Bump the actions group across 1 directory with 2 updates by dependabot[bot] · Pull Request #68 · chainguard-dev/stigs

dependabot · 2026-03-27T02:44:28Z

Bumps the actions group with 2 updates in the / directory: sigstore/cosign-installer and chainguard-dev/actions.

Updates sigstore/cosign-installer from 4.1.0 to 4.1.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.1

What's Changed

chore: update default cosign-release to v3.0.5 in sigstore/cosign-installer#223

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

Commits

cad07c2 chore: update default cosign-release to v3.0.5 (#223)
See full diff in compare view

Updates chainguard-dev/actions from 1.6.8 to 1.6.10

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.10

What's Changed

build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in /melange-build by @dependabot[bot] in chainguard-dev/actions#809

build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in /wolfi-build-pkg by @dependabot[bot] in chainguard-dev/actions#810

build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in /inky-build-pkg by @dependabot[bot] in chainguard-dev/actions#808

build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in /gofmt by @dependabot[bot] in chainguard-dev/actions#806

build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in /goimports by @dependabot[bot] in chainguard-dev/actions#807

build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 by @dependabot[bot] in chainguard-dev/actions#805

build(deps): bump azure/setup-helm from 4.3.1 to 5.0.0 in /setup-monitoring by @dependabot[bot] in chainguard-dev/actions#812

pass through optional job name and create job span id by @joshrwolf in chainguard-dev/actions#811

Full Changelog: chainguard-dev/actions@v1.6.9...v1.6.10

v1.6.9

What's Changed

build(deps): bump chainguard-dev/actions from 1.6.5 to 1.6.6 in /melange-build by @dependabot[bot] in chainguard-dev/actions#795

build(deps): bump chainguard-dev/actions from 1.6.5 to 1.6.6 in /wolfi-build-pkg by @dependabot[bot] in chainguard-dev/actions#796

build(deps): bump chainguard-dev/actions from 1.6.5 to 1.6.6 in /inky-build-pkg by @dependabot[bot] in chainguard-dev/actions#794

build(deps): bump chainguard-dev/actions from 1.6.5 to 1.6.6 in /gofmt by @dependabot[bot] in chainguard-dev/actions#792

build(deps): bump chainguard-dev/actions from 1.6.5 to 1.6.6 by @dependabot[bot] in chainguard-dev/actions#790

build(deps): bump chainguard-dev/actions from 1.6.5 to 1.6.6 in /goimports by @dependabot[bot] in chainguard-dev/actions#793

build(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 by @dependabot[bot] in chainguard-dev/actions#791

build(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 in /setup-argo-workflows by @dependabot[bot] in chainguard-dev/actions#803

build(deps): bump chainguard-dev/actions from 1.6.7 to 1.6.8 in /wolfi-build-pkg by @dependabot[bot] in chainguard-dev/actions#804

build(deps): bump chainguard-dev/actions from 1.6.7 to 1.6.8 in /melange-build by @dependabot[bot] in chainguard-dev/actions#802

build(deps): bump chainguard-dev/actions from 1.6.7 to 1.6.8 in /goimports by @dependabot[bot] in chainguard-dev/actions#800

build(deps): bump chainguard-dev/actions from 1.6.7 to 1.6.8 in /inky-build-pkg by @dependabot[bot] in chainguard-dev/actions#801

build(deps): bump chainguard-dev/actions from 1.6.7 to 1.6.8 by @dependabot[bot] in chainguard-dev/actions#799

Full Changelog: chainguard-dev/actions@v1.6.8...v1.6.9

Commits

c29bd2a pass through optional job name and create job span id (#811)
ab0167c build(deps): bump azure/setup-helm in /setup-monitoring (#812)
f2ad3f9 build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 (#805)
c018288 build(deps): bump chainguard-dev/actions from 1.6.8 to 1.6.9 in /gofmt (#806)
e82f668 build(deps): bump chainguard-dev/actions in /goimports (#807)
dae96ba build(deps): bump chainguard-dev/actions in /inky-build-pkg (#808)
382339c build(deps): bump chainguard-dev/actions in /melange-build (#809)
4c722c5 build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (#810)
d67380d build(deps): bump chainguard-dev/actions from 1.6.7 to 1.6.8 (#799)
5ed47b1 build(deps): bump chainguard-dev/actions in /goimports (#800)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 2 updates in the / directory: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@ba7bc0a...cad07c2) Updates `chainguard-dev/actions` from 1.6.8 to 1.6.10 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Commits](chainguard-dev/actions@7440e20...c29bd2a) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: chainguard-dev/actions dependency-version: 1.6.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 27, 2026

stevebeattie approved these changes Mar 30, 2026

View reviewed changes

stevebeattie merged commit ef13547 into main Mar 30, 2026
6 checks passed

stevebeattie deleted the dependabot/github_actions/actions-b5a1d4280d branch March 30, 2026 22:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 2 updates#68

Bump the actions group across 1 directory with 2 updates#68
stevebeattie merged 1 commit intomainfrom
dependabot/github_actions/actions-b5a1d4280d

dependabot Bot commented on behalf of github Mar 27, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.1.1

What's Changed

v1.6.10

What's Changed

v1.6.9

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Mar 27, 2026 •

edited

Loading