From a9ba838ab38f30ffd9a61aaae5fa498c437df9c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 20:43:43 +0000 Subject: [PATCH] chore(deps): bump anchore/sbom-action from 0.14.1 to 0.20.8 Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.1 to 0.20.8. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/422cb34a0f8b599678c41b21163ea6088edb2624...aa0e114b2e19480f157109b9922bda359bd98b90) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.8 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e0e68ca..422cc76 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,12 +37,12 @@ jobs: tag: ${{ github.ref }} overwrite: true asset_name: slsa-provenance.json - - uses: anchore/sbom-action@422cb34a0f8b599678c41b21163ea6088edb2624 # ratchet:anchore/sbom-action@v0.14.1 + - uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # ratchet:anchore/sbom-action@v0.20.8 with: artifact-name: sbom.spdx.json github-token: ${{ secrets.RELEASE_TOKEN }} - name: publish SBOM assets - uses: anchore/sbom-action/publish-sbom@422cb34a0f8b599678c41b21163ea6088edb2624 # ratchet:anchore/sbom-action/publish-sbom@v0.14.1 + uses: anchore/sbom-action/publish-sbom@aa0e114b2e19480f157109b9922bda359bd98b90 # ratchet:anchore/sbom-action/publish-sbom@v0.20.8 with: sbom-artifact-match: ".*\\.spdx\\.json$" github-token: ${{ secrets.RELEASE_TOKEN }}