Skip to content

ci(deps)(deps): bump sigstore/cosign-installer from 3.9.1 to 4.1.2#151

Merged
eightynine01 merged 1 commit into
mainfrom
dependabot/github_actions/main/sigstore/cosign-installer-4.1.2
May 21, 2026
Merged

ci(deps)(deps): bump sigstore/cosign-installer from 3.9.1 to 4.1.2#151
eightynine01 merged 1 commit into
mainfrom
dependabot/github_actions/main/sigstore/cosign-installer-4.1.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps sigstore/cosign-installer from 3.9.1 to 4.1.2.

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.2

What's Changed

v4.1.1

What's Changed

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Dependency updates github-actions GitHub Actions workflow / dependency changes labels May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/main/sigstore/cosign-installer-4.1.2 branch from 49b8440 to ffa1ab9 Compare May 19, 2026 13:21
@dependabot
ci(deps)(deps): bump sigstore/cosign-installer from 3.9.1 to 4.1.2
2f22b32 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.1 to 4.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@398d4b0...6f9f177)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/main/sigstore/cosign-installer-4.1.2 branch from ffa1ab9 to 2f22b32 Compare May 21, 2026 04:44
@eightynine01 eightynine01 merged commit 85d883b into main May 21, 2026
9 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Dependency updates github-actions GitHub Actions workflow / dependency changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants