Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.7.0

See the CHANGELOG for details.

v1.7.0-rc.1

See the CHANGELOG for details.

v1.7.0-rc.0

See the CHANGELOG for details.

This is UNFINALIZED.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

1.7.0

This release includes the first beta release of the Container-based builder. The Container-based builder provides a GitHub Actions reusable workflow that can be used to invoke a container image with a user-specified command to generate an artifact and SLSA Build L3 compliant provenance.

1.7.0: Go builder

• Added: A new go-version-file input was added. This allows you to specify a go.mod file in order to track which version of Go is used for your project.

Commits

• e55b76c chore: update documentation and references to v1.7.0 (#2239)
• 2c15ebe chore: update version references to v1.7.0-rc.1 (#2232)
• 1afe15e fix: remove verify-token schedule presubmit (#2231)
• 796d1f6 docs: Update CHANGELOG for v1.7.0 (#2196)
• e9db5e5 chore: remove RC version references for v1.7.0-rc.0 (#2228)
• 921bfa1 chore: release candidate v1.7.0-rc.0 (#2219)
• 87a3074 fix: version comments for GHA references (#2205)
• 0f7720d fix: verify-token daily runs (#2213)
• 0a4b841 chore(deps): update dependency eslint to v8.42.0 (#2214)
• 2bec132 fix: fix jq script syntax (#2211)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)