Skip to content

Bump sigstore/cosign-installer from 4.1.1 to 4.1.2#42

Merged
jmcte merged 2 commits into
mainfrom
dependabot/github_actions/sigstore/cosign-installer-4.1.2
Jun 2, 2026
Merged

Bump sigstore/cosign-installer from 4.1.1 to 4.1.2#42
jmcte merged 2 commits into
mainfrom
dependabot/github_actions/sigstore/cosign-installer-4.1.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026
edited by jmcte
Loading

Summary

  • Bumps sigstore/cosign-installer from 4.1.1 to 4.1.2 in .github/workflows/ai-attestation-reusable.yml.
  • Keeps the AI Attestation workflow on the current upstream cosign installer patch release.

Governing Issue

No governing issue is linked; this is a Dependabot dependency maintenance PR.

Validation

  • PR Fast CI already ran on this Dependabot branch; Fast Checks, Validate Secrets, and AI Attestation jobs passed before the PR-description gate failed.
  • The remaining CI failure was isolated to the PR body missing generated template sections.

Bootstrap Governance

  • Changes are scoped to Dependabot's generated dependency update.
  • Contributor or PR guidance changes are not applicable.
  • No real secrets, runtime auth, or machine-local env files are committed.

Merge Automation

  • Auto-merge is not safe to enable from this agent because the PR author is Dependabot; use the fallback merge-readiness policy after required checks pass.

Notes

  • The PR body was updated to satisfy the generated pull request template gate.

@dependabot
Bump sigstore/cosign-installer from 4.1.1 to 4.1.2
4d82cc1 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@v4.1.1...v4.1.2)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 2, 2026
@dependabot dependabot Bot requested review from jmcte and pheidon as code owners June 2, 2026 20:30
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 2, 2026
@jmcte jmcte enabled auto-merge (squash) June 2, 2026 20:44
@jmcte jmcte merged commit 9468afb into main Jun 2, 2026
7 checks passed
@jmcte jmcte deleted the dependabot/github_actions/sigstore/cosign-installer-4.1.2 branch June 2, 2026 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmcte jmcte jmcte approved these changes

@pheidon pheidon Awaiting requested review from pheidon pheidon is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmcte