build(deps): bump actions/attest-build-provenance from 1 to 2 in the ci group

[dependabot]

Bumps the ci group with 1 update: actions/attest-build-provenance.

Updates actions/attest-build-provenance from 1 to 2

Release notes

Sourced from actions/attest-build-provenance's releases.

v2.0.0

The attest-build-provenance action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

• Bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot in actions/attest-build-provenance#319
• Prepare v2.0.0 release by @​bdehamer in actions/attest-build-provenance#321
  • Bump actions/attest from 1.4.1 to 2.0.0 (w/ multi-subject attestation support)

Full Changelog: actions/attest-build-provenance@v1.4.4...v2.0.0

v1.4.4

What's Changed

• Bump predicate action from 1.1.3 to 1.1.4 by @​bdehamer in actions/attest-build-provenance#310
  • Bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in actions/attest-build-provenance#275
  • Bump @​actions/attest from 1.4.2 to 1.5.0 by @​bdehamer in actions/attest-build-provenance#309
    • Fix SLSA provenance bug related to workflow_ref OIDC token claims containing the "@" symbol in the tag name (actions/toolkit#1863)

Full Changelog: actions/attest-build-provenance@v1.4.3...v1.4.4

v1.4.3

What's Changed

• Bump predicate from 1.1.2 to 1.1.3 by @​bdehamer in actions/attest-build-provenance#226
  • Bump @​actions/attest from 1.3.1 to 1.4.1 by @​dependabot in actions/attest-build-provenance#212
  • Bump @​actions/attest from 1.4.1 to 1.4.2 by @​bdehamer in actions/attest-build-provenance#225
  • Fix bug w/ customized OIDC issuer URL for enterprise accounts (#222)

Full Changelog: actions/attest-build-provenance@v1.4.2...v1.4.3

v1.4.2

What's Changed

• Bump actions/attest from 1.4.0 to 1.4.1 by @​bdehamer in actions/attest-build-provenance#209
  • Includes bug fix for issue with authenticated proxies (actions/toolkit#1798)

Full Changelog: actions/attest-build-provenance@v1.4.1...v1.4.2

v1.4.1

What's Changed

• Update predicate action to 1.1.2 by @​bdehamer in actions/attest-build-provenance#197
  • Dynamic construction of oidc issuer by @​bdehamer in actions/attest-build-provenance#195

Full Changelog: actions/attest-build-provenance@v1.4.0...v1.4.1

v1.4.0

What's Changed

• Bump predicate action from 1.1.0 to 1.1.1 by @​bdehamer in actions/attest-build-provenance#182
  • Fix for JWKS proxy bug
• Bump actions/attest from 1.3.3 to 1.4.0 by @​bdehamer in actions/attest-build-provenance#183

... (truncated)

Commits

• 619dbb2 bump actions/attest to v2.0.0 (#321)
• 90d4930 Bump the npm-development group with 3 updates (#329)
• fb315c1 Bump the npm-development group with 5 updates (#323)
• a379071 Bump cross-spawn from 7.0.3 to 7.0.6 (#319)
• dada0c3 Bump the npm-development group across 1 directory with 5 updates (#317)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
caravan-kidstec	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 5, 2024 2:46am

[github-actions]

Overview

Image reference	marukome0743/caravan-kidstec:canary	marukome0743/caravan-kidstec:pr-1151
- digest	045109dea5c8	02a34dbb5d20
- tag	canary	pr-1151
- provenance	66de05b	0bec45b
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	124 MB	132 MB (+7.4 MB)
- packages	46	155 (+109)
Base Image	distroless/static-debian12:latest	distroless/static-debian12:latest
- vulnerabilities

Labels (3 changes)

• ± 3 changed
• 5 unchanged

-org.opencontainers.image.created=2024-12-04T06:49:36.931Z
+org.opencontainers.image.created=2024-12-05T02:45:02.112Z
 org.opencontainers.image.description=Multi-experience program to learn programming with nature🌄
 org.opencontainers.image.licenses=Apache-2.0
-org.opencontainers.image.revision=66de05bca26aab71194921bb25794353f7232a05
+org.opencontainers.image.revision=0bec45be148d54f8fb297f68bfa863c3aeb0be33
 org.opencontainers.image.source=https://github.com/OpenUp-LabTakizawa/caravan-kidstec
 org.opencontainers.image.title=caravan-kidstec
 org.opencontainers.image.url=https://github.com/OpenUp-LabTakizawa/caravan-kidstec
-org.opencontainers.image.version=canary
+org.opencontainers.image.version=pr-1151

Packages and Vulnerabilities (115 package changes and 0 vulnerability changes)

• ➕ 107 packages added
• ♾️ 8 packages changed
• 38 packages unchanged

Changes for packages of type deb (3 changes)

	Package	Version marukome0743/caravan-kidstec:canary	Version marukome0743/caravan-kidstec:pr-1151
➕	gcc-12		12.2.0-14
➕	glibc		2.36-9+deb12u9
➕	openssl		3.0.15-1~deb12u1

Changes for packages of type npm (112 changes)

