build(deps): bump sigstore/gh-action-sigstore-python from 3.0.1 to 3.2.0 by dependabot[bot] · Pull Request #3543 · instructlab/instructlab
Bumps sigstore/gh-action-sigstore-python from 3.0.1 to 3.2.0.
Release notes
Sourced from sigstore/gh-action-sigstore-python's releases.
v3.2.0
gh-action-sigstore-pythonaction now manages the used Python version internally, improving reliability.Changed
v3.1.0
gh-action-sigstore-pythonis now compatible with Rekor v2 transparency log (but produced signature bundles still contain Rekor v1 entries by default).Changed
- The action now uses sigstore-python 4.1. All other dependencies are also updated (#220)
Fixed
- Fixed incompatibility with Python 3.14 by upgrading dependencies (#225)
Added
rekor-versionargument was added to control the Rekor transparency log version when signing. The default version in the gh-action-sigstore-python 3.x series will remain 1 (except when usingstaging: true). (#228)
Changelog
Sourced from sigstore/gh-action-sigstore-python's changelog.
Changelog
All notable changes to
gh-action-sigstore-pythonwill be documented in this file.The format is based on Keep a Changelog.
All versions prior to 3.0.0 are untracked.
[Unreleased]
[3.2.0]
gh-action-sigstore-pythonnow manages the used Python version internally, improving reliability.Changed
[3.1.0]
gh-action-sigstore-pythonis now compatible with Rekor v2 transparency log (but produced signature bundles still contain Rekor v1 entries by default).Changed
- The action now uses sigstore-python 4.1. All other dependencies are also updated (#220)
Fixed
- Fixed incompatibility with Python 3.14 by upgrading dependencies (#225)
Added
rekor-versionargument was added to control the Rekor transparency log version when signing. The default version in the gh-action-sigstore-python 3.x series will remain 1 (except when usingstaging: true). (#228)[3.0.1]
Changed
- The minimum Python version supported by this action is now 3.9 (#155)
... (truncated)
Commits
a5caf34build(deps): bump actions/checkout in the actions group (#265)7b8cfcbbuild(deps): bump the actions group with 2 updates (#264)270f433build(deps-dev): bump ruff in the python-dependencies group (#263)034c8bfbuild(deps): bump actions/setup-python in the actions group (#260)5483fa8Fix .python-version lookup (#258)f962baabuild(deps): bump github/codeql-action in the actions group (#259)225a312build(deps): bump astral-sh/setup-uv in the actions group (#253)b7c02b3build(deps): bump actions/checkout in the actions group (#251)52bad44build(deps-dev): bump ruff in the python-dependencies group (#252)68eceeabuild(deps): bump certifi in the python-dependencies group (#250)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)