Bump sigstore/gh-action-sigstore-python from 3.2.0 to 3.3.0 (#842)

dependabot[bot] · web-flow · commit d3a613965bf8 · 2026-03-27T04:09:47.000Z
Bumps [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) from 3.2.0 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/gh-action-sigstore-python/releases">sigstore/gh-action-sigstore-python's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Dependency updates. Most importantly used sigstore-python is now version 4.2.0</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/gh-action-sigstore-python/compare/v3.2.0...v3.3.0">https://github.com/sigstore/gh-action-sigstore-python/compare/v3.2.0...v3.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md">sigstore/gh-action-sigstore-python's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to <code>gh-action-sigstore-python</code> will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>.</p> <p>All versions prior to 3.0.0 are untracked.</p> <h2>[Unreleased]</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/04cffa1d795717b140764e8b640de88853c92acc"><code>04cffa1</code></a> build(deps): bump requests from 2.32.5 to 2.33.0 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/342">#342</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/69171e8b4fc7e133c709d115b6e2bb3c8e1fbdf8"><code>69171e8</code></a> build(deps): bump charset-normalizer in the python-dependencies group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/340">#340</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/40198d7762a275864eefc3a852954bf4fd99d30c"><code>40198d7</code></a> build(deps): bump github/codeql-action in the actions group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/338">#338</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/ca55bb0ddfa7bac5ff4982347d6463da59bd246f"><code>ca55bb0</code></a> build(deps): bump the python-dependencies group with 2 updates (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/339">#339</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/27361433717379476d1f91e6c136f301fcb925cf"><code>2736143</code></a> build(deps): bump the actions group with 3 updates (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/335">#335</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/9afbb8895e98a49c15b231412e53ac9c78737444"><code>9afbb88</code></a> build(deps): bump pyasn1 from 0.6.2 to 0.6.3 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/337">#337</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/eb907b0de40f85c17550859a1cbfec3ec30ce068"><code>eb907b0</code></a> build(deps): bump pyopenssl from 25.3.0 to 26.0.0 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/334">#334</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/84eaebf1a7f9d6d1be29f95f8ea205c74e5b27ea"><code>84eaebf</code></a> build(deps): bump astral-sh/setup-uv in the actions group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/331">#331</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/57c12bea9d19b9f1c95c6099757b8b2c9e6c0640"><code>57c12be</code></a> build(deps): bump charset-normalizer in the python-dependencies group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/332">#332</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/57918d7825e46199e6b1a6917188570b86723bb6"><code>57918d7</code></a> build(deps): bump pyjwt from 2.11.0 to 2.12.0 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/333">#333</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/gh-action-sigstore-python/compare/v3.2.0...v3.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/gh-action-sigstore-python&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -193,7 +193,7 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
 
     - name: Sign the dists with Sigstore
-      uses: sigstore/gh-action-sigstore-python@v3.2.0
+      uses: sigstore/gh-action-sigstore-python@v3.3.0
       with:
         inputs: >-
           ./dist/*.tar.gz
