions/attest-build-provenance#736
• Bump @​actions/attest from 2.0.0 to 2.1.0 by @​dependabot[bot] in actions/attest-build-provenance#775
• Add support for creating artifact metadata storage records by @​malancas in actions/attest-build-provenance#779

New Contributors

• @​malancas made their first contribution in actions/attest-build-provenance#779

Full Changelog: actions/attest-build-provenance@v3...v3.1.0

Commits

• a2bbfa2 bump actions/attest from 4.0.0 to 4.1.0 (#838)
• 0856891 update RELEASE.md docs (#836)
• e4d4f7c prepare v4 release (#835)
• 02a49bd Bump github/codeql-action in the actions-minor group (#824)
• 7c757df Bump the npm-development group with 2 updates (#825)
• c44148e Bump github/codeql-action in the actions-minor group (#818)
• 3234352 Bump @​types/node from 25.0.10 to 25.2.0 in the npm-development group (#819)
• 18db129 Bump tar from 7.5.6 to 7.5.7 (#816)
• 90fadfa Bump @​actions/core from 2.0.1 to 2.0.2 in the npm-production group (#799)
• 57db8ba Bump the npm-development group across 1 directory with 3 updates (#808)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 CI must pass

Wonderful, this rule succeeded.

All CI checks must pass. This protection prevents manual merges that bypass the merge queue.

• check-success = coverage
• check-success = msrv (stable minus 1 releases)
• check-success = msrv (stable minus 2 releases)
• check-success = msrv (stable minus 3 releases)
• check-success = msrv (stable minus 4 releases)
• check-success = msrv (stable)
• check-success = quality
• check-success = test
• check-success = test-cross-platform (macos-latest, macOS)
• check-success = test-cross-platform (ubuntu-latest, Linux)
• check-success = test-cross-platform (windows-latest, Windows)

🟢 Do not merge outdated PRs

Wonderful, this rule succeeded.

Make sure PRs are within 10 commits of the base branch before merging

• #commits-behind <= 10

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 165d70a.

🟢 All jobs passed!

But CI Insights is watching 👀

[unclesp1d3r]

@dependabot recreate

[mergify]

Automatically approved by Mergify

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-14 08:40 UTC · Rule: default
• ✅ Checks passed · on draft merge queue: embarking main (dc2577e), #139 and #138 together #145
• ✅ Merged — 2026-03-14 08:50 UTC · at 165d70abfea325efa04da42a4b90529239669609

This pull request spent 10 minutes 1 second in the queue, including 9 minutes 39 seconds running CI.

Required conditions to merge

• check-success = coverage
• check-success = msrv (stable minus 1 releases)
• check-success = msrv (stable minus 2 releases)
• check-success = msrv (stable minus 3 releases)
• check-success = msrv (stable minus 4 releases)
• check-success = msrv (stable)
• check-success = quality
• check-success = test
• check-success = test-cross-platform (macos-latest, macOS)
• check-success = test-cross-platform (ubuntu-latest, Linux)
• check-success = test-cross-platform (windows-latest, Windows)
• all of [🛡 Merge Protections rule CI must pass]:
  • check-success = coverage
  • check-success = msrv (stable minus 1 releases)
  • check-success = msrv (stable minus 2 releases)
  • check-success = msrv (stable minus 3 releases)
  • check-success = msrv (stable minus 4 releases)
  • check-success = msrv (stable)
  • check-success = quality
  • check-success = test
  • check-success = test-cross-platform (macos-latest, macOS)
  • check-success = test-cross-platform (ubuntu-latest, Linux)
  • check-success = test-cross-platform (windows-latest, Windows)
• all of [🛡 Merge Protections rule Do not merge outdated PRs]:
  • #commits-behind <= 10
    • chore(deps): Bump actions/attest-build-provenance from 3 to 4 #138
• all of [🛡 Merge Protections rule Enforce conventional commit]:
  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:
    • chore(deps): Bump actions/attest-build-provenance from 3 to 4 #138
• any of [🛡 GitHub repository ruleset rule main]:
  • check-neutral = Mergify Merge Protections
  • check-skipped = Mergify Merge Protections
  • check-success = Mergify Merge Protections