From ab014c95905fd42f152315b50995f345f252fddc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 13:13:58 +0000 Subject: [PATCH] ci(deps): bump firestoned/github-actions/security/cosign-sign Bumps [firestoned/github-actions/security/cosign-sign](https://github.com/firestoned/github-actions) from 1.3.6 to 1.3.7. - [Release notes](https://github.com/firestoned/github-actions/releases) - [Changelog](https://github.com/firestoned/github-actions/blob/main/CHANGELOG.md) - [Commits](https://github.com/firestoned/github-actions/compare/53b483254bc648903c364ee3c73a546d0936a91e...d0d51c638a90bffc2a1567fe7af112b37fe8854c) --- updated-dependencies: - dependency-name: firestoned/github-actions/security/cosign-sign dependency-version: 1.3.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e5864f1..ad49539 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1207,7 +1207,7 @@ jobs: ls -lh ${{ matrix.platform.artifact_name }}.tar.gz - name: Sign binary tarball with Cosign - uses: firestoned/github-actions/security/cosign-sign@53b483254bc648903c364ee3c73a546d0936a91e # v1.3.6 + uses: firestoned/github-actions/security/cosign-sign@d0d51c638a90bffc2a1567fe7af112b37fe8854c # v1.3.7 with: artifact-path: artifacts/${{ matrix.platform.artifact_name }}/${{ matrix.platform.artifact_name }}.tar.gz