Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#4413)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.2 to 3.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <p>see <a href="https://github.com/sigstore/cosign/releases/tag/v2.2.1">https://github.com/sigstore/cosign/releases/tag/v2.2.1</a></p> <h2>What's Changed</h2> <ul> <li>Support the runner context of gitea act by <a href="https://github.com/josedev-union"><code>@josedev-union</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/147">sigstore/cosign-installer#147</a></li> <li>bump cosign to v2.2.1 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/148">sigstore/cosign-installer#148</a></li> <li>test with latest go version by <a href="https://github.com/bobcallaway"><code>@bobcallaway</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/150">sigstore/cosign-installer#150</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/josedev-union"><code>@josedev-union</code></a> made their first contribution in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/147">sigstore/cosign-installer#147</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3...v3.2.0">https://github.com/sigstore/cosign-installer/compare/v3...v3.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/1fc5bd396d372bee37d608f955b336615edf79c8"><code>1fc5bd3</code></a> test with latest go version (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/150">#150</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/9ce7d6069f6cc8602334e2faff6ca640a649e6f1"><code>9ce7d60</code></a> bump cosign to v2.2.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/148">#148</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/4b014e3cf19eef7b0be66ede0b1eafe5534db38d"><code>4b014e3</code></a> Support the runner context of gitea act (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/147">#147</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/38ab09d8bfc57c5240fe014ad3ec50c4904219a1"><code>38ab09d</code></a> Bump actions/checkout from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/145">#145</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/9c520b997e685cb69e1ac226f7dce8114e8f36df"><code>9c520b9</code></a> Bump actions/checkout from 4.0.0 to 4.1.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/144">#144</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/ef6a6b364bbad08abd36a5f8af60b595d12702f8"><code>ef6a6b3</code></a> Bump actions/checkout from 3.6.0 to 4.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/143">#143</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
e33d053
commit 926760e