diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c7fe9c6..73916b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -49,7 +49,7 @@ jobs: id-token: write # required for PyPI trusted publishing + attestations (OIDC) attestations: write # required to upload sigstore attestations steps: - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist path: dist/ @@ -70,7 +70,7 @@ jobs: with: fetch-depth: 0 # full history so we can extract the tag's CHANGELOG section - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist path: dist/