cli
cli copied to clipboard
dependabot
Missing archive GH artifact attestations
https://github.com/dependabot/cli/attestations has attestations only for executables within archives, even though the intent in the workflow seems to be to provide them for archives, too: https://github.com/dependabot/cli/blob/f12cbee98c99f7557af95e201632c2ec11081cf8/.github/workflows/release.yml#L40-L45
Maybe the archive artifact names in subject-path are not correct?
