From 11f6034ae5f9e76688aebeff7c8c5a145fa88687 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 01:33:28 +0000 Subject: [PATCH] chore(deps): bump the actions group with 2 updates Bumps the actions group with 2 updates: [taiki-e/install-action](https://github.com/taiki-e/install-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `taiki-e/install-action` from 2.79.5 to 2.79.7 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/6c1f7cf125e42770ff087ea443901b487cc5471a...d9be7d8cda89035c9c843f78bd44d4f72d8403d4) Updates `sigstore/cosign-installer` from 3.10.0 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d7543c93d881b35a8faa02e8e3605f69b7a1ce62...6f9f17788090df1f26f669e9d70d6ae9567deba6) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.79.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/sbom.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3783d32..deee674 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,7 +44,7 @@ jobs: - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # post-v2.9.1 - name: Install cargo-llvm-cov - uses: taiki-e/install-action@6c1f7cf125e42770ff087ea443901b487cc5471a # v2.79.5 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: cargo-llvm-cov diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 50590e9..bb082be 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -82,7 +82,7 @@ jobs: # Scorecard's Signed-Releases check pattern-matches on the # `.sig` extension next to release assets. - name: Install cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Sign SBOMs with cosign (keyless) run: |