ci(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0

[dependabot]

Bumps actions/attest-build-provenance from 3.2.0 to 4.1.0.

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Update RELEASE.md docs by @​bdehamer in actions/attest-build-provenance#836
• Bump actions/attest from 4.0.0 to 4.1.0 by @​bdehamer in actions/attest-build-provenance#838
  • Bump @actions/attest from 3.0.0 to 3.1.0 by @​bdehamer in actions/attest#362
  • Bump @actions/attest from 3.1.0 to 3.2.0 by @​bdehamer in actions/attest#365
  • Add new subject-version input for inclusion in storage record by @​bdehamer in actions/attest#364
  • Add storage record content to README by @​bdehamer in actions/attest#366

Full Changelog: actions/attest-build-provenance@v4.0.0...v4.1.0

v4.0.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Prepare v4 release by @​bdehamer in actions/attest-build-provenance#835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

Commits

• a2bbfa2 bump actions/attest from 4.0.0 to 4.1.0 (#838)
• 0856891 update RELEASE.md docs (#836)
• e4d4f7c prepare v4 release (#835)
• 02a49bd Bump github/codeql-action in the actions-minor group (#824)
• 7c757df Bump the npm-development group with 2 updates (#825)
• c44148e Bump github/codeql-action in the actions-minor group (#818)
• 3234352 Bump @​types/node from 25.0.10 to 25.2.0 in the npm-development group (#819)
• 18db129 Bump tar from 7.5.6 to 7.5.7 (#816)
• 90fadfa Bump @​actions/core from 2.0.1 to 2.0.2 in the npm-production group (#799)
• 57db8ba Bump the npm-development group across 1 directory with 3 updates (#808)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1179

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	175.16 MB	175.16 MB	+215 B (+0%)	🔼
linux/arm64	167.63 MB	167.63 MB	259 B (0%)	🔽

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	23		0	0	0.65s
✅ DOCKERFILE	hadolint	3		0	0	0.79s
✅ GHERKIN	gherkin-lint	6		0	0	2.65s
✅ JSON	npm-package-json-lint	yes		no	no	0.54s
✅ JSON	prettier	21	4	0	0	0.62s
✅ JSON	v8r	21		0	0	8.63s
✅ MARKDOWN	markdownlint	12	0	0	0	1.03s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.23s
✅ REPOSITORY	checkov	yes		no	no	18.61s
✅ REPOSITORY	gitleaks	yes		no	no	0.61s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	31.51s
✅ REPOSITORY	secretlint	yes		no	no	0.96s
✅ REPOSITORY	syft	yes		no	no	1.95s
✅ REPOSITORY	trivy	yes		no	no	5.53s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.25s
✅ REPOSITORY	trufflehog	yes		no	no	2.31s
⚠️ SPELL	lychee	83		1	0	11.81s
✅ YAML	prettier	31	0	0	0	1.09s
✅ YAML	v8r	31		0	0	9.15s
✅ YAML	yamllint	31		0	0	0.71s

Detailed Issues

⚠️ SPELL / lychee - 1 error

[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....123
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........1

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1179

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	555.57 MB	555.57 MB	+102 B (+0%)	🔼
linux/arm64	509.75 MB	509.75 MB	269 B (0%)	🔽

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1179

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	696.87 MB	696.87 MB	64 B (0%)	🔽
linux/arm64	677.68 MB	677.68 MB	75 B (0%)	🔽

[github-actions]

Test Results

 12 files   - 1   12 suites   - 1   17m 54s ⏱️ - 2m 44s
 32 tests  - 1   32 ✅  - 1  0 💤 ±0  0 ❌ ±0 
136 runs   - 1  136 ✅  - 1  0 💤 ±0  0 ❌ ±0 

Results for commit 2fc1ddd. ± Comparison against base commit f1a8c9a.

♻️ This comment has been updated with latest results.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud