Skip to content

Bump sigstore/cosign-installer from 3.5.0 to 4.1.1#599

Merged
komish merged 1 commit into
mainfrom
dependabot/github_actions/sigstore/cosign-installer-4.1.1
Apr 30, 2026
Merged

Bump sigstore/cosign-installer from 3.5.0 to 4.1.1#599
komish merged 1 commit into
mainfrom
dependabot/github_actions/sigstore/cosign-installer-4.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026

Copy link
Copy Markdown
Contributor

Bumps sigstore/cosign-installer from 3.5.0 to 4.1.1.

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.1

What's Changed

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 30, 2026
@github-actions

Copy link
Copy Markdown

Thanks for your pull request!

A maintainer will review this pull request and trigger functional testing by adding the ok-to-test label.

This comment was auto-generated by GitHub Actions.

@komish komish added the ok-to-test Used after code review to run E2E/integration tests. label Apr 30, 2026
@komish

komish commented Apr 30, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.5.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@59acb62...cad07c2)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/sigstore/cosign-installer-4.1.1 branch from f85a1f8 to 1d45d9b Compare April 30, 2026 19:18
@github-actions github-actions Bot removed the ok-to-test Used after code review to run E2E/integration tests. label Apr 30, 2026
@komish komish added the ok-to-test Used after code review to run E2E/integration tests. label Apr 30, 2026

@komish komish left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@komish komish merged commit c6d9b06 into main Apr 30, 2026
16 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/sigstore/cosign-installer-4.1.1 branch April 30, 2026 19:39
@github-actions github-actions Bot removed the ok-to-test Used after code review to run E2E/integration tests. label Apr 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant