build(deps): bump the github-actions group with 2 updates

[dependabot]

Bumps the github-actions group with 2 updates: sigstore/cosign-installer and actions/dependency-review-action.

Updates sigstore/cosign-installer from 3.1.2 to 3.2.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.2.0

Note: This release comes with a fix for CVE-2023-46737 described in this Github Security Advisory. Please upgrade to this release ASAP

see https://github.com/sigstore/cosign/releases/tag/v2.2.1

What's Changed

• Support the runner context of gitea act by @​josedev-union in sigstore/cosign-installer#147
• bump cosign to v2.2.1 by @​cpanato in sigstore/cosign-installer#148
• test with latest go version by @​bobcallaway in sigstore/cosign-installer#150

New Contributors

• @​josedev-union made their first contribution in sigstore/cosign-installer#147

Full Changelog: sigstore/cosign-installer@v3...v3.2.0

Commits

• 1fc5bd3 test with latest go version (#150)
• 9ce7d60 bump cosign to v2.2.1 (#148)
• 4b014e3 Support the runner context of gitea act (#147)
• 38ab09d Bump actions/checkout from 4.1.0 to 4.1.1 (#145)
• 9c520b9 Bump actions/checkout from 4.0.0 to 4.1.0 (#144)
• ef6a6b3 Bump actions/checkout from 3.6.0 to 4.0.0 (#143)
• See full diff in compare view

Updates actions/dependency-review-action from 3.1.0 to 3.1.2

Release notes

Sourced from actions/dependency-review-action's releases.

3.1.2

What's Changed

• Fix a regression for setups using self-hosted runners behind HTTP proxies:@​febuiles in actions/dependency-review-action#611

Full Changelog: actions/dependency-review-action@v3...v3.1.2

3.1.1

What's Changed

• Update a bunch of dependencies, including major version upgrades for octokit, @actions/github and typescript.

Full Changelog: actions/dependency-review-action@v3.1.0...v3.1.1

Commits

• fde92ac Merge pull request #611 from actions/fix-https-proxy
• a89dd96 adding dist
• 7689183 revert octokit changes
• fc5e2db go back to Node 16 to skip using fetch API
• ded987c Downgrade usage of retries.
• 9f45b24 bumping to 3.1.1
• 559513a Merge pull request #606 from actions/dependabot/npm_and_yarn/actions/github-6...
• 8edc431 Merge branch 'main' into dependabot/npm_and_yarn/actions/github-6.0.0
• 3e8322e Merge pull request #605 from actions/dependabot/npm_and_yarn/yaml-2.3.4
• 5a55885 adding dist
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

Merging #645 (cadcebd) into main (ed5f330) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #645   +/-   ##
=======================================
  Coverage   88.83%   88.83%           
=======================================
  Files          48       48           
  Lines        2409     2409           
=======================================
  Hits         2140     2140           
  Misses        259      259           
  Partials       10       10           

Flag	Coverage Δ
unittests	88.83% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

[favonia]

@dependabot rebase