chore(deps): bump the actions group with 4 updates

[dependabot]

Bumps the actions group with 4 updates: sigstore/cosign-installer, google-github-actions/auth, actions/upload-artifact and mikefarah/yq.

Updates sigstore/cosign-installer from 3.3.0 to 3.4.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.4.0

What's Changed

• Use examples that work with multiple tags by @​jkreileder in sigstore/cosign-installer#155
• default cosign install to release v2.2.3 by @​cpanato in sigstore/cosign-installer#156

New Contributors

• @​jkreileder made their first contribution in sigstore/cosign-installer#155

Full Changelog: sigstore/cosign-installer@v3...v3.4.0

Commits

• e1523de default cosign install to release v2.2.3 (#156)
• b18d21a Use examples that work with multiple tags (#155)
• See full diff in compare view

Updates google-github-actions/auth from 2.0.1 to 2.1.1

Release notes

Sourced from google-github-actions/auth's releases.

v2.1.1

What's Changed

• Remove retry logic by @​sethvargo in google-github-actions/auth#389
• Use an OAuth 2.0 access token for Domain-Wide Delegation by @​sethvargo in google-github-actions/auth#388
• Release: v2.1.1 by @​google-github-actions-bot in google-github-actions/auth#390

Full Changelog: google-github-actions/auth@v2...v2.1.1

v2.1.0

What's Changed

• Update deps by @​sethvargo in google-github-actions/auth#384
• Release: v2.1.0 by @​google-github-actions-bot in google-github-actions/auth#385

Full Changelog: google-github-actions/auth@v2...v2.1.0

Commits

• a6e2e39 Release: v2.1.1 (#390)
• b4f4057 Use an OAuth 2.0 access token for Domain-Wide Delegation (#388)
• 39c96a3 Remove retry logic (#389)
• 5a50e58 Release: v2.1.0 (#385)
• aaf2e69 Update deps (#384)
• See full diff in compare view

Updates actions/upload-artifact from 4.2.0 to 4.3.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.1

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in actions/upload-artifact#504
• Add sub-action to merge artifacts by @​robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

Commits

• 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
• f1e993d update artifact license
• 4881bfd updating dist:
• a30777e @​eggyhead
• 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
• 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
• dfa1ab2 fix typo with v3 artifact downloads in migration guide
• d00351b Merge pull request #509 from markmssd/patch-1
• 707f5a7 Update limitation of 10 artifacts upload to 500
• 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
• Additional commits viewable in compare view

Updates mikefarah/yq from 4.40.5 to 4.40.7

Release notes

Sourced from mikefarah/yq's releases.

v4.40.7

• Fix: empty TOML table #1924 - Thanks @​elibroftw
• Fixed "all" error message #1845
• Fixed to_entries[] #1246
• Bumped dependencies

Changelog

Sourced from mikefarah/yq's changelog.

4.41.1 (not released):

• Can now comment in yq expressions! #1919

4.40.7:

• Bumped dependencies

4.40.6:

• Fix: empty TOML table #1924 - Thanks @​elibroftw
• Fixed "all" error message #1845
• Fixed to_entries[]
• Bumped dependencies

4.40.5:

• Fixing seg fault on bad XML #1888
• Fixed handling of --- #1890, #1896
• Bumped dependencies

4.40.4:

• Fixed bug with creating maps with values based off keys #1886, #1889
• Bumped dependencies

4.40.3:

• Fixed JSON output issue with empty arrays #1880

4.40.2:

• Do not panic when StdIn is closed (#1867) Thanks @​aleskandro!
• Fixed issue when update against self #1869
• Fixed multi doc anchor bug #1861
• Fixes doc line separator issue when reading expression file #1860
• Bumped dependencies

4.40.1:

• Added tonumber support (#1664, #71)
• Added kind operator
• Lua output fixes (#1811) - Thanks @​Zash!
• Add support for Lua input (#1810) - Thanks @​Zash!
• Rewrote parsing engine - yq now has its own AST!
• Bumped dependencies

4.35.2:

• Fix various typos #1798
• Fixed number parsing as float bug in JSON #1756
• Fixed string, null concatenation consistency #1712
• Fixed expression parsing issue #1711
• Bumped dependencies

4.35.1:

• Added Lua output support (Thanks @​Zash)!
• Added BSD checksum format (Thanks @​viq)!

... (truncated)

Commits

• bb66c9c Bumping version
• 279d9a6 Bump golang.org/x/net from 0.20.0 to 0.21.0 (#1940)
• 1b17de1 Bump golang from 1.21.6 to 1.22.0 (#1939)
• e190462 Bumping version
• 5513ac8 Empty TOML table is an empty object
• d4e16a4 fix: empty TOML table (#1936)
• 6e21c9f Need to escape single quotes in bash, updated docs #1932
• 2473068 Attempt to use the latest snapcraft build
• 6183350 Bump github.com/goccy/go-yaml from 1.11.2 to 1.11.3 (#1930)
• 33a3bb3 Bump golang from 1.21.5 to 1.21.6 (#1915)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a445167) 40.10% compared to head (e34552f) 40.10%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #833   +/-   ##
=======================================
  Coverage   40.10%   40.10%           
=======================================
  Files         155      155           
  Lines       10044    10044           
=======================================
  Hits         4028     4028           
  Misses       5530     5530           
  Partials      486      486           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

Superseded by #835.