From 99c61e36ac22013fe63a3c494050a31e588eb729 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jun 2026 14:24:44 +0000 Subject: [PATCH] build(deps): bump sigstore/cosign-installer from 3.6.0 to 4.1.2 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.6.0 to 4.1.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.6.0...v4.1.2) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/release-internal.yml | 2 +- .github/workflows/release-public-interim.yml | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 914a322c..0edcba51 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -184,7 +184,7 @@ jobs: steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v3 with: cosign-release: "v2.4.1" - name: Verify (dry-run) diff --git a/.github/workflows/release-internal.yml b/.github/workflows/release-internal.yml index 20106585..7c9ec45f 100644 --- a/.github/workflows/release-internal.yml +++ b/.github/workflows/release-internal.yml @@ -297,7 +297,7 @@ jobs: # ─── Cosign keyless sign (Sigstore Rekor public ledger) ──── - name: Install cosign - uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.7.0 with: cosign-release: 'v2.4.1' diff --git a/.github/workflows/release-public-interim.yml b/.github/workflows/release-public-interim.yml index 57a255bb..6b5f5faa 100644 --- a/.github/workflows/release-public-interim.yml +++ b/.github/workflows/release-public-interim.yml @@ -228,7 +228,7 @@ jobs: retention-days: 90 - name: Install cosign - uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.7.0 with: cosign-release: 'v2.4.1' @@ -431,7 +431,7 @@ jobs: retention-days: 90 - name: Install cosign - uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.7.0 with: cosign-release: 'v2.4.1' - name: Cosign keyless sign manifests @@ -581,7 +581,7 @@ jobs: retention-days: 90 - name: Install cosign - uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.7.0 with: cosign-release: 'v2.4.1' @@ -721,7 +721,7 @@ jobs: retention-days: 90 - name: Install cosign - uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.7.0 with: cosign-release: 'v2.4.1' @@ -893,7 +893,7 @@ jobs: echo "::notice::SHA256SUMS:"; cat SHA256SUMS - name: Install cosign - uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.7.0 with: cosign-release: 'v2.4.1'