From c40818511004a1a1ed6c8fb5928079e527ef2341 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 May 2026 12:49:40 +0000 Subject: [PATCH] deps(deps): bump sigstore/cosign-installer in the sigstore-actions group Bumps the sigstore-actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/cybersandbox-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cybersandbox-build.yml b/.github/workflows/cybersandbox-build.yml index 4251e82..0e5a9cb 100644 --- a/.github/workflows/cybersandbox-build.yml +++ b/.github/workflows/cybersandbox-build.yml @@ -185,7 +185,7 @@ jobs: - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 # Keyless signing via Fulcio/Rekor: binds the image digest to this # workflow's OIDC identity. Sign by digest so we sign content, not @@ -243,7 +243,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Install cosign - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Resolve image digest id: resolve