Merge 0f153fe35c into a7b6cc6b6b

chore(deps): Bump the actions group with 2 updates
Bumps the actions group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Updates `sigstore/cosign-installer` from 3.9.0 to 3.9.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](fb28c2b633...398d4b0eee) Updates `slsa-framework/slsa-verifier` from 2.7.0 to 2.7.1 - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.7.0...v2.7.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: slsa-framework/slsa-verifier dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
2025-07-14 15:13:07 +07:00 · 2025-06-30 08:18:16 +02:00 · 2025-06-27 18:50:01 +02:00 · 2025-06-23 10:21:35 +02:00
4 changed files with 6 additions and 6 deletions
--- a/.github/workflows/docker-image.yaml
+++ b/.github/workflows/docker-image.yaml
@ -42,7 +42,7 @@ jobs:

      - name: Set up Docker Buildx
        id: Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Login to Docker Hub
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
@ -92,7 +92,7 @@ jobs:

      - name: Install Cosign
        if: ${{ inputs.sign }}
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1

      - name: Sign the images with GitHub OIDC Token
        if: ${{ inputs.sign }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -64,7 +64,7 @@ jobs:
    permissions: read-all
    steps:
      - name: Install the verifier
-        uses: slsa-framework/slsa-verifier/actions/installer@v2.7.0
+        uses: slsa-framework/slsa-verifier/actions/installer@v2.7.1

      - name: Download assets
        env:
--- a/go.mod
+++ b/go.mod
@ -184,7 +184,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.24.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -442,8 +442,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
-github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
+github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
Author	SHA1	Message	Date
Tanner Jones	6d81103b26	Merge `0f153fe35c` into `a7b6cc6b6b`	2025-07-14 15:13:07 +07:00
dependabot[bot]	a7b6cc6b6b	chore(deps): Bump the actions group with 2 updates Bumps the actions group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Updates `sigstore/cosign-installer` from 3.9.0 to 3.9.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`fb28c2b633...398d4b0eee`) Updates `slsa-framework/slsa-verifier` from 2.7.0 to 2.7.1 - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.7.0...v2.7.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: slsa-framework/slsa-verifier dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2025-06-30 08:18:16 +02:00
dependabot[bot]	fd12beb1cd	chore(deps): Bump github.com/go-viper/mapstructure/v2 Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.3.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2025-06-27 18:50:01 +02:00
dependabot[bot]	d3c99d5dfc	chore(deps): Bump the actions group with 2 updates Bumps the actions group with 2 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](`b5ca514318...e468171a9d`) Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`3454372f43...fb28c2b633`) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-version: 3.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2025-06-23 10:21:35 +02:00