Skip to content

chore(deps): update sigstore/cosign-installer action to v4#252

Merged
hanthor merged 1 commit intomainfrom
renovate/sigstore-cosign-installer-4.x
Apr 2, 2026
Merged

chore(deps): update sigstore/cosign-installer action to v4#252
hanthor merged 1 commit intomainfrom
renovate/sigstore-cosign-installer-4.x

Conversation

@mergeraptor
Copy link
Copy Markdown
Contributor

@mergeraptor mergeraptor bot commented Mar 29, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
sigstore/cosign-installer action major v3.10.1v4.1.1

Release Notes

sigstore/cosign-installer (sigstore/cosign-installer)

v4.1.1

Compare Source

What's Changed

  • chore: update default cosign-release to v3.0.5 in #​223

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

  • Bump cosign to 3.0.5 in #​220
  • fix: add retry to curl downloads for transient network failures in #​210

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

v4.0.0

Compare Source

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#​201)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@dosubot dosubot bot added size:XS This PR changes 0-9 lines, ignoring generated files. dependencies Pull requests that update a dependency file kind/renovate Speeeeeeeeed! Renovate rules go here labels Mar 29, 2026
@mergeraptor mergeraptor bot force-pushed the renovate/sigstore-cosign-installer-4.x branch from 2eeb267 to 0ace427 Compare March 30, 2026 18:24
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Mar 31, 2026
@hanthor hanthor enabled auto-merge March 31, 2026 15:15
@mergeraptor mergeraptor bot force-pushed the renovate/sigstore-cosign-installer-4.x branch from 0ace427 to 2b9a313 Compare April 2, 2026 06:32
@hanthor hanthor added this pull request to the merge queue Apr 2, 2026
Merged via the queue into main with commit ffcb7fc Apr 2, 2026
1 of 2 checks passed
@hanthor hanthor deleted the renovate/sigstore-cosign-installer-4.x branch April 2, 2026 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@castrojo castrojo castrojo approved these changes

@hanthor hanthor hanthor approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file kind/renovate Speeeeeeeeed! Renovate rules go here lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@castrojo @hanthor