From b4477c81f1cd8b292de2523ef623a17143662b10 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Feb 2026 07:35:13 +0000
Subject: [PATCH] Bump actions/attest-build-provenance from 3 to 4

Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3 to 4.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/container-image.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
index a5824eb..93bae73 100644
--- a/.github/workflows/container-image.yml
+++ b/.github/workflows/container-image.yml
@@ -55,7 +55,7 @@ jobs:
       contents: read # Read github repository contents (actually required only for private repositories).
       packages: write # Push container images to GitHub Container Registry.
       attestations: write # Push signed build provenance attestations to the GHCR.
-      id-token: write # Required for the actions/attest-build-provenance@v3 action to generate attestations.
+      id-token: write # Required for the actions/attest-build-provenance@v4 action to generate attestations.
 
     steps:
       # Explicitly using the checkout action (instead of relying on docker/build-push-action to do it implicitly)
@@ -160,7 +160,7 @@ jobs:
 
       - name: Generate artifact attestation for GitHub Container Registry
         if: github.event_name != 'pull_request'
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           subject-name: ghcr.io/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
@@ -168,7 +168,7 @@ jobs:
 
       - name: Generate artifact attestation for Docker Hub
         if: github.event_name != 'pull_request'
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           # According to the documentation [^1],
           # "index.docker.io" should be used as the registry portion of the image name when pushing to Docker Hub.