dependabot[bot] 534f5d5b53 build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4717) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.10.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <h2>What's Changed?</h2> <p><strong>Note:</strong> You must upgrade to cosign-installer v4 if you want to install <a href="https://blog.sigstore.dev/cosign-3-0-available/">Cosign v3+</a>. You may still install Cosign v2.x with cosign-installer v4.</p> <p>In version v3+, using <code>cosign sign-blob</code> requires adding the <code>--bundle</code> flag which may require you to update your signing command.</p> <ul> <li>Add support for Cosign v3 releases (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/201">#201</a>)</li> </ul> <h2>v3.10.1</h2> <h2>What's Changed?</h2> <p><strong>Note:</strong> cosign-installer v3.x cannot be used to install <a href="https://blog.sigstore.dev/cosign-3-0-available/">Cosign v3.x</a>. You must upgrade to cosign-installer v4 in order to use Cosign v3.</p> <p><strong>Note:</strong> This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to <a href="https://blog.sigstore.dev/cosign-3-0-available/">Cosign v3</a>.</p> <ul> <li>Bump default Cosign to v2.6.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/203">#203</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="faadad0cce"><code>faadad0</code></a> add support for cosign v3 releases (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/201">#201</a>)</li> <li>See full diff in <a href="d7543c93d8...faadad0cce">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2025-10-21 13:39:31 +01:00
..
ai_pr_title_review.yml	build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#4538)	2025-09-28 21:22:40 +01:00
auto-labelerV2.yml	ci: restrict workflow to main branch PRs (#4677)	2025-10-16 22:39:07 +01:00
build.yml	build(deps): bump gradle/actions from 4.4.4 to 5.0.0 (#4605)	2025-10-06 10:47:14 +01:00
check_properties.yml	ci: restrict workflow to main branch PRs (#4677)	2025-10-16 22:39:07 +01:00
codeql.yml-disabled	Bump: Harden Runner from v2.10.2 to v2.10.3 (#2686)	2025-01-13 22:26:05 +00:00
dependency-review.yml	build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#4538)	2025-09-28 21:22:40 +01:00
licenses-update.yml	build(deps): bump gradle/actions from 4.4.4 to 5.0.0 (#4605)	2025-10-06 10:47:14 +01:00
manage-label.yml	build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#4538)	2025-09-28 21:22:40 +01:00
multiOSReleases.yml	build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4717)	2025-10-21 13:39:31 +01:00
PR-Demo-cleanup.yml	build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#4538)	2025-09-28 21:22:40 +01:00
PR-Demo-Comment-with-react.yml	build(deps): bump docker/login-action from 3.5.0 to 3.6.0 (#4552)	2025-09-30 11:38:24 +01:00
pre_commit.yml	fix(ci): 🛡️ mitigate CVE-2025-8869 by enforcing wheels-only pip installs and upgrading pinned dependencies (#4598)	2025-10-04 12:50:37 +01:00
push-docker.yml	build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4717)	2025-10-21 13:39:31 +01:00
releaseArtifacts.yml	build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4717)	2025-10-21 13:39:31 +01:00
scorecards.yml	build(deps): bump github/codeql-action from 3.30.6 to 4.30.9 (#4718)	2025-10-21 12:20:26 +01:00
sonarqube.yml	build(deps): bump gradle/actions from 4.4.4 to 5.0.0 (#4605)	2025-10-06 10:47:14 +01:00
stale.yml	build(deps): bump actions/stale from 10.0.0 to 10.1.0 (#4603)	2025-10-06 10:47:53 +01:00
swagger.yml	build(deps): bump gradle/actions from 4.4.4 to 5.0.0 (#4605)	2025-10-06 10:47:14 +01:00
sync_files.yml	fix(ci): 🛡️ mitigate CVE-2025-8869 by enforcing wheels-only pip installs and upgrading pinned dependencies (#4598)	2025-10-04 12:50:37 +01:00
testdriver.yml	build(deps): bump gradle/actions from 4.4.4 to 5.0.0 (#4605)	2025-10-06 10:47:14 +01:00