Skip to content

ci: bump sigstore/cosign-installer from 3.9.1 to 4.1.2#50

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/sigstore/cosign-installer-4.1.2
Open

ci: bump sigstore/cosign-installer from 3.9.1 to 4.1.2#50
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/sigstore/cosign-installer-4.1.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps sigstore/cosign-installer from 3.9.1 to 4.1.2.

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.2

What's Changed

v4.1.1

What's Changed

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/sigstore/cosign-installer-4.1.2 branch 3 times, most recently from 13bf3a4 to 585767c Compare June 19, 2026 20:56
@dependabot
ci: bump sigstore/cosign-installer from 3.9.1 to 4.1.2
605f93f 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.1 to 4.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@398d4b0...6f9f177)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/sigstore/cosign-installer-4.1.2 branch from 585767c to 605f93f Compare June 19, 2026 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants