Bump the all-deps group with 2 updates

[dependabot]

Bumps the all-deps group with 2 updates: aws-actions/amazon-ecr-login and sigstore/cosign-installer.

Updates aws-actions/amazon-ecr-login from 2.0.1 to 2.0.2

Release notes

Sourced from aws-actions/amazon-ecr-login's releases.

v2.0.2

See the changelog for details about the changes included in this release.

Changelog

Sourced from aws-actions/amazon-ecr-login's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.0.2 (2026-03-13)

Bug Fixes

• Upgrade import syntax to ES Modules (#889) (0edf37c)

2.0.1 (2023-10-02)

2.0.0 (2023-10-02)

⚠ BREAKING CHANGES

• The default value of the 'mask-password' input has been updated from false to true.

• Treat maskPassword as false only if explicitly set to false

• Add new-v2-release to README

Features

• release v2 (#520) (d71acaf)

1.7.0 (2023-08-09)

Features

• provide input to optionally mask output docker password (#491) (98f33d2)

1.6.2 (2023-06-26)

Bug Fixes

• fix and upgrade https proxy agent (a3dee4b)

1.6.1 (2023-06-20)

Bug Fixes

• build issue in release (402e69a)
• update deps (1b9c8c1)

... (truncated)

Commits

• c962da2 chore(release): 2.0.2
• 86a23f4 update actions/checkout from v3 to v4 (#741)
• f6d4d26 chore: Update dist (#908)
• e03eabc ci: Remove status check requirements for packaging PRs (#909)
• 4a09aec ci: Use PR workflow for packaging instead of direct push (#906)
• 345848b chore(deps-dev): bump eslint from 8.57.0 to 9.39.2 (#863)
• 1ef4d97 chore(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#825)
• e9b2629 chore(deps): bump @​aws-sdk/client-ecr from 3.830.0 to 3.982.0 (#881)
• d22da46 chore(deps): bump @​actions/exec from 1.1.1 to 3.0.0 (#882)
• bad694f chore(deps): bump minimatch (#896)
• Additional commits viewable in compare view

Updates sigstore/cosign-installer from 4.0.0 to 4.1.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

• Bump cosign to 3.0.5 in sigstore/cosign-installer#220
• fix: add retry to curl downloads for transient network failures in sigstore/cosign-installer#210

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

Commits

• ba7bc0a fix: add retry to curl downloads for transient network failures (#210)
• 5a292e1 Bump cosign to 3.0.5 (#220)
• 351ea76 Bump actions/checkout from 6.0.1 to 6.0.2 (#217)
• c17565f test with go 1.26 too (#221)
• a6fdd19 Bump actions/setup-go from 6.1.0 to 6.3.0 (#218)
• 430b6a7 docs: fix registry from gcr.io to ghcr.io (#213)
• 4d14d7f feat: update to v3.0.3 (#212)
• f148005 fix: use env vars for template expansions; show curl errors (#207)
• c3f2d79 Bump actions/checkout from 6.0.0 to 6.0.1 (#208)
• b9a9af4 drop tests with go1.24 as it cant build (#211)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions