From 1d6c2dcc80e696d64f282289cd628e741a5205a8 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Tue, 27 Jan 2026 17:08:53 +0000
Subject: [PATCH] fix: packages/attest/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UNDICI-14943963
---
 packages/attest/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/attest/package.json b/packages/attest/package.json
index cf8e32af50..d0d1e21e4f 100644
--- a/packages/attest/package.json
+++ b/packages/attest/package.json
@@ -43,8 +43,8 @@
   },
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@actions/github": "^6.0.0",
-    "@actions/http-client": "^2.2.1",
+    "@actions/github": "^7.0.0",
+    "@actions/http-client": "^3.0.2",
     "@octokit/plugin-retry": "^6.0.1",
     "@sigstore/bundle": "^2.3.2",
     "@sigstore/sign": "^2.3.2",