From 1c1e8ac266fef015a923dda78813108ce870963f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jun 2026 02:18:15 +0000 Subject: [PATCH] chore(deps): bump the actions group across 1 directory with 3 updates Bumps the actions group with 3 updates in the / directory: [taiki-e/install-action](https://github.com/taiki-e/install-action), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action). Updates `taiki-e/install-action` from 2.79.5 to 2.81.1 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/6c1f7cf125e42770ff087ea443901b487cc5471a...e49978b799e49ff429d162b7a30601a569ab6538) Updates `sigstore/cosign-installer` from 3.10.0 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d7543c93d881b35a8faa02e8e3605f69b7a1ce62...6f9f17788090df1f26f669e9d70d6ae9567deba6) Updates `EmbarkStudios/cargo-deny-action` from 2.0.19 to 2.0.20 - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/a531616d8ce3b9177443e48a1159bc945a099823...bb137d7af7e4fb67e5f82a49c4fce4fad40782fe) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.81.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: EmbarkStudios/cargo-deny-action dependency-version: 2.0.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/sbom.yml | 2 +- .github/workflows/security.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3783d32..9ab6197 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,7 +44,7 @@ jobs: - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # post-v2.9.1 - name: Install cargo-llvm-cov - uses: taiki-e/install-action@6c1f7cf125e42770ff087ea443901b487cc5471a # v2.79.5 + uses: taiki-e/install-action@e49978b799e49ff429d162b7a30601a569ab6538 # v2.81.1 with: tool: cargo-llvm-cov diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 50590e9..bb082be 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -82,7 +82,7 @@ jobs: # Scorecard's Signed-Releases check pattern-matches on the # `.sig` extension next to release assets. - name: Install cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Sign SBOMs with cosign (keyless) run: | diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 3fbdc85..0e4b850 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -102,7 +102,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: EmbarkStudios/cargo-deny-action@a531616d8ce3b9177443e48a1159bc945a099823 # post-v2.0.19, pins cargo-deny 0.19.7 + - uses: EmbarkStudios/cargo-deny-action@bb137d7af7e4fb67e5f82a49c4fce4fad40782fe # post-v2.0.19, pins cargo-deny 0.19.7 with: command: check arguments: --all-features