From e4a184528d0be53bdda023249c4c2a6c39ed2c48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 20:51:12 +0000 Subject: [PATCH] chore(deps): bump anchore/sbom-action from 0.14.1 to 0.20.9 Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.1 to 0.20.9. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/422cb34a0f8b599678c41b21163ea6088edb2624...8e94d75ddd33f69f691467e42275782e4bfefe84) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.9 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e0e68ca..be49a44 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,12 +37,12 @@ jobs: tag: ${{ github.ref }} overwrite: true asset_name: slsa-provenance.json - - uses: anchore/sbom-action@422cb34a0f8b599678c41b21163ea6088edb2624 # ratchet:anchore/sbom-action@v0.14.1 + - uses: anchore/sbom-action@8e94d75ddd33f69f691467e42275782e4bfefe84 # ratchet:anchore/sbom-action@v0.20.9 with: artifact-name: sbom.spdx.json github-token: ${{ secrets.RELEASE_TOKEN }} - name: publish SBOM assets - uses: anchore/sbom-action/publish-sbom@422cb34a0f8b599678c41b21163ea6088edb2624 # ratchet:anchore/sbom-action/publish-sbom@v0.14.1 + uses: anchore/sbom-action/publish-sbom@8e94d75ddd33f69f691467e42275782e4bfefe84 # ratchet:anchore/sbom-action/publish-sbom@v0.20.9 with: sbom-artifact-match: ".*\\.spdx\\.json$" github-token: ${{ secrets.RELEASE_TOKEN }}