Skip to content

chore(deps): Bump chainguard-dev/cosign from 0.4.5 to 0.4.7#348

Merged
cpanato merged 1 commit into
mainfrom
dependabot/terraform/chainguard-dev/cosign-0.4.7
Jun 15, 2026
Merged

chore(deps): Bump chainguard-dev/cosign from 0.4.5 to 0.4.7#348
cpanato merged 1 commit into
mainfrom
dependabot/terraform/chainguard-dev/cosign-0.4.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps chainguard-dev/cosign from 0.4.5 to 0.4.7.

Release notes

Sourced from chainguard-dev/cosign's releases.

Release v0.4.7

Changelog

  • 5cb9b6285832ec594e7fcd77bfa1d23573d9b591 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#556)
  • 5a121970fa5258236ed509bbf11e3f44f45db0e2 chore(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#557)
  • cf443ab4bfded1b8e9077c24f7090224bacb73f7 chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#558)
  • 8e6827810792f7a8aedd298ebd774a9bf18a3f83 Support verbatim subject descriptors when writing bundle referrers (#562)
  • dbd922638df6594f7dc51977dc3eeef57415c603 Add opt-in Rekor v2 support for bundle signing (#561)
  • 89b54c5445ba48162400a7fac3f98e6b6004f490 chore(deps): bump github.com/go-openapi/strfmt from 0.26.2 to 0.26.3 (#535)
  • 64e22f35d85304e30dc5d317a9dee6d2d9828788 chore(deps): bump github.com/go-openapi/runtime from 0.29.4 to 0.32.2 (#552)
  • d8146d9065c602e10b1d8b416d37033912ca00ef chore(deps): bump github.com/google/go-containerregistry from 0.21.5 to 0.21.6 (#553)
  • e76406d3da017c9d8296b7a65aa4ee9e83a3d27c chore(deps): bump step-security/harden-runner from 2.19.1 to 2.19.3 (#545)
  • 857551b0f859ad7e19ac069bf226a674d6684259 chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#550)
  • 5e4212e9bf322c134ca807eadf0a0a9d45c29620 chore(deps): bump hashicorp/setup-terraform from 4.0.0 to 4.0.1 (#542)
  • 8a7a6411070daa9f94b20020a884ed5847467afc chore(deps): bump step-security/workflow-conclusion-action from 3.0.9 to 3.0.10 (#544)
  • 83a1467237458295b6754c34a2f4a2b3217e861e chore(deps): bump github.com/chainguard-dev/terraform-provider-oci from 0.1.5 to 0.1.6 (#549)
  • fc689e7815b958265b106a991b4253c0c1ef539e chore(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#551)
  • 428342bb6d48f6a139c956745516f1a52c0651f2 chore(deps): bump github.com/sigstore/rekor from 1.5.1 to 1.5.2 (#554)

Release v0.4.6

Changelog

  • 93e3ca875a42da554c4da27878b0fabc3c62d914 Add functional options to BundleSigner (#548)
Commits
  • 5cb9b62 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#556)
  • 5a12197 chore(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#557)
  • cf443ab chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#558)
  • 8e68278 Support verbatim subject descriptors when writing bundle referrers (#562)
  • dbd9226 Add opt-in Rekor v2 support for bundle signing (#561)
  • 89b54c5 chore(deps): bump github.com/go-openapi/strfmt from 0.26.2 to 0.26.3 (#535)
  • 64e22f3 chore(deps): bump github.com/go-openapi/runtime from 0.29.4 to 0.32.2 (#552)
  • d8146d9 chore(deps): bump github.com/google/go-containerregistry from 0.21.5 to 0.21....
  • e76406d chore(deps): bump step-security/harden-runner from 2.19.1 to 2.19.3 (#545)
  • 857551b chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#550)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Bump chainguard-dev/cosign from 0.4.5 to 0.4.7
3642434 
Bumps [chainguard-dev/cosign](https://github.com/chainguard-dev/terraform-provider-cosign) from 0.4.5 to 0.4.7.
- [Release notes](https://github.com/chainguard-dev/terraform-provider-cosign/releases)
- [Commits](chainguard-dev/terraform-provider-cosign@v0.4.5...v0.4.7)

---
updated-dependencies:
- dependency-name: chainguard-dev/cosign
  dependency-version: 0.4.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@cpanato cpanato merged commit 64b6733 into main Jun 15, 2026
11 checks passed
@cpanato cpanato deleted the dependabot/terraform/chainguard-dev/cosign-0.4.7 branch June 15, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpanato cpanato cpanato approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cpanato