chore(deps): bump the github-actions group with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates: actions/checkout, docker/login-action, actions/attest-build-provenance and sarisia/actions-status-discord.

Updates actions/checkout from 4.1.4 to 4.1.6

Release notes

Sourced from actions/checkout's releases.

v4.1.6

What's Changed

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732
• Update for 4.1.6 release by @​cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

... (truncated)

Commits

• a5ac7e5 Update for 4.1.6 release (#1733)
• 24ed1a3 Check platform for extension (#1732)
• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• fd084cd Bump github/codeql-action from 2 to 3 (#1694)
• 9c1e94e Update NPM dependencies (#1703)
• See full diff in compare view

Updates docker/login-action from 3.1.0 to 3.2.0

Release notes

Sourced from docker/login-action's releases.

v3.2.0

• Improve missing username/password by @​Frankkkkk in docker/login-action#706
• Bump @​docker/actions-toolkit from 0.18.0 to 0.24.0 in docker/login-action#715 docker/login-action#721
• Bump aws-sdk-dependencies to 3.583.0 in docker/login-action#720
• Bump undici from 5.28.3 to 5.28.4 in docker/login-action#694

Full Changelog: docker/login-action@v3.1.0...v3.2.0

Commits

• 0d4c9c5 Merge pull request #722 from crazy-max/update-readme
• b29e14f add contributing section to README
• 218a70c Merge pull request #721 from docker/dependabot/npm_and_yarn/docker/actions-to...
• b820080 build(deps): bump @​docker/actions-toolkit from 0.23.0 to 0.24.0
• 27530a9 Merge pull request #720 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• d072a60 chore: update generated content
• 7c627b5 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
• 787cfc6 Merge pull request #694 from docker/dependabot/npm_and_yarn/undici-5.28.4
• 8e66e91 chore: update generated content
• 5ba5e97 build(deps): bump undici from 5.28.3 to 5.28.4
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.0.0 to 1.1.2

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.1.2

What's Changed

• Bump actions/attest from 1.1.1 to 1.1.2 by @​bdehamer in actions/attest-build-provenance#79
  • Downcase subject name for OCI images
  • Fix accept header when retrieving image manifest
  • Support variants of the Docker Hub registry name

Full Changelog: actions/attest-build-provenance@v1.1.1...v1.1.2

v1.1.1

What's Changed

• Bump actions/attest from v1.1.0 to v1.1.1 by @​bdehamer in actions/attest-build-provenance#67
  • Bump @​sigstore/sign from 2.3.0 to 2.3.1
  • Bump @​sigstore/oci from 0.3.0 to 0.3.2
  • Include more detail in error logging
  • Send API errors to GHA debug log
  • Fix bug preventing failed API requests from being retried

Full Changelog: actions/attest-build-provenance@v1.1.0...v1.1.1

v1.1.0

What's Changed

• Bump actions/attest to v1.1.0 by @​bdehamer in actions/attest-build-provenance#65
  • adds list support for subjectPath input
  • limit attestation subject count
  • ensure subject globs match only files

Full Changelog: actions/attest-build-provenance@v1.0.0...v1.1.0

Commits

• 173725a bump actions/attest from 1.1.1 to 1.1.2 (#79)
• f0669b9 Bump the npm-development group with 2 updates (#72)
• 951c0c5 update release documentation (#66)
• 33e2a1e bump actions/attest from v1.1.0 to v1.1.1 (#67)
• f8d5ea8 Bump actions/attest to v1.1.0 (#65)
• 799a179 add link to cosign bundle spec to readme (#63)
• 317e606 Bump the npm-development group with 5 updates (#58)
• d811d1b Fix typos in README.md (#61)
• 7208362 fix typo in README.md (#59)
• eab7f69 disable github action linting (#54)
• Additional commits viewable in compare view

Updates sarisia/actions-status-discord from 1.14.1 to 1.14.3

Release notes

Sourced from sarisia/actions-status-discord's releases.

v1.14.3

• This action is now shipped with GitHub's newly-released Artifact Attestations
  • See README for usages

Full Changelog: v1.14.2-src...v1.14.3-src

v.1.14.3-pre.0

No release notes provided.

v1.14.2

What's Changed

• update dependencies

---

• chore(deps): bump the github-actions group with 3 updates by @​dependabot in sarisia/actions-status-discord#538
• chore(deps): bump the nodejs group with 3 updates by @​dependabot in sarisia/actions-status-discord#537

Full Changelog: v1.14.1-src...v1.14.2-src

v1.14.2-pre.0

No release notes provided.

Commits

• 4138d2d Automatic build
• 2ca43fa add artifact attestations guide to readme
• 1dae4b4 generate artifact attestations
• 9e29ab9 chore(deps): bump the nodejs group with 3 updates (#537)
• de3c3ca chore(deps): bump the github-actions group with 3 updates (#538)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions