build(deps): bump the ci group across 1 directory with 2 updates

Bumps the ci group with 2 updates in the / directory: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.7.0...v3.8.1) Updates `slsa-framework/slsa-github-generator` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
2025-03-23 07:19:45 +00:00 · 2025-03-23 07:19:45 +00:00 · 633f639383
parent d03cc73386
commit 633f639383
2 changed files with 3 additions and 3 deletions
--- a/.github/workflows/push-ld.yml
+++ b/.github/workflows/push-ld.yml
@ -17,7 +17,7 @@ jobs:
      packages: write
    steps:
      - uses: actions/checkout@v4
-      - uses: sigstore/cosign-installer@v3.7.0
+      - uses: sigstore/cosign-installer@v3.8.1
      - name: Prepare
        id: prep
        run: |
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -33,7 +33,7 @@ jobs:
        with:
          go-version: 1.24.x
      - uses: fluxcd/flux2/action@main
-      - uses: sigstore/cosign-installer@v3.7.0
+      - uses: sigstore/cosign-installer@v3.8.1
      - name: Prepare
        id: prep
        run: |
@ -146,7 +146,7 @@ jobs:
      actions: read # for detecting the Github Actions environment.
      id-token: write # for creating OIDC tokens for signing.
      contents: write # for uploading attestations to GitHub releases.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
    with:
      provenance-name: "provenance.intoto.jsonl"
      base64-subjects: "${{ needs.release-flagger.outputs.hashes }}"