Skip to content

Commit

Permalink
chore(deps): update sigstore/cosign-installer action to v3.2.0 (#22)
Browse files Browse the repository at this point in the history 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | minor | `v3.1.2` -> `v3.2.0` |

---

### Release Notes

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.2.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0)

**Note: This release comes with a fix for CVE-2023-46737 described in
this [Github Security
Advisory](https://togithub.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9).
Please upgrade to this release ASAP**

see https://github.com/sigstore/cosign/releases/tag/v2.2.1

##### What's Changed

- Support the runner context of gitea act by
[@&#8203;josedev-union](https://togithub.com/josedev-union) in
[sigstore/cosign-installer#147
- bump cosign to v2.2.1 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/cosign-installer#148
- test with latest go version by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[sigstore/cosign-installer#150

##### New Contributors

- [@&#8203;josedev-union](https://togithub.com/josedev-union) made their
first contribution in
[sigstore/cosign-installer#147

**Full Changelog**:
sigstore/cosign-installer@v3...v3.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 4pm on friday" in timezone
America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/scottames/ublue).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6ImxpdmUifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@renovate
renovate[bot] committed Nov 11, 2023
1 parent 1df5a48 commit 634a351
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Expand Up @@ -181,7 +181,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

# Sign container
- uses: sigstore/cosign-installer@v3.1.2
- uses: sigstore/cosign-installer@v3.2.0
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'

- name: Sign container image
Expand Down

0 comments on commit 634a351

Please sign in to comment.