[PR #129] [MERGED] 🌱 Bump sigstore/cosign-installer from 3.8.1 to 3.9.1 #127

New issue

Closed

opened 2026-03-03 16:28:23 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 16:28:23 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/natrontech/pbs-exporter/pull/129
Author: @dependabot[bot]
Created: 6/23/2025
Status: ✅ Merged
Merged: 7/14/2025
Merged by: @nicololuescher

Base: main ← Head: dependabot/github_actions/sigstore/cosign-installer-3.9.1

---

📝 Commits (1)

• 610562e 🌱 Bump sigstore/cosign-installer from 3.8.1 to 3.9.1

📊 Changes

2 files changed (+4 additions, -4 deletions)

View changed files

📝 .github/workflows/release-verification.yml (+1 -1)
📝 .github/workflows/release.yml (+3 -3)

📄 Description

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps sigstore/cosign-installer from 3.8.1 to 3.9.1.

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.9.1

What's Changed

• default action install to use release v2.5.1 by @​cpanato in sigstore/cosign-installer#193
• default cosign to v2.5.2 by @​cpanato in sigstore/cosign-installer#194

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1

v3.9.0

What's Changed

• Bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in sigstore/cosign-installer#189
• bump cosign install to use release v2.5.0 as default by @​cpanato in sigstore/cosign-installer#191

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0

v3.8.2

What's Changed

• install cosign v2 from main in sigstore/cosign-installer#186

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2

Commits

• 398d4b0 default cosign to v2.5.2 (#194)
• 84f54a2 default action install to use release v2.5.1 (#193)
• fb28c2b bump cosign install to use release v2.5.0 as default (#191)
• e9a05e6 Bump actions/setup-go from 5.4.0 to 5.5.0 (#189)
• 3454372 install cosign v2 from main (#186)
• b6ee8f8 Bump actions/setup-go from 5.3.0 to 5.4.0 (#185)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/natrontech/pbs-exporter/pull/129 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/23/2025 **Status:** ✅ Merged **Merged:** 7/14/2025 **Merged by:** [@nicololuescher](https://github.com/nicololuescher) **Base:** `main` ← **Head:** `dependabot/github_actions/sigstore/cosign-installer-3.9.1` --- ### 📝 Commits (1) - [`610562e`](https://github.com/natrontech/pbs-exporter/commit/610562e61491d939b750c9f46125981bf04d2d3e) :seedling: Bump sigstore/cosign-installer from 3.8.1 to 3.9.1 ### 📊 Changes **2 files changed** (+4 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/release-verification.yml` (+1 -1) 📝 `.github/workflows/release.yml` (+3 -3) </details> ### 📄 Description [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.8.1 to 3.9.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.9.1</h2> <h2>What's Changed</h2> <ul> <li>default action install to use release v2.5.1 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/193">sigstore/cosign-installer#193</a></li> <li>default cosign to v2.5.2 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/194">sigstore/cosign-installer#194</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1">https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1</a></p> <h2>v3.9.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/setup-go from 5.4.0 to 5.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/189">sigstore/cosign-installer#189</a></li> <li>bump cosign install to use release v2.5.0 as default by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/191">sigstore/cosign-installer#191</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0">https://github.com/sigstore/cosign-installer/compare/v3...v3.9.0</a></p> <h2>v3.8.2</h2> <h2>What's Changed</h2> <ul> <li>install cosign v2 from main in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/186">sigstore/cosign-installer#186</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2">https://github.com/sigstore/cosign-installer/compare/v3...v3.8.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/398d4b0eeef1380460a10c8013a76f728fb906ac"><code>398d4b0</code></a> default cosign to v2.5.2 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/194">#194</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/84f54a2bcd1ecf70e51a05388183dce4e1487230"><code>84f54a2</code></a> default action install to use release v2.5.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/193">#193</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3"><code>fb28c2b</code></a> bump cosign install to use release v2.5.0 as default (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/191">#191</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/e9a05e6d32d7ed22b5656cd874ef31af58d05bfa"><code>e9a05e6</code></a> Bump actions/setup-go from 5.4.0 to 5.5.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/189">#189</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/3454372f43399081ed03b604cb2d021dabca52bb"><code>3454372</code></a> install cosign v2 from main (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/186">#186</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/b6ee8f83b9a8b8ef7f46b5a8ff326f488b386693"><code>b6ee8f8</code></a> Bump actions/setup-go from 5.3.0 to 5.4.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/185">#185</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a...398d4b0eeef1380460a10c8013a76f728fb906ac">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 16:28:23 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/github-actions-6b600656ea

v0.9.0

v0.8.0

v0.7.1

v0.7.0

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.5.0-rc.0

0.4.0

0.3.0

0.2.0

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

0.0.1

Labels

Clear labels   

dependencies

  

enhancement

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

security

No labels

dependencies

enhancement

enhancement

pull-request

question

security

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/pbs-exporter#127

No description provided.