	Package	Version marukome0743/caravan-kidstec:canary	Version marukome0743/caravan-kidstec:pr-1151
➕	@babel/core		UNKNOWN
➕	@hapi/accept		UNKNOWN
➕	@mswjs/interceptors		UNKNOWN
➕	@napi-rs/triples		UNKNOWN
♾️	@next/env	15.0.4-canary.37	15.0.4-canary.41
➕	@next/font		UNKNOWN
➕	@opentelemetry/api		UNKNOWN
➕	@vercel/nft		UNKNOWN
➕	acorn		UNKNOWN
➕	amphtml-validator		UNKNOWN
➕	anser		UNKNOWN
➕	assert		UNKNOWN
➕	async-retry		UNKNOWN
➕	async-sema		UNKNOWN
➕	babel-packages		UNKNOWN
♾️	babel-plugin-react-compiler	0.0.0-experimental-3ab621d-20241203	0.0.0-experimental-37ed2a7-20241204
➕	browserify-zlib		UNKNOWN
➕	browserslist		UNKNOWN
➕	buffer		UNKNOWN
➕	bytes		UNKNOWN
➕	ci-info		UNKNOWN
➕	commander		UNKNOWN
➕	comment-json		UNKNOWN
➕	compression		UNKNOWN
➕	conf		UNKNOWN
➕	constants-browserify		UNKNOWN
➕	content-disposition		UNKNOWN
➕	cookie		UNKNOWN
➕	cross-spawn		UNKNOWN
➕	crypto-browserify		UNKNOWN
➕	css.escape		UNKNOWN
➕	data-uri-to-buffer		UNKNOWN
➕	debug		UNKNOWN
➕	devalue		UNKNOWN
➕	domain-browser		UNKNOWN
➕	edge-runtime		UNKNOWN
➕	events		UNKNOWN
➕	find-up		UNKNOWN
➕	fresh		UNKNOWN
➕	glob		UNKNOWN
➕	gzip-size		UNKNOWN
➕	http-proxy		UNKNOWN
➕	http-proxy-agent		UNKNOWN
➕	https-browserify		UNKNOWN
➕	https-proxy-agent		UNKNOWN
➕	icss-utils		UNKNOWN
➕	ignore-loader		UNKNOWN
➕	image-size		UNKNOWN
➕	is-animated		UNKNOWN
➕	is-docker		UNKNOWN
➕	is-wsl		UNKNOWN
➕	jest-worker		UNKNOWN
➕	json5		UNKNOWN
➕	jsonwebtoken		UNKNOWN
➕	loader-utils		UNKNOWN
➕	lodash.curry		UNKNOWN
➕	lru-cache		UNKNOWN
➕	mini-css-extract-plugin		UNKNOWN
♾️	nanoid	3.3.8	UNKNOWN
➕	native-url		UNKNOWN
➕	neo-async		UNKNOWN
♾️	next	15.0.4-canary.37	15.0.4-canary.41
➕	node-fetch		UNKNOWN
➕	os-browserify		UNKNOWN
➕	p-limit		UNKNOWN
➕	p-queue		UNKNOWN
➕	path-browserify		UNKNOWN
➕	path-to-regexp		UNKNOWN
➕	picomatch		UNKNOWN
➕	platform		UNKNOWN
➕	postcss-flexbugs-fixes		UNKNOWN
➕	postcss-modules-extract-imports		UNKNOWN
➕	postcss-modules-local-by-default		UNKNOWN
➕	postcss-modules-scope		UNKNOWN
➕	postcss-modules-values		UNKNOWN
➕	postcss-preset-env		UNKNOWN
➕	postcss-scss		UNKNOWN
➕	postcss-value-parser		UNKNOWN
➕	process		UNKNOWN
➕	punycode		UNKNOWN
➕	querystring-es3		UNKNOWN
♾️	react	19.0.0-rc-1b1283ad-20241203	19.0.0-rc-de68d2f4-20241204
♾️	react-dom	19.0.0-rc-1b1283ad-20241203	19.0.0-rc-de68d2f4-20241204
♾️	react-is	19.0.0-rc-b01722d5-20241114	19.0.0-rc-de68d2f4-20241204
➕	sass-loader		UNKNOWN
➕	schema-utils		UNKNOWN
♾️	semver	7.6.3	UNKNOWN
➕	send		UNKNOWN
➕	setimmediate		UNKNOWN
➕	shell-quote		UNKNOWN
➕	source-map		UNKNOWN
➕	source-map08		UNKNOWN
➕	stacktrace-parser		UNKNOWN
➕	stream-browserify		UNKNOWN
➕	stream-http		UNKNOWN
➕	string-hash		UNKNOWN
➕	string_decoder		UNKNOWN
➕	strip-ansi		UNKNOWN
➕	superstruct		UNKNOWN
➕	tar		UNKNOWN
➕	text-table		UNKNOWN
➕	timers-browserify		UNKNOWN
➕	tty-browserify		UNKNOWN
➕	unistore		UNKNOWN
➕	util		UNKNOWN
➕	vm-browserify		UNKNOWN
➕	watchpack		UNKNOWN
➕	webpack		UNKNOWN
➕	webpack-sources		UNKNOWN
➕	ws		UNKNOWN
➕	zod		UNKNOWN
➕	zod-validation-error		UNKNOWN

[Marukome0743]