Skip to content

Commit e227d58

Browse files
dependabot[bot]dependabot[bot]
authored
deps: bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#2105)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h2>What's Changed</h2> <p>We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing <code>with: cosign-release</code> and strongly discourage using <code>cosign-release</code> unless you have a specific reason to use an older version of Cosign.</p> <ul> <li>Bump cosign to 3.0.5 in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/220">sigstore/cosign-installer#220</a></li> <li>fix: add retry to curl downloads for transient network failures in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/210">sigstore/cosign-installer#210</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0">https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22"><code>ba7bc0a</code></a> fix: add retry to curl downloads for transient network failures (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/210">#210</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/5a292e1504fdf08d68831aa1d265e92aee5701f9"><code>5a292e1</code></a> Bump cosign to 3.0.5 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/220">#220</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/351ea76151ae2dbbf52374c9dd639f4981de944f"><code>351ea76</code></a> Bump actions/checkout from 6.0.1 to 6.0.2 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/217">#217</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/c17565ff322a3403de48978f18d9ee0cfa7c2cd5"><code>c17565f</code></a> test with go 1.26 too (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/221">#221</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/a6fdd19182ff7fb86ae39a9329ba29eb602cbabb"><code>a6fdd19</code></a> Bump actions/setup-go from 6.1.0 to 6.3.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/218">#218</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/430b6a704fe0c92f1b1261d84376a900f38d90ff"><code>430b6a7</code></a> docs: fix registry from gcr.io to ghcr.io (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/213">#213</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/4d14d7f17e7112af04ea6108fbb4bfc714c00390"><code>4d14d7f</code></a> feat: update to v3.0.3 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/212">#212</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/f14800521ef377428f8fdd1f9ccc6b2f900212ad"><code>f148005</code></a> fix: use env vars for template expansions; show curl errors (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/207">#207</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/c3f2d79008c81762e405a967f8aa7f8c5686c760"><code>c3f2d79</code></a> Bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/208">#208</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/b9a9af4616125e37640447359ca8bd199a502d8d"><code>b9a9af4</code></a> drop tests with go1.24 as it cant build (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/211">#211</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign-installer/compare/faadad0cce49287aee09b3a48701e75088a2c6ad...ba7bc0a3fef59531c69a25acd34668d6d3fe6f22">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=4.0.0&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 56ea463 commit e227d58

File tree

2 files changed

+7
-7
lines changed

2 files changed

+7
-7
lines changed

.github/workflows/release-charts.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
id: install
2929

3030
- name: Install Cosign
31-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
31+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
3232

3333
- name: Log in to registry (Helm for pushing chart, Docker for signing and push signature)
3434
run: |

.github/workflows/release-images.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
- run: go version
3939

4040
- name: Install Cosign
41-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
41+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
4242

4343
- name: Log in to registry
4444
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
@@ -115,7 +115,7 @@ jobs:
115115
path: output/windows_amd64/
116116

117117
- name: Install Cosign
118-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
118+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
119119

120120
- name: Log in to registry
121121
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
@@ -168,7 +168,7 @@ jobs:
168168
- run: go version
169169

170170
- name: Install Cosign
171-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
171+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
172172

173173
- name: Log in to registry
174174
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
@@ -216,7 +216,7 @@ jobs:
216216
- run: go version
217217

218218
- name: Install Cosign
219-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
219+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
220220

221221
- name: Log in to registry
222222
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
@@ -262,7 +262,7 @@ jobs:
262262
- run: go version
263263

264264
- name: Install Cosign
265-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
265+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
266266

267267
- name: Log in to registry
268268
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
@@ -308,7 +308,7 @@ jobs:
308308
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
309309

310310
- name: Install Cosign
311-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
311+
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
312312

313313
- name: Log in to registry
314314
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin

0 commit comments

Comments
 (0)