chore(deps): bump the dependencies group with 3 updates (#455)

Bumps the dependencies group with 3 updates: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Updates `golangci/golangci-lint-action` from 6.2.0 to 6.3.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@ec5d184...2e78893) Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@dc72c7d...c56c2d3) Updates `slsa-framework/slsa-verifier` from 2.6.0 to 2.7.0 - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](slsa-framework/slsa-verifier@3714a2a...6657aad) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
openfga · Feb 10, 2025 · df9291d · df9291d
1 parent 31ea381
commit df9291d
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -30,7 +30,7 @@ jobs:
         check-latest: true
         go-version: ${{ env.GO_VERSION }}
     - name: golangci-lint
-      uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0
+      uses: golangci/golangci-lint-action@2e788936b09dd82dc280e845628a40d2ba6b204c # v6.3.1
       with:
         version: latest
         args: -v -c .golangci.yaml
@@ -156,7 +156,7 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+      - uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
       - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
 
       - name: Run GoReleaser
@@ -238,7 +238,7 @@ jobs:
     permissions: read-all
     steps:
       - name: Install the verifier
-        uses: slsa-framework/slsa-verifier/actions/installer@3714a2a4684014deb874a0e737dffa0ee02dd647 # pin@v2.6.0
+        uses: slsa-framework/slsa-verifier/actions/installer@6657aada084353c65e5dde35394b1a010289fab0 # pin@v2.7.0
 
       - name: Download assets
         env:
@@ -271,7 +271,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+        uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
 
       - name: Verify image
         env